Windows Server Cannot Update Error number: 0x8024D007

try this: http://support.microsoft.com/kb/956701
 

ob1 have tried that one before but with no success

ok - is the administrator account in the Domain Admins group and is the Domain Admins group in the Builtin > Administrators group on the server in AD?

Yes. Administrator in a member of Domain Admins group and domain admins is a member of builtin/Administrators group.

Sounds like you are having a problem with Internet Explorer Enhanced Security.

Here is an example of the problem:
https://www.experts-exchange.com/questions/23351830/Admin-Permission-issue.html

I have copied the update files to the local computer and tried to install them but could not.

I have removed internet explorer enhanced security configuration from Add/Remove programs as well with no luck.

Have you tried this?

http://support.microsoft.com/kb/956701

Method 1: Register the Windows Update files
For Windows XP, Windows 2000 or Windows Server 2003, follow these steps:
Click Start, click Run, type notepad, and then click OK.
Copy the following commands, and then paste them into Notepad:
REGSVR32 WUPS2.DLL /S
REGSVR32 WUPS.DLL /S
REGSVR32 WUAUENG.DLL /S
REGSVR32 WUAPI.DLL /S
REGSVR32 MUCLTUI.DLL /S
REGSVR32 WUCLTUI.DLL /S
REGSVR32 WUWEB.DLL /S
REGSVR32 MUWEB.DLL /S
REGSVR32 QMGR.DLL /S
REGSVR32 QMGRPRXY.DLL /S
In Notepad, on the File menu, click Save As.
In the Save as type list, click All Files (*.*).
In the File name box, type register.bat.
Save the Register.bat file to your desktop.
Double-click the Register.bat file to register the Windows Update files.
Try to install updates again.

ukznmcl,

ob1 first proposed that solution but did not work.

Try adding *.microsoft.com to Trusted Sites in Internet Options > Security (un check the box to require ssl) - restart your browser and try again.

I am thinking you have various versions of software on the machine. So, in that case, you may want to run System File Checker to see if the versions are off. It appears in the microsoft article that the OS is confused as to where it is at in the update process.

To run system file checker:

Go to the command prompt and type:

SFC /scannow

Have your OS install disk handy, It may ask for it.

i guess its something to do with group policy i can update domain controllers in the domain but not member servers.

All member servers have an issue in windows updates.

Check if you have any entries in the group policy
This is probably the group policy for the OU where the servers are located, but check the global group policy also
In the Group Policy Editer you need to check:-
Computer Configuration
    ---- Administrative Templates
           ---- Windows Components
                 ----- Windows Update
                         Check for any settings her, and also :-
User Configuration
     ----- Administrative templates
            ----- Windows Components
                    ---- Windows Update

you need to delete the  entire registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
stop windows update service  and delete the key it will be recreated  when you restart the windows update service again
Regards,
Jose

now if you have the issue on serveral servers you can delete the key using this guide
You can send a .reg file to users in an e-mail message, put a .reg file on a network share and direct users to the network share to run it, or you can add a command to the users' logon scripts to automatically import the .reg file when they log on.
here are the instructions to do the job from Microsoft
http://support.microsoft.com/kb/310516
Regards,