Avatar of meirionwyllt
 asked on

Cannot do Windows Update on any of my Windows Server 2016 machines

I have three Windows Server 2016 virtual machines.  None of them are able to do Windows Update.  They find a list of items to download, but they're just stuck on 'Downloading update 0%'.  It can't be a corruption of repository or catalog because I've just built a VM from stratch and tried it and I get the same thing.  I've tried re-downloading the ISO from MVLS too, in case the ISO was corrupt.

All of our 2008 R2 machines connect to Windows Update no problem - these are in the same subnet, and go through the same proxy server.  Besides, the firewall/proxy reports HTTP 200 when Windows Update is attempted, so the proxy isn't doing anything to the traffic.

Looking at my WindowsUpdate.log file, I see these lines many times in a loop...

2017/11/06 11:55:43.8312332 588   4116  DownloadManager BITS job initialized: JobId = {E949FC9B-4BC2-443E-858F-8F693CE11E0B}
2017/11/06 11:55:43.8436054 588   4116  DownloadManager Downloading from http://download.windowsupdate.com/c/msdownload/update/software/defu/2017/09/nis_engine_1af0e4b80bf4028f8dac56ebf186b392e4e72486.exe to C:\Windows\SoftwareDistribution\Download\f71ddf93ec2d087c819cf75c55ddfda2\1af0e4b80bf4028f8dac56ebf186b392e4e72486 (full file)
2017/11/06 11:55:43.8452605 588   4116  DownloadManager New download job {E949FC9B-4BC2-443E-858F-8F693CE11E0B} for UpdateId F608EDA4-2E84-433A-A8C9-8117411F91A8.200
2017/11/06 11:55:43.8545291 588   4116  DownloadManager Download job E949FC9B-4BC2-443E-858F-8F693CE11E0B resumed.
2017/11/06 11:55:43.8734449 588   4116  DownloadManager Failed to connect to the DO service; (hr = 80040154)
2017/11/06 11:55:43.8734462 588   4116  DownloadManager GetDOManager() failed, hr=80246008, hrExtended=80040154
2017/11/06 11:55:43.8734472 588   4116  DownloadManager Failed creating DO job with hr 80246008
2017/11/06 11:55:43.8772521 588   4116  DownloadManager DO download failed with error 80246008[Extended: 80040154], falling back to BITS and retrying with new Download Job.

We have no WSUS server, and I've also tried setting the REG_DWORD UseWUServer=0 but to no avail.

For one of the servers, I downloaded the latest Cumulative Update from the Microsoft Catalog, but even after installing that, it's still not able to download any of the other update with Windows Updates.

I've tried it whilst logging in as a local user and as a domain user.  I've tried it a domain-joined machine and with non domain-joined.

Any ideas?
VirtualizationWindows Server 2016Windows OS

Avatar of undefined
Last Comment

8/22/2022 - Mon

For a test could you only chose one update and try to install it. Mainly because this type of error you are receiving is normally from one of the updates having issues. Please report the results.

Edit: Because you are using a proxy you will need to permit these ranges on the Windows 2016 servers. Linky

Hi, can you tell me how I can do this with Windows Server 2016?  Doing this is simple enough in Server 2008 R2 but it's all changed with 2016 and the tick-boxes are all gone.

After reading further into your log files "falling back to BITS and retrying with new Download Job" it seems as though your proxy is causing the issues. Please permit these ranges on your Windows 2016 servers or configure a Group Policy or MDM Policy setting that will bypass Delivery Optimization and use BITS instead. Linky
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

From what I gather, the article suggests I need to set this following Registry value (this value doesn't exist in my local group policy editor)...


DODownloadMode = 0

I've tried this and rebooted, but I still have the same problem.

Could you run this from a dos prompt on the affected machine?  netsh winhttp show proxy  
Report back the results.

Running that command gives "Direct access (no proxy server)".

By the way, for the above reg value I've also tried "100" (bypass) too but it didn't work either.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Aha!  I've set my proxy server into winhttp using...

netsh winhttp set proxy servername:8080

and now it's working!

Now, the question for me is, why do I need to have this value set?  I've never had to do this before to get WU working


Windows Server 2016 seems to have changed the way it receives updates as compared to Windows Server 2012. In my experience Windows 2016 seems to have this issue with anything to do with proxies.

Thanks for your help
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy