Articles in this section

Troubleshooting Windows Client Reporting Issues: Not Yet Reported or Not Reported in Over 24 Hours (Red X WUA Communication)

 If a windows endpoint is not reporting to WSUS/Windows Update or hasn’t updated its status in over 24 hours (default Red X WUA Communication in Endpoint Readiness), follow these steps to diagnose and resolve the issue:

Step 0: Verify Prerequisites

Before troubleshooting, ensure the endpoint meets the prerequisites for WSUS. Use JetPatch Endpoint Readiness to analyze and pinpoint missing configurations.

Step 1: Run Prerequisite Checks with JetPatch Endpoint Readiness

  1. Open Endpoint Readiness in JetPatch (Endpoints > Readiness)

    • Filter on Endpoint Readiness > Not Ready and Unknown
    • If prerequisites are met, then the affected devices should only have a red X or yellow ? on WUA Communication column.  If other columns are red X or yellow ?, then prerequisites are not met.  Stop this process and ensure the endpoints meet the prerequisites for WSUS

  2. Manually Run Readiness Test:

    • Filter on Unmet Criteria > WUA Communication
    • Select all rows and go to Actions > Run Readiness Test
    • Wait a couple of minutes for the results to refresh
    • If there is still a red X or yellow ?, then move to Step 2
        •  

Step 2: PowerShell WUA Test

This direct test determines if the client can successfully query windows update source and returns an HRESULT code if it fails.

  1. On the endpoint, open PowerShell as Administrator and run: 
    $updateSession = New-Object -ComObject Microsoft.Update.Session
    $searcher = $updateSession.CreateUpdateSearcher()
    $result = $searcher.Search("IsInstalled=0")
  2. Success
    • $result.Updates.Count shows the number of available updates (or zero if none). This means the endpoint successfully connected to WSUS.
  3. Failure
    • The command throws an HRESULT error (e.g., 0x8024402C). Look up the error code at Microsoft’s Windows Update Error Reference. Common causes include DNS issues, proxy misconfiguration, or firewall blocking.
    • If you suspect a network or firewall issue, perform Step 3 to confirm connectivity.

Step 3: Confirm Basic Connectivity (If Needed with WSUS)

If the quick PowerShell test failed due to network-related errors, validate connectivity with these checks:

  1. Network Port Check 
    Test-NetConnection -ComputerName <WSUS_Server_Hostname_or_IP> -Port 8530
    Test-NetConnection -ComputerName <WSUS_Server_Hostname_or_IP> -Port 8531 # If SSL is used
    Confirm TcpTestSucceeded: True. If it is False, review firewall rules or network routing.
  2. Browser Access
    • Access http://<WSUS_Server_Hostname_or_IP>:8530 (or https://...:8531 if using SSL as well) in a browser. If it does not load, investigate server or network issues.

Step 4: Check Windows Update Service

  1. Open services.msc on the endpoint.
  2. Locate Windows Update Service (wuauserv).
  3. Ensure it is Running and set to Automatic. If stopped, start it and rerun Step 2.

Step 4: Analyze Windows Update Logs

Manually Check for Updates

Generate and Review Windows Update Logs

  1. Open PowerShell as Administrator on the endpoint, then run:
    Get-WindowsUpdateLog
  2. The log file is created on your desktop. Look for error codes (e.g., 0x80244010 or 0x80072EE2). Use the Windows Update Error Reference to interpret any codes you see.

Related articles

Comments

0 comments

Please sign in to leave a comment.