So I just got done deploying WSUS on Server 2016 and everything seemed to be going fine.  Got my client side targeting rocking and a rolling, got the automatic update check time interval shortened up (I prefer 12 hours to the 22 hour default), and all the other nonsense.  A few machines report in no problem so I decide to add in all the servers for one of my customers.  And so down the rabbit hole I went.

About two of the ten machines I added would actually report in.  The eight that did not would show up in the MMC console, in the appropriate Computer Group, but would not report their status.  I went to one such client and was faced with this error: Windows Update Client failed to detect with error 0x8024401c.  I went and checked out the log at C:\Windows\SoftwareDistribution\ReportingEvents.txt and found essentially the same thing (see below).

I did some digging around and followed all the troubleshooting steps from Microsoft’s Support Page to no avail.  At long last I stumbled upon this serverfault article.  Granted the client machines I was working with were Server 2016 and the article pertains to Windows 10, but in the end the kernel isn’t all that different so I figured it applied.  As the answer recommended I made the following changes to the IIS App Pool on the WSUS box:

I wasn’t out of the woods yet, it was still only working intermittently; I went from two reporting in successfully to four.  So I started digging around the boxes that were not working and noticed that BITS was set to manual.  I’ve found this is normal on Server 2016 (strangely), but I said “Hey, let’s try getting that running and try reporting in.”  Sure enough that did the trick.  Checked for updates successfully and reported in seconds after running wuauclt /reportnow.

It’s been a couple days since and I’ve added a few hundred client machines with no issues.  Updates are running smooth (knock on wood).