Consider the following scenario:
-
The System Center Configuration Manager Administrator manages all updates in the environment.
-
Users have no access to the Windows Update website.
-
The Configuration Manager Software Update Point is configured and synchronizing.
-
The Automatic Deployment Rule for Definition Updates is configured and appears to deliver updates nightly with no problem.
In this scenario, when a new client is deployed and the local Administrator clicks the Update button in the System Center 2012 Endpoint Protection client user interface (SCEP UI), the search for updates eventually times out and the following error is displayed:
0x8024402c – System Center Endpoint Protection couldn’t install the definition updates because the proxy server or target server names can’t be resolved
Analysis of the C:\Windows\WindowsUpdate.log file also indicates that the SCEP client is attempting to access the Microsoft Update Website.
Symptoms
The Updates Distributed from Configuration Manager source setting is not like any of the other definition update source settings in SCEP policies. You cannot pull definitions from this source by clicking Update in the SCEP UI.
Cause
To work around this issue, set up another Definition Update source such as WSUS to fall back to when a client attempts to manually update definitions via the SCEP UI. Alternatively, you can hide the SCEP UI from the end user so they cannot click Update in the client UI using the Disable the client user interface policy setting introduced in System Center 2012 Configuration Manager SP1. The Disable the client user interface option is located in the Advanced area of the Antimalware policy setting in the Configuration Manager administration console.
Resolution
When you click Update in the SCEP UI, the client looks for a FallbackOrder registry key in HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates. The client will check each update source in the FallbackOrder registry key in the order that they are listed until it locates a source that has available definitions. If it goes through all sources without detecting available definitions, it returns an error and the update attempt is unsuccessful. Configuration Manager is never listed in the FallbackOrder registry key, as the SCEP client does not recognize a Configuration Manger Software Update Point agent (and associated infrastructure) as a valid definition source and cannot pull definitions from Configuration Manager. FallbackOrder sources can include InternalDefinitionUpdateServer (WSUS), MicrosoftUpdateServer (Microsoft Update Website), FileShares (One or more UNC file shares whose location is determined by policy), and MMPC (Microsoft Malware Protection Center alternate download location).
Configuration Manager definition updates are handled entirely by the CCM client Software Updates Agent and are downloaded and installed by the CCM software update agent. The schedule for these updates is determined when configuring the deployment rule during server side setup. See http://technet.microsoft.com/en-us/library/jj822983.aspx for more information.
When you select Updates Distributed from Configuration Manager in your SCEP policy, it does not modify the FallbackOrder registry key. Instead, this update source option sets the AuGracePeriod registry key in HKLM\Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates. This registry setting suppresses the SCEP client from attempting to automatically pull definitions from sources defined in the FallbackOrder key for a set length of time determined by SCEP policy which is 72 hours by default, or 4320 minutes. This is designed to give the CCM client Software Update process sufficient time to complete the definition update process independently of the SCEP client.
If Updates Distributed from Configuration Manager is the only update source defined in your policy, then the FallbackOrder registry key will be blank. In this case, clicking Update in the SCEP UI will cause the client to revert to behavior similar to Microsoft Security Essentials and the client will attempt to update from the Microsoft Update website.
More Information
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
Проверка обновлений windows непосредственно через WSUS
Ранее в этом месяце я задал вопрос о том, как я могу использовать vbscript, чтобы проверить, есть ли на сервере какие-либо критические обновления в ожидании. Ответ, который был предоставлен, сработал отлично, и я отправил сценарий в нашу среду QA для дополнительного тестирования.
Существует среда «vault», в которой может работать сервер, и он не имеет доступа к Агенту обновления Windows и может получать обновления windows только непосредственно через WSUS. Есть ли способ с помощью VBScript проверять наличие критических обновлений только непосредственно через WSUS, а не через агент обновления Windows?
Я получаю ошибку 0×8024402C с этим кодом (логика взята из предыдущего вопроса). Он обернут в подпрограмму, которая даст PASS или FAIL вывода в зависимости от результата. Я проверил, что это работает на некоторых серверах.
2 ответа
- Утверждение обновлений WSUS для одной группы компьютеров одновременно
У нас есть сервер WSUS и четыре группы компьютеров (Альфа, Бета, производство, рабочие станции). Наш процесс исправления требует, чтобы мы одобрили все патчи Not Approved для Альфа-Группы сразу после того, как они будут выпущены Microsoft. Через неделю мы одобряем все обновления с предыдущей…
- Microsoft.Update.Session COM объект ’’ опустить службы WSUS?
Я пытаюсь получить информацию о том, как up-to-date-это windows систем. Информация из systemstatus или wmic qfe list иногда не дает полного списка установленных хостфиксов. Поэтому я хочу сделать скрипт powershell, который проверяет, есть ли доступные обновления для системы. Мои сценарии выглядят…
Существует среда «vault», в которой может работать сервер, и у него нет доступа к обновлению Windows Агент и может получать обновления windows только непосредственно через WSUS. Есть ли способ с помощью VBScript проверять наличие критических обновлений только непосредственно через WSUS, а не через агент обновления Windows?
Возможно, заметка об архитектуре поможет в этом. В каждой системе есть агент обновления Windows. Он поставляется вместе с операционной системой. Агент обновления Windows выполняет всю работу, будь то домашняя система, разговаривающая с автоматическими обновлениями, более старая система, просматривающая обновление Windows в IE, использующая Панель управления WUApp или разговаривающая с сервером WSUS-это агент обновления Windows, который выполняет эту работу.
Приведенный выше сценарий взаимодействует с сервером WSUS и извлекает информацию на основе того, что агент обновления Windows сообщил серверу WSUS.
Отключенная система, на которую, как я полагаю, ссылается ссылка на «vault environment», не может получить доступ к AU/WU/MU, но в зависимости от размера «среды хранилища» в этой среде можно реализовать сервер WSUS. Документация WSUS содержит подробные инструкции по развертыванию и управлению сервером WSUS в отключенной сети.
Если в отключенной сети нет сервера WSUS, вы также можете использовать автономную кабину сканирования (WSUSSCN2.CAB), но важно отметить, что этот автономный файл не содержит всех обновлений-он содержит обновления безопасности, накопительные пакеты обновлений и пакеты обновления, поэтому, если вы хотите получить все критические обновления, это не будет соответствовать вашим потребностям.
Сценарий будет (пытаться) проверить, какой сервер обновлений настроен с соответствующим хостом. Если хост настроен на использование WSUS, скрипт проверит этот сервер. Если хост настроен на проверку с помощью серверов обновлений Microsoft Windows, он попытается подключиться к ним.
Ошибка 8024402C
указывает на то, что компьютер не может подключиться к настроенному серверу обновлений. Проверьте, настроен ли ваш хост на использование WSUS:
Затем проверьте, можете ли вы подключиться к соответствующему серверу (при необходимости измените порт 80 на порт, указанный в значении WUServer):
или (для обновления Windows):
Обратите внимание, что без WSUS ваш хост должен иметь возможность подключаться ко всем URLs, перечисленным в статье MSKB 885819 .
Также убедитесь, что разрешение имен работает на вашем хосте.
Похожие вопросы:
Как я могу проверить WHEN последняя проверка на windows обновления была выполнена-в коде (c#/.Net)? Не WHICH обновлений установлены или не установлены, а WHEN последняя проверка была выполнена?…
Я пытаюсь автоматизировать процесс управления отчетами WSUS. Мне это удалось I) сообщите об обновлениях, которые я утверждаю, в консоль WSUS. II) запустите процесс очистки для суперсева Так что…
Я искал в интернете далеко и широко, ища способ запросить базу данных WSUS, чтобы просмотреть количество обновлений, которые должны быть установлены на сервере. Я нашел частичный ответ в следующем…
У нас есть сервер WSUS и четыре группы компьютеров (Альфа, Бета, производство, рабочие станции). Наш процесс исправления требует, чтобы мы одобрили все патчи Not Approved для Альфа-Группы сразу…
Я пытаюсь получить информацию о том, как up-to-date-это windows систем. Информация из systemstatus или wmic qfe list иногда не дает полного списка установленных хостфиксов. Поэтому я хочу сделать…
У меня возникла проблема, когда мой сервер WSUS (Windows 2012 R2) сообщает только о 12 клиентах. Я изменил локальную групповую политику каждого клиентского хоста, чтобы связаться с сервером WSUS, но…
Я пытаюсь написать небольшую программу для обработки Windows обновлений на Windows Server Update Services (WSUS). Хотя это общий вопрос, я приведу конкретный пример. GetComputerTargetGroups()…
Я хочу автоматизировать процесс установки обновлений WSUS на мой VMs. Чтобы дать краткий обзор, вот то, что я хочу сделать (пожалуйста, дайте мне знать, если мои методы идиотские, я хотел бы узнать…
Вот код, который я использую для поиска обновлений Windows, установленных WSUS, я хочу добавить еще один столбец для статуса перезагрузки pending/done. есть ли для этого переключатель? $Session =…
При создании обновленных базовых образов Windows я хочу установить обновления с локального сервера WSUS с помощью Hyper-V iso builder. Я пробовал использовать некоторые обновления Windows cmdlets в…
Windows Update error 8024402C (Windows could not search for new updates – Errors found 8024402C) while checking for updates is commonly caused by invalid network settings or invalid update settings. The problem also occurs if your computer was connected to a local network (LAN) and managed by a Windows Server Update Services (WSUS).
This tutorial contains detailed instructions on how to resolve In order to fix the Windows Update error 0x8024402C in Windows 8, 7 or Vista.
How to fix Error code 0x8024402C in Windows Update.
Solution 1. Run the Windows Update Troubleshooter.
1. Navigate to Windows Control Panel, set the ‘View By’ to Small icons and open Troubleshooting.
2. In Troubleshooting options, click View all.
3. Open the Windows Update.
4. Click Next to troubleshoot Windows update problems.
5. When the troubleshooting process is complete, close the troubleshooter.
6. Restart your computer and see if the Error code 8024402C is resolved.
Solution 2. Change the DNS servers.
Some IPS causes errors with Windows Update. So try to manually add a public DNS server (e.g. Google DNS) on your network connection.
1. Press Windows + R keys to open the run command box.
2. Type ncpa.cpl and press Enter.
3. Double click at your active Network Adapter.
4. Click Properties.
5. Open ‘Internet Protocol Version 4 (TCP/IPv4)’ Properties.
6. Select «Use the following DNS server addresses:» and type the following Google’s public DNS server addresses:
- 8.8.8.8
- 8.8.4.4
7. Press OK twice to exit Network settings.
8. Restart your computer and check for updates again.
Solution 3. Configure Automatic Updates client to connect directly to the Windows Update site on the Internet.
1. Press Windows + R keys to open the run command box.
2. Type regedit and press Enter.
3. In Windows registry editor locate the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Note: If you don’t find the WindowsUpdate key you have to create it: Right click on Windows key (on the left pane) and select New > Key. Give the name: WindowsUpdate. Then right click at «WindowsUpdate’ & perform the same operation to create the AU key.
4. At the right double click to open the UseWUServer value and change the Value data from 1 to 0.
Note: If you don’t find the UseWUServer value you have to create it: Right click on the right pane and select New > DWORD (32-bit) Value. Give the name: UseWUServer.
5. Press OK to apply changes and exit from Registry Editor.
That’s all folks! Did it work for you?
Please leave a comment in the comment section below or even better: like and share this blog post in the social networks to help spread the word about this solution.
If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us.
Table of Contents
- Scenario
- Symptom
- Troubleshooting
- Solution
Scenario
Consider a client workstation that it is using a WSUS Server that is located in the DMZ behind Forefront TMG. This WSUS Server is not a domain member. There is a group policy specifying the WSUS Server name as shown below:
Symptom
When the client workstation is running Windows Update it receives an error 0x8024402c, which appears in the Windows Update log (check KB902093 for default location) as shown below:
Troubleshooting
During the course of troubleshooting of this issue the following items were validated:
- The DNS Server correctly had an entry for the WSUS Server
- The DC was able to resolve the WSUS Server name.
- The client was able to resolve the WSUS Server name using nslookup command, but it was not able to resolve when using ping command.
To better understand what it was happening the following steps were done on the client workstation:
- Ran ipconfig /flushdns
- Started Netmon capture.
- Ran the command ping srvwus.crop.contoso.com.
- Stopped the capture.
On the netmon capture it was possible to see that the answer from the DNS Server came incorrectly as shown below:
At this point, we know that name resolution works fine and that the client is able to talk to the DNS Server. To isolate potential name resolution issue we tried to ping to SRVWSUS using the IP address and got the result below:
This indicates that the local machine didn’t know what to do with that request.
Solution
The client workstation was missing the IP address of the default gateway. Once we added the default gateway the client workstation was able to obtain updates.
There are several causes for the Error Code 8024402c. The system may throw a message like “windows could not search for new updates”.
To fix this error you can make use of the Troubleshooting tool in Control Panel. It will try to make amends to the Windows Update Database Corruption and provides a fix it solution. Let the troubleshoot tool run for a few seconds and analyze the problem.
Then finally, it will ask to apply the fix it. You just do it and the problem is resolved.
Windows update service not running in windows 7 64 bit is another cause. Then you have to check the relevant update services like BITS, WSUS etc. You must have disabled it or some other software application might have done it.
Windows 8.1 won’t find updates if code 8024402c pops up. The message will show as if this is because of unknown reason. But in many cases, this is because a third-party firewall or app is preventing the Update service from accessing the Internet.
In 2015 also, when you try to update Windows 10 this might cause you to rethink about upgrades.
If you apply the first weapon mentioned above, a progress indicator showing a green tick mark for several issues are shown. It also includes that the Windows update components must be repaired.
To resolve your issue in any Windows OS, you have to find the root cause. Once that is fixed, you can easily download the updates.
Some of the causes for this error code are –
- You can have an erroneous character in the proxy override settings.
- If you are using a third-party firewall like ZoneAlarm, Sygate, Sunbelt, Comodo, you may have wrongly configured it.
- In Windows 10, if you are using a VPN like HotSpot Shield, Zenmate, Avast Internet Security etc then the above error may occur.
- Workstation in Office that work behind a corporate ISA server can also face this issue.
- For corporate networks like Facebook, Google, Microsoft etc, if autoproxy is not enabled then also you may have this problem.
- Corrupted registry entries. If you have made any changes to the registry or did any tweaks, this can also cause Error Code 8024402c.
- Infection of Virus or Malware. If you plugged in a pen drive from a corrupted system, you can have viruses. Also, if you have downloaded too many adware programs, they can cause malware. These are also some causes for the above error code.
- General Fixes
- How to Deal with Error Code 8024402c in Windows Server 2012?
- How to Fix Error Code 8024402c in Windows Server 2008?
- How to Iron Out Error Code 8024402c in Windows 10?
- How to Work Out Error Code 8024402c in Windows 8.1?
- How to Figure Out Fix for Error Code 8024402c in Windows 7?
- Conclusion
General Fixes
The common solutions in any OS are the following –
Fix #1
First make sure you have the following websites white-listed in your Firewall.
- https://*.windowsupdate.microsoft.com
- http://download.windowsupdate.com
- http://*.windowsupdate.microsoft.com
Fix #2
For erroneous character in proxy override settings, you can do the following.
Select the LAN settings option in the “Internet Options” of Control Panel. If “Proxy Server” is enabled, then select the “Advanced” button. Delete everything in the “Exceptions” text box. Now press Win + R and in the Run window, type “proxycfg -d” and press ENTER.
- Type the command “net stop wuauserv” and press ENTER.
- Finally, type “net start wuauserv” and press ENTER.
You have cleared the proxy cache. Now try the Windows Update or Windows 10 download again. You should see success.
Fix #3
If VPN is the source of error, just disable and directly connect to the Internet. Now download Windows 10. After the update is successful, then enable your VPN again.
Fix #4
If you are behind an ISA server, you should configure the Firewall settings. Select the Firewall Client for your third-party software. Select the configure option. Now check the box that says “automatically detect firewall server”. Click on “Update Now” button. Restart your Windows 10 update or other updates.
Fix #5
First do a complete scan and cleaning of your computer using an antivirus like Kaspersky, ESET NOD32, Panda, Avast, AVG etc. You can also use Malwarebytes Anti-Malware to remove the adware.
Fix #6
Since this is an update error, you can download the update troubleshooter fix from Microsoft.
https://support.microsoft.com/en-in/instantanswers/512a5183-ffab-40c5-8a68-021e32467565/windows-update-troubleshooter
You need to download the fix file from the above link and run it as an “Adminstrator”. Accept the license and then on the next screen click on “Detect problems and apply the fixes (Recommended).”
Let the troubleshooter program complete its execution. Then restart the PC. See if this resolves the Error Code 8024402c in your Windows 7 or 8.1 or 10 computer.
Fix #7
You need to configure your proxy settings properly. Open command prompt with elevated privileges.
- Type the command “netsh winhttp import proxy source=ie” in the prompt before hitting Enter.
- Disable proxy in Network Settings unless you receive a message indicating that there is no proxy server.
Fix #8
You can also reset and re-register the Windows Update components. You can do this by following these tutorials.
- http://www.sevenforums.com/tutorials/91738-windows-update-reset.html
- https://support.microsoft.com/en-us/kb/971058
You generally keep the “Automatic Updates” on in your system. This will automatically download the updates whenever there are new updates. This is most likely to happen on every Tuesday. Sometimes, you may face this dreaded Error Code 8024402c.
There is a quick fix for it using registry settings.
First run “regedit” in the Run box (Win + R). This will open the Registry Editor. Then go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU and update the value of UseWUServer from 1 to 0.
In the second step, open “Services” and restart the Windows Update service.
This usually resolves the problem of the current error code. But it also can fix Error Code 80072EE2.
How to Fix Error Code 8024402c in Windows Server 2008?
Source: https://theorypc.ca/2013/05/
You may get this issue while applying Windows Update. The source of this error cannot be easy to diagnose. The updates can be Office updates or any other Microsoft program. Even if you check the Event Viewer – software feature of Windows and look at the BITS-client logs, it is not easy to fix it.
So you need to enable analytics and debug logs. The results are produced in a WinHTTP log file. You need to re-execute the Windows Update and check the log, to find the reason for this error – 8024402c.
The common reason would be the Update going to the wrong server – like wswsus02.YYYY.ab.ca. For example, you might have used this server earlier and later updated with a new IP. So in order that Windows Update picks the right server, you need to apply the following commands.
esentutl /p %windir%securitydatabasesecedit.sdb /o
Gpupdate /force
After this trick is applied, your Windows Update service will use the Microsoft servers instead of the WSUS server. Then reboot the server. You could also run the net stop and net start commands.
Then Windows Update will download the required updates with success.
How to Iron Out Error Code 8024402c in Windows 10?
You may have faced this error, when you try to download the Windows 10 update. It may show up a progress of 50 or 80% and then show this 8024402c error. Otherwise, you may fail in installing updates with this error.
The common reason for Error Code 8024402c is prevention of Windows Updates Services (SVCHOST) accessing the internet properly. Some of the programs that can do this are – firewalls, web accelerators, internet security, antivirus programs, anti-spyware software, proxy servers etc. Generally, Windows 10 is available as an update. So, first check if your firewall or Antivirus software is blocking access. Try to disable your default firewall or anti-spyware or anti-virus for the time-being.
You can do this in Windows 10 as follows.
Control Panel > Windows Firewall Turn Windows Firewall on or off and then select Turn off Windows Firewall:
Then try to run the Windows 10 update again. This time Windows Update will try to connect to Microsoft server. The download of Windows 10 will resume normally again, once this is done.
[alert]
Note: Be careful once you disable firewall and anti-virus or internet security. Generally, this is not recommended, but only when you have compatibility problems, this is required. So it is better you restrict your PC and Internet activities, during this weak period of disabled services.
[/alert]
Turn your security software or Windows firewall, once the Windows 10 Update process is complete.
You can also stop and restart your Windows Update service. This can be done in the following way.
Just open your command prompt with administrator privileges and type the net stop wuauserv command to stop the Windows update service and then net start wuauserv to restart the latter. You can also do using the Services program.
Press Win + R keys and type “services.msc” in the dialog box. There you will find a service called “Windows Update”. You can restart it. Otherwise, you can stop it and start again.
How to Work Out Error Code 8024402c in Windows 8.1?
You can try the above steps first to resolve the error.
But @Shivam15 on Tomshardware found a clean solution for this problem.
You just have to use Google DNS servers 8.8.8.8 and 8.8.4.4 to fix Error Code 8024402c in Windows 8.1. You just have to update the above server list in your ISP settings.
How to do this in Windows 8.1?
You can follow these steps.
- Move the mouse to the bottom right-hand corner. In the Charms bar, go to Settings > Control Panel. You can also press the Win key and type “Control Panel”. It will appear in the Search.
- From it, you can navigate to Network and Internet > Network and Sharing Center > Change adapter settings. You can also right-click the Wi-Fi or Ethernet icon at the bottom right-hand corner and select “Open Network and Sharing Center” and then select the same.
- You can select the Network Adapter. For example, it can be Wi-Fi adapter or Ethernet Adapter.
- To change the settings for an Ethernet connection, right-click Local Area Connection >Properties.
- To change the settings for a wireless connection, right-click Wireless Network Connection> Properties.
- If you are asked for administrator credentials, you need to provide them.
- Choose the “Networking” tab if it’s not selected by default.
- Under This connection uses the following items, select Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) and then click Properties.
- A pop-up window will open. Click Advanced and select the DNS tab. If there are any DNS server IP addresses listed there, note them for further use.
- Now give the IP addresses of the Google DNS servers:
- For IPv4: 8.8.8.8 and/or 8.8.4.4.
- For IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844.
- For IPv6-only: you can use Google Public DNS64 instead of the IPv6 addresses in the previous point.
- Disconnect from Internet and restart again.
- Test whether error code 8024402c is gone and updates are working fine.
How to Figure Out Fix for Error Code 8024402c in Windows 7?
A user on sevenforums @ countkenshin had a similar problem. He tried different solutions like disabling the Windows firewall and Anti-virus. He also uninstalled all the security and windows updates, hoping that Windows will automatically fix it. But there was no success.
Then he did this to fix the problem.
- Type “services.msc” in the Run window (Win + R) and find the Windows Update service. Stop it.
- Go to C:\Windows\ and find the SoftwareDistribution folder. Rename to something like SoftwareDistribution.old
- Restart the Windows Update service.
- Click the “Check for Updates” button on the Windows Update screen.
- Windows will perform the check – it may take some time, so leave it running. Eventually it will successfully complete.
- Once the updates are downloaded, you can delete the SoftwareSistribution.old folder.
Conclusion
Generally the Error Code 8024402c resolves itself when you stop and restart the Windows Update service. If not, you can try any of the solutions mentioned above. Sometimes, just cleaning the junk in your system, can also fix the problem. For this you can do a registry clean using CCleaner and fix any errors that is causing the malfunction of your updates.
You can also try the Microsoft update troubleshooter to fix this error code. You can also reset the Windows Update components as provided by Redmond itself. Other solutions are tailored for specific cases.
If you still not able to solve the problem, please leave a comment in the section below. I’ll try to find a solution, using my expertise.
Palla Sridhar is the writer and admin for WindowsTechIt.com. His primary focus is to write comprehensive how-tos and solutions guides for Windows 11, 10, Skype, Outlook, HDMI, Redmi, Facebook, Google, Tech Apps and LinkedIn.