So I just got done deploying WSUS on Server 2016 and everything seemed to be going fine. Got my client side targeting rocking and a rolling, got the automatic update check time interval shortened up (I prefer 12 hours to the 22 hour default), and all the other nonsense. A few machines report in no problem so I decide to add in all the servers for one of my customers. And so down the rabbit hole I went.
About two of the ten machines I added would actually report in. The eight that did not would show up in the MMC console, in the appropriate Computer Group, but would not report their status. I went to one such client and was faced with this error: Windows Update Client failed to detect with error 0x8024401c. I went and checked out the log at C:\Windows\SoftwareDistribution\ReportingEvents.txt and found essentially the same thing (see below).
1 |
148 [AGENT_DETECTION_FAILED] 101 {00000000-0000-0000-0000-000000000000} 0 8024401c UpdateOrchestrator Failure Software Synchronization Windows Update Client failed to detect with error 0x8024401c. |
I did some digging around and followed all the troubleshooting steps from Microsoft’s Support Page to no avail. At long last I stumbled upon this serverfault article. Granted the client machines I was working with were Server 2016 and the article pertains to Windows 10, but in the end the kernel isn’t all that different so I figured it applied. As the answer recommended I made the following changes to the IIS App Pool on the WSUS box:
1 2 3 4 5 6 7 |
Queue Length: 25000 from 10000 Limit Interval (minutes): 15 from 5 "Service Unavailable" Response: TcpLevel from HttpLevel Private Memory Limit (KB): 0 from 18342456 |
I wasn’t out of the woods yet, it was still only working intermittently; I went from two reporting in successfully to four. So I started digging around the boxes that were not working and noticed that BITS was set to manual. I’ve found this is normal on Server 2016 (strangely), but I said “Hey, let’s try getting that running and try reporting in.” Sure enough that did the trick. Checked for updates successfully and reported in seconds after running wuauclt /reportnow.
It’s been a couple days since and I’ve added a few hundred client machines with no issues. Updates are running smooth (knock on wood).