Automatic Update Service
First, make sure the Automatic Update service is running
- Open services.msc
- Right click on Windows Update Service
- Make sure the Startup type is set to Automatic and start the service now if it is disabled
If it was disabled, then enable it and wait a few minutes before running the following commands. If it was already enabled, then run the following commands immediately
For a computer running on Windows version less than 10/2016:
wuauclt /resetauthorization /detectnow
For a computer running on Windows version 10/2016 or later:
Try to access the WSUS server via the browser over port 8530. If there is an issue, check firewall rules locally and centrally.
Windows Update Agent
Verify that there are no problems with the Windows Update agent by checking for updates. If you get error code 0x80244010, check for this error in the Windows Update Log, and if you see it, read this Microsoft article for more information. You have two options (a) wait a few days for the natural 22 hour cycles to complete or (b) increase Automatic Update detection frequency from 22 hours to 1 hour and wait a few hours to verify status is being reported before setting it back to the default.
Note: you can also leverage the built-in Check for potential Windows Update Agent issues task to check the status across multiple endpoints
- Go to Endpoints > Management
- Filter on the Windows Endpoint Group(s) you are looking to patch
- Select all rows and select Action > Run Task
- Search for Check for potential Windows Update Agent issues
- Click on Run Task
- Wait a minute
- Go to Endpoints > Activities
- Filter Task: Check for potential Windows Update Agent issues
Generate Windows Update Log
Open an elevated PowerShell and run the following command:
This will generate a log that is saved on the endpoint's desktop.