Issue: WSUS clients may fail during synchronization and log the following errors: 0x8024400D
Cause: Too much rubbish in WSUS database eg. Lots and lots of expired and superseeded updates. No cleanup or maintenance has been done for a loong time.
Execute a maintenance CleanUp on the WSUS Server. Most of the 0x8024400D are due to a high quantity of updates on the server, even declined, expired, or superseded. This causes that the client WU Engine cannot finish processing all the information, and cannot pass to the Evalutation phase of the update process.
-Run Decline-SupersededUpdates.ps1 (Can also be found at www.thomasmarcussen.com – in the Archive folder). If the base Operating System is Windows 2008 R2 of further there should not be any problem to run it on Powershell 2.0
Open a Powershell windows as Administrator
Execute the next cmdlet in order to be able to execute non-signed scripts: Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Execute the script using the next syntax: .\Decline-SupersededUpdates.ps1 -UpdateServer FQDNoftheWSUSserver -Port xx -SkipDecline
Example: .\Decline-SupersededUpdates.ps1 -UpdateServer wsus.domain.local -Port 8530 -SkipDecline
After the process finishes we need to run the WSUS Cleanup:
From WSUS Console, go to Options, and open WSUS Cleanup Wizard
– Select only the 4th and 5th option: Expired Updates and Superseded Updates
– After the process finishes, run the Wizard again, just selecting the 1st Option: Unused updates and update revisions.
You might have to run this multiple times, untill it stops giving timeout errors – in case you got A LOT of expired and superseded updates – I’ve put up a script to perform this task instead. – see this post: http://blog.thomasmarcussen.com/susdb-maintenance/
- Check if the affected clients are running Windows 7 – 32 bit version.
In this case, we will need to ensure that they have at least the WU Agent revision from June 2015: (You can download it from Here: https://support.microsoft.com/en-us/kb/3050265 )
- – Clean the bloated update cache on the affected clients:
From a CMD as Administrator execute:
Net stop AppIDSvc
net stop wuauserv
net stop cryptsvc
ren %windir%\SoftwareDistribution %windir%\SoftwareDistribution.old
ren %systemroot%\system32\catroot2 oldcatroot2
Delete, in the registry: the PingID, SUSClientID and the AccountDomainSID values from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
net start AppIDSvc
net start wuauserv
net start cryptsvc
wuauclt /resetauthorization /detectnow