Spotted on a couple of my machines, windows update was not working, with the above error:
The Microsoft TechNet article is pretty unhelpful, suggesting the windows update service is having trouble connecting, possibly an on-machine firewall stopping it.
Nothing that should be stopping this springs to mind, so my first concern is malware. A quick scan by Malwarebytes didn’t show anything; sadly I know that doesn’t guarantee we’re OK. I had a quick look at the host file; nothing changed there. The IP addresses associated with the windowsupdate DNS names appeared to be OK. It did seem as if the PC was being blocked from geting updates.
So, what is actually happening when I click “Get updates” ?
I needed something to let me see behind the lovely chromed update UI. The tool I chose was was fiddler. Mainly used by people debugging websites, it also has the useful knack of sniffing all http traffic from the machine. Let’s fire it up and hit the “try again” button:
We can see the update process requesting the wuident.cab from a server jelly.dessert.local
clearly, the machine in question doesn’t belong to WindowsUpdate. Fortunately, there’s an explanation which is less worrying than some uber-weird virus.
A few weeks ago, I need a couple hundred GBs of disk space for some new VMs in a hurry. Being in a tight spot, I uninstalled WUS which conveniently was taking up about that much space; I then of course changed group policy so that my dozen or so machines talked to windows update directly
It would appear, however, that a couple of machines have group-policy update issues and never got the update changing from using a local WUS to the microsoft update servers.
So a fairly predictable fix from there on in. But the original fault-finding would be soooo much easier with a little more diagnostic error messages, Microsoft!