Cannot do Windows Update on any of my Windows Server 2016 machines

I have three Windows Server 2016 virtual machines.  None of them are able to do Windows Update.  They find a list of items to download, but they're just stuck on 'Downloading update 0%'.  It can't be a corruption of repository or catalog because I've just built a VM from stratch and tried it and I get the same thing.  I've tried re-downloading the ISO from MVLS too, in case the ISO was corrupt.

All of our 2008 R2 machines connect to Windows Update no problem - these are in the same subnet, and go through the same proxy server.  Besides, the firewall/proxy reports HTTP 200 when Windows Update is attempted, so the proxy isn't doing anything to the traffic.

Looking at my WindowsUpdate.log file, I see these lines many times in a loop...

2017/11/06 11:55:43.8312332 588   4116  DownloadManager BITS job initialized: JobId = {E949FC9B-4BC2-443E-858F-8F693CE11E0B}
2017/11/06 11:55:43.8436054 588   4116  DownloadManager Downloading from http://download.windowsupdate.com/c/msdownload/update/software/defu/2017/09/nis_engine_1af0e4b80bf4028f8dac56ebf186b392e4e72486.exe to C:\Windows\SoftwareDistribution\Download\f71ddf93ec2d087c819cf75c55ddfda2\1af0e4b80bf4028f8dac56ebf186b392e4e72486 (full file)
2017/11/06 11:55:43.8452605 588   4116  DownloadManager New download job {E949FC9B-4BC2-443E-858F-8F693CE11E0B} for UpdateId F608EDA4-2E84-433A-A8C9-8117411F91A8.200
2017/11/06 11:55:43.8545291 588   4116  DownloadManager Download job E949FC9B-4BC2-443E-858F-8F693CE11E0B resumed.
2017/11/06 11:55:43.8734449 588   4116  DownloadManager Failed to connect to the DO service; (hr = 80040154)
2017/11/06 11:55:43.8734462 588   4116  DownloadManager GetDOManager() failed, hr=80246008, hrExtended=80040154
2017/11/06 11:55:43.8734472 588   4116  DownloadManager Failed creating DO job with hr 80246008
2017/11/06 11:55:43.8772521 588   4116  DownloadManager DO download failed with error 80246008[Extended: 80040154], falling back to BITS and retrying with new Download Job.

We have no WSUS server, and I've also tried setting the REG_DWORD UseWUServer=0 but to no avail.

For one of the servers, I downloaded the latest Cumulative Update from the Microsoft Catalog, but even after installing that, it's still not able to download any of the other update with Windows Updates.

I've tried it whilst logging in as a local user and as a domain user.  I've tried it a domain-joined machine and with non domain-joined.

Any ideas?
Thanks.
meirionwylltSenior Desktop EngineerAsked:
Who is Participating?
 
ITSysTechSenior Systems AdministratorCommented:
For now lets remove that reg you've added and reboot, then put this into a command line with your current proxy server name. Please try this on a test server. Then retry Windows Updates.
netsh winhttp set proxy proxy.mydomain.com:8080
0
 
ITSysTechSenior Systems AdministratorCommented:
For a test could you only chose one update and try to install it. Mainly because this type of error you are receiving is normally from one of the updates having issues. Please report the results.

Edit: Because you are using a proxy you will need to permit these ranges on the Windows 2016 servers. Linky
0
 
meirionwylltSenior Desktop EngineerAuthor Commented:
Hi, can you tell me how I can do this with Windows Server 2016?  Doing this is simple enough in Server 2008 R2 but it's all changed with 2016 and the tick-boxes are all gone.
0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
ITSysTechSenior Systems AdministratorCommented:
After reading further into your log files "falling back to BITS and retrying with new Download Job" it seems as though your proxy is causing the issues. Please permit these ranges on your Windows 2016 servers or configure a Group Policy or MDM Policy setting that will bypass Delivery Optimization and use BITS instead. Linky
0
 
meirionwylltSenior Desktop EngineerAuthor Commented:
From what I gather, the article suggests I need to set this following Registry value (this value doesn't exist in my local group policy editor)...

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config

DODownloadMode = 0
REG_DWORD

I've tried this and rebooted, but I still have the same problem.
0
 
ITSysTechSenior Systems AdministratorCommented:
Could you run this from a dos prompt on the affected machine?  netsh winhttp show proxy  
Report back the results.
0
 
meirionwylltSenior Desktop EngineerAuthor Commented:
Running that command gives "Direct access (no proxy server)".

By the way, for the above reg value I've also tried "100" (bypass) too but it didn't work either.
0
 
meirionwylltSenior Desktop EngineerAuthor Commented:
Aha!  I've set my proxy server into winhttp using...

netsh winhttp set proxy servername:8080

and now it's working!

Now, the question for me is, why do I need to have this value set?  I've never had to do this before to get WU working

Thanks
0
 
ITSysTechSenior Systems AdministratorCommented:
Windows Server 2016 seems to have changed the way it receives updates as compared to Windows Server 2012. In my experience Windows 2016 seems to have this issue with anything to do with proxies.
0
 
meirionwylltSenior Desktop EngineerAuthor Commented:
Thanks for your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.