WSUS clients may fail during synchronization and log the following errors: 0x8024400D

Issue: WSUS clients may fail during synchronization and log the following errors: 0x8024400D

Cause: Too much rubbish in WSUS database eg. Lots and lots of expired and superseeded updates. No cleanup or maintenance has been done for a loong time.

Resolution:

Execute a maintenance CleanUp on the WSUS Server. Most of the 0x8024400D are due to a high quantity of updates on the server, even declined, expired, or superseded. This causes that the client WU Engine cannot finish processing all the information, and cannot pass to the Evalutation phase of the update process.

 

-Run Decline-SupersededUpdates.ps1 (Can also be found at www.thomasmarcussen.com – in the Archive folder). If the base Operating System is Windows 2008 R2 of further there should not be any problem to run it on Powershell 2.0

Instructions:

Open a Powershell windows as Administrator

Execute the next cmdlet in order to be able to execute non-signed scripts: Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Execute the script using the next syntax: .\Decline-SupersededUpdates.ps1 -UpdateServer FQDNoftheWSUSserver -Port xx -SkipDecline

Example: .\Decline-SupersededUpdates.ps1 -UpdateServer wsus.domain.local -Port 8530 -SkipDecline

 

After the process finishes we need to run the WSUS Cleanup:

From WSUS Console, go to Options, and open WSUS Cleanup Wizard

– Select only the 4th and 5th option: Expired Updates and Superseded Updates

– After the process finishes, run the Wizard again, just selecting the 1st Option: Unused updates and update revisions.

You might have to run this multiple times, untill it stops giving timeout errors – in case you got A LOT of expired and superseded updates – I’ve put up a script to perform this task instead. – see this post: https://blog.thomasmarcussen.com/susdb-maintenance/

  • Check if the affected clients are running Windows 7 – 32 bit version.

In this case, we will need to ensure that they have at least the WU Agent revision from June 2015:                               (You can download it from Here: https://support.microsoft.com/en-us/kb/3050265 )

  • – Clean the bloated update cache on the affected clients:

From a CMD as Administrator execute:

Net stop AppIDSvc

net stop wuauserv

net stop cryptsvc

ren %windir%\SoftwareDistribution %windir%\SoftwareDistribution.old

ren %systemroot%\system32\catroot2 oldcatroot2

Delete, in the registry: the PingID, SUSClientID and the AccountDomainSID values from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate

Then execute:

net start AppIDSvc

net start wuauserv

net start cryptsvc

wuauclt /resetauthorization /detectnow

Feel free to comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.