Fix Windows Update error code 0x80244022, 0x8024401C and 0x80072EE2

WSUS is a great product from Microsoft to keep your servers up to date. In the past years, I have often used it at the companies I worked for. But it has it downsides as well. Sometimes the Windows Update client just won’t work. You’ll get errors like 0x80244022, 0x8024401C and 0x80072EE2 and just haven’t got a clue what is going on.

I have collected a number of solutions to fix these errors and put them in a PowerShell script. This script contains all the tricks I had to pull to get the Windows Update client running again.

So, what does it do?

Clear-Host

$WSUSServer = "WSUS.$env:USERDNSDOMAIN"

# Make sure we run as admin
If ((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    Write-Host "You are running this script elevated. This is a good thing. Moving on with the script...."
} Else {
    Write-Warning "You are NOT running this script elevated. This is a BAD thing. Exiting script !!!"
    Start-Sleep -Seconds 5
    Return
}

# Test connection to the WSUS server
If (Test-Connection -ComputerName $WSUSServer -Quiet) {
    Write-Host "Ping to WSUS server completed SUCCESFULLY. This is a good thing. Moving on with the script...."
} Else {
    Write-Warning "Ping to WSUS server FAILED. This is a BAD thing !!!"
    Start-Sleep -Seconds 5
}

If (Test-NetConnection -ComputerName $WSUSServer -Port 8530) {
    Write-Host "Connection test to WSUS server on port 8530 completed SUCCESFULLY. This is a good thing. Moving on with the script...."
} Else {
    Write-Warning "Connection test to WSUS server on port 8530 FAILED. This is a BAD thing !!!"
    Start-Sleep -Seconds 5
}

If (Test-NetConnection -ComputerName $WSUSServer -Port 8531) {
    Write-Host "Connection test to WSUS server on port 8531 completed SUCCESFULLY. This is a good thing. Moving on with the script...."
} Else {
    Write-Warning "Connection test to WSUS server on port 8531 FAILED. This is a BAD thing !!!"
    Start-Sleep -Seconds 5
}

# Test if WSUS server has been set
Try {
    Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' | Select-Object -ExpandProperty 'WUServer' -ErrorAction Stop | Out-Null
    Write-Host "WSUS server = " (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' | Select-Object -ExpandProperty 'WUServer')
} Catch {
    Write-Warning "WUServer registry key is empty. This is a BAD thing !!!"
}

# Test if Internet Explorer proxy server has been set
$CurrentProxySettings = (Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings')
$DNSDomain = (Get-WmiObject -Class Win32_ComputerSystem).Domain
$item = "*." + $DNSDomain

If ($CurrentProxySettings.ProxyEnable -eq '1') {
    If ($CurrentProxySettings.ProxyOverride -like "*$item*") {
        Write-Host "A proxy server has been set in Internet Explorer."
        Write-Host "A proxy exception for $item has been set. This is a good thing. Moving on with the script...."
    } # endif
    Else {
        Write-Warning "A proxy exception for $item has NOT been set.Adding proxy exception..."
        $NewOverrideValue = $CurrentProxySettings.ProxyOverride + ";" + $item
        Set-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' -Name ProxyOverride $NewOverrideValue
        $CurrentProxySettings = (Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings')
        Write-Host " Proxy exception has been added. Current proxy exceptions are: " $CurrentProxySettings.ProxyOverride
    } # endelse
} # endif
Else {
    Write-Host 'No proxy server has been set. This is a good thing. Moving on with the script....'
} # endelse

# Testing if winhttp proxy has been set
$NetshWinhttpSetting = [string](Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections' | Select-Object -ExpandProperty 'WinHttpSettings')
$NotSet = "40 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0"
If ($NetSHWinhttpSetting -match $NotSet) {
    Write-Host 'A winhttp proxy has not been set. This is a good thing. Moving on with the script....'
} Else {
    Write-Warning 'A winhttp proxy has been set. This is a BAD thing. Resetting winhttp proxy....'
    # Reset winhttp (wuauclt fails if winhttp is set)

    netsh winhttp show proxy
    Start-Sleep -Seconds 3
    netsh winhttp reset proxy
    Start-Sleep -Seconds 3
}

# Refresh group membership
Write-Host 'Refreshing computer group membership'
klist -lh 0 -li 0x3e7 purge
klist -lh 0 -li x3e7 purge
Start-Sleep 3

# Refrsh group policy
Write-Host 'Forcing group policy'
gpupdate /force /target:computer
Start-Sleep 3

#Stop services
$ServiceDisplayNames = @()
$ServiceDisplayNames = @('Background Intelligent Transfer Service', 'Windows Update', 'Application Identity', 'Cryptographic Services')

ForEach ($ServiceDisplayName in $ServiceDisplayNames) {
    Try {
        Get-Service -DisplayName $ServiceDisplayName | Stop-Service -Verbose
        Get-Service -DisplayName $ServiceDisplayName
    } Catch {
    }
}

# Remove files
Remove-Item "$env:AllUsersProfile\Microsoft\Network\Downloader\qmgr*.dat" -Force -Verbose
Remove-Item "$env:SystemRoot\SoftwareDistribution" -Force -Recurse -Verbose

# Start services
$ServiceDisplayNames = @()
$ServiceDisplayNames = @('Cryptographic Services', 'Application Identity', 'Windows Update', 'Background Intelligent Transfer Service')

ForEach ($ServiceDisplayName in $ServiceDisplayNames) {
    Try {
        Get-Service -DisplayName $ServiceDisplayName | Start-Service -Verbose
        Get-Service -DisplayName $ServiceDisplayName
    } Catch {
    }
}

Start-Sleep -Seconds 5

wuauclt /reportnow


As always, please keep in mind this script is tailored to my environment, but can be used as a template for your environment. I do not pretend to be a PowerShell guru and as such my script may not be perfect. I am open to suggestions  🙂
If you found this script useful, I’d appreciate it if you leave a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *