Skip to main content

Windows Update tips

Sometimes a Windows Update issue will need to be resolved as as a prerequisite for a successful MapleLeaf2 or OpenVPN client installation.

Tips

Verify:

  1. Internet connectivity is working. Eg. you can load http://lxer.com (and don't get a captive portal popup if on a public network).
  2. The network you are on is not designated as a "metered connection" (Windows 8 and newer)
  3. The DrawBridge security certificate is installed if routed through a DrawBridge.
  4. There are no filter policies interfering: watch the Realtime Log Viewer.
  5. Verify you are on a supported version of Windows. As of this writing: Windows 10 and 11 are in-support.
  6. The computer is not compromised: Some viruses will block/damage Windows Update. If there's any question, run a virus scan from a reputable company, such as Malwarebytes or BitDefender. For some situations, you may benefit from running Norton's PowerEraser tool in "offline" mode where you boot to a secure environment and scan from there.

Tips for legacy versions of Windows

  • If running Windows 7; explore whether the system can be upgraded to 10 or 11. However, if that is simply not an option (eg embedded system), note that TLS 1.2 was not enabled by default and needs to be explicitly enabled for modern secure communication. Refer to this Microsoft Support doc: Update to enable TLS 1.1 and TLS 1.2 as secure default protocols in WinHTTP in Windows 7.

    A system reboot is practically always required to make low-level TLS changes such as the above to take effect.

  • Is the Windows Update client too far out of date to even update itself? If so, check the update installation history, and then do some research to determine if there is a "service pack" or "roll-up" update to install that Microsoft made available. After installing that manually via a download from Microsoft, then see if the Windows Update client will fetch updates for itself.

  • Perform a reset of the full Windows Update stack, per this Microsoft article

  • Try stopping Windows Update Services and clearing the Windows Update download cache by doing this:

    1. Stop Windows Update Services. This can be done by running the following command (use command prompt in administrator mode): net stop wuaserv
    2. Rename the: C:\Windows\SoftwareDistribution folder to: C:\Windows\SoftwareDistribution.old
    3. Start Windows Update Services. This can be done by running the following command (use command prompt in admistrator mode): net start wuaserv
    4. Reboot the computer.

  • Windows 7 devices: Installing this Microsoft Update may improve searching for updates.

  • When updating a computer that is several years out of date, start with the oldest updates first: don't let it try to install all of them at once--deselect the newest updates and have it work on those first. Continue progressing through until you are current. While time consuming, carefully performing updates in-order does reduce dependancy issues.

  • Is the computer connected to a domain? If so, the domain controller may be managing the updates, so any error messages you get on the client may actually be coming from the Windows Server. Windows 7 has an option available (at least in some cases) to connect to Microsoft directly for updates.

windows-update-check-directly.png

Diagnostic and Resolution Example from June 2020

Process followed on a Windows 7 laptop complaining about drivers/software not being signed (when it was known that the software in question was properly signed):

  • Observed that the last time the computer had updated was in December 2014
  • Attempted to check for updates, but this failed with an error message: 80244019. Finally figured out the domain controller issue mentioned above. Tried to see if the policy could be changed locally with Group Policy: No (needs to happen on the server)
  • Found this driver signing update, however the hotfix was no longer available (probably rolled into another update).
  • Checked to see if Service Pack 1 was installed: According to Computer Properties, SP1 was installed
  • Tried running the Windows Update troubleshooter linked above. Each time it would find errors, but could only fix some of them.
  • Reviewed available Standalone Windows Update Agent updates
  • Found this helpful HowToGeek article, which advises to first update the Servicing Stack and then to install the Convenience Roll-Up update linked in the article.
  • After this, Windows Update was able to fetch updates for itself (when told to check directly with Microsoft).
Back to top