Currently on my laptop (Windows 10 Pro) Windows Update fails with error 0x80240437 when run from behind the Fortigate; if I run from within our guest network (which is not behind a Fortigate / SSL inspection) it completes successfully.
Windows 10: Update error 0x80240437
Download Zip: https://cinurl.com/2vEzzq
config firewall ssl-ssh-profile edit "deep-inspection" set comment "Deep inspection." config https set ports 443 end config ftps set ports 990 end config imaps set ports 993 end config pop3s set ports 995 set status disable end config smtps set ports 465 end config ssl-exempt edit 27 set type address set address "WindowsUpdate" end set caname "DPI" set ssl-invalid-server-cert-log enable end config firewall addrgrp edit "WindowsUpdate" set uuid 38db89c2-e371-51e4-1f5b-c23edb9bdf46 set member "*.download.windowsupdate.com" "*.update.microsoft.com" "*.windowsupdate.com" "*.windowsupdate.microsoft.com" "download.microsoft.com" "download.windowsupdate.com" "ds.download.windowsupdate.com" "msftncsi.com" "ntservicepack.microsoft.com" "stats.update.microsoft.com" "test.stats.update.microsoft.com" "update.microsoft.com" "windowsupdate.microsoft.com" "wustat.windows.com" "crl.microsoft.com" "ctldl.windowsupdate.com" "au.download.windowsupdate.com" "fe2.update.microsoft.com" "AkamaiContentDelivery" "delivery_mp_microsoft_com" "ws_microsoft_com" "fe3_update_microsoft_com" "sls_microsoft_com" end
For servers we use a separate application control policy to allow updates that is only enabled during maintenance windows; laptop web traffic is not restricted, we simply wish to scan HTTPS for IPS / AV purposes.
config firewall address edit "*.download.windowsupdate.com" set uuid d38ab5ee-e2b6-51e4-6811-7ee23f1e5878 set type fqdn set fqdn "*.download.windowsupdate.com" next edit "*.update.microsoft.com" set uuid 7ed92d50-e2b6-51e4-0a3d-207abf35eb4d set type fqdn set fqdn "*.update.microsoft.com" next edit "*.windowsupdate.com" set uuid 8f997938-e2b6-51e4-ebad-5f46365f3ab4 set type fqdn set fqdn "*.windowsupdate.com" next edit "*.windowsupdate.microsoft.com" set uuid 66ebdab2-e2b6-51e4-0205-d64a7fc3836a set type fqdn set fqdn "*.windowsupdate.microsoft.com" set uuid bda89f7a-e2b6-51e4-ac56-3a6fe6fa1547 next edit "download.microsoft.com" set type fqdn set fqdn "download.microsoft.com" next edit "download.windowsupdate.com" set uuid a04589b6-e2b6-51e4-8380-45c0c9fb0079 set type fqdn set fqdn "download.windowsupdate.com" next edit "ds.download.windowsupdate.com" set uuid 3eb02cd2-e361-51e4-9f9d-f30206ea75e1 set type fqdn set fqdn "ds.download.windowsupdate.com" next edit "msftncsi.com" set uuid 1e7ec04a-e2b7-51e4-fab0-ee96a6805e60 set type fqdn set fqdn "msftncsi.com" next edit "ntservicepack.microsoft.com" set uuid 0b511536-e2b7-51e4-c03e-fe226297dac7 set type fqdn set fqdn "ntservicepack.microsoft.com" next edit "stats.update.microsoft.com" set uuid f4afa0d6-e2b6-51e4-2c03-d7c1c23a31a0 set type fqdn set fqdn "stats.update.microsoft.com" next edit "test.stats.update.microsoft.com" set uuid 14ac0860-e358-51e4-fee2-a9d3c2029924 set type fqdn set fqdn "test.stats.update.microsoft.com" next edit "update.microsoft.com" set uuid b1948a3a-9ffb-51e4-f60b-81a1028a1e41 set type fqdn set fqdn "update.microsoft.com" next edit "windowsupdate.microsoft.com" set uuid 53e9615a-e2b6-51e4-0a82-3dff7b063060 set type fqdn set fqdn "windowsupdate.microsoft.com" next edit "wustat.windows.com" set uuid 3118405a-e2b7-51e4-2db2-7282d055c0b5 set type fqdn set fqdn "wustat.windows.com" next edit "crl.microsoft.com" set uuid 3fffce5e-e379-51e4-1a51-784f8b01b019 set type fqdn set fqdn "crl.microsoft.com" next edit "ctldl.windowsupdate.com" set uuid 4ff14cde-e379-51e4-d24e-a52781fd37b5 set type fqdn set fqdn "ctldl.windowsupdate.com" next edit "au.download.windowsupdate.com" set uuid 2dd995fc-e379-51e4-59dd-5842c00704a4 set type fqdn set fqdn "au.download.windowsupdate.com" next edit "fe2.update.microsoft.com" set uuid 0037da80-fc8a-51e4-e1b9-eaef59739967 set type fqdn set fqdn "fe2.update.microsoft.com" next edit "AkamaiContentDelivery" set uuid 220095f8-2c5a-51e5-797a-63c7cee9ab2e set member "AkamaiContent1" "AkamaiContent2" set comment "Akamai content delivery network" next edit "AkamaiContent1" set uuid ebe86900-2c59-51e5-b90f-0a21d8b4f988 set type fqdn set comment "Akamai content delivery network" set associated-interface "wan1" set fqdn "*.deploy.akamaitechnologies.com" next edit "AkamaiContent2" set uuid 03d551f4-2c5a-51e5-f53e-866580e98268 set type fqdn set comment "Akamai content delivery network" set associated-interface "wan1" set fqdn "*.deploy.static.akamaitechnologies.com" next edit "delivery_mp_microsoft_com" set uuid ac65c496-6b9d-51e7-cd20-8932289339c0 set type fqdn set fqdn "*.delivery.mp.microsoft.com" next edit "ws_microsoft_com" set uuid ea0fef4c-6bcf-51e7-35de-8f16af209be7 set type fqdn set fqdn "*.ws.microsoft.com" next edit "fe3_update_microsoft_com" set uuid 9d42cebe-6c56-51e7-dadf-f7be7034f1a7 set type fqdn set fqdn "fe3.update.microsoft.com" next edit "sls_microsoft_com" set uuid 83a23cce-6c65-51e7-e0cd-88664b237127 set type fqdn set fqdn "*.sls.microsoft.com" end
Regarding your situation I'm not really sure what to suggest, as we allow all web traffic for the laptops (excluding known bad actors using web filters etc.). Perhaps a separate policy using application control might be more appropriate for your needs? We use this approach for windows updates on servers, with specific policies permitting Windows Updates traffic enabled during maintenance windows only.
There are several reasons that a software update scan could fail. Most problems involve communication or firewall issues between the client and the software update point computer. We describe some of the most common error conditions and their associated resolutions and troubleshooting tips here. For more information about Windows Update common errors, see Windows Update common errors and mitigation.
When you troubleshoot software update scan failures, focus on the WUAHandler.log and WindowsUpdate.log files. WUAHandler just reports what the Windows Update Agent reported. So the error in the WUAHandler.log file would be the same error that was reported by the Windows Update Agent itself. Most information about the error will likely be found in the WindowsUpdate.log file. For more information about how to read the WindowsUpdate.log file, see Windows Update log files.
Thank you so much, your repairs were amazing. I had tried everything to solve my update problems in windows 7 but only your cures worked. I immediately succeeded in downloading some 241 updates when all else had failed.
I could use a little help. I am running 7.1.1 of Fusion on a Mac with 10.10.2 Yosemite. I've run into something that I haven't been able to fix. I have a Windows 8.1 VM running and when I run Windows Update on it, it fails and returns the 8024402F error in the subject. I've tried the update diagnostics, rebooting the VM, the Mac etc. to no avail. Here's where it gets more interesting. I created a brand new VM with Windows 10 (a clean install) and guess what? Windows update fails with the 8024402F error code on that VM as well. This leads me to believe the latest OSX patch has changed something that isn't playing nicely with Fusion (just a hunch). The Windows 8.1 VM has previously installed updates without issues. The Windows 10 VM has not installed any updates successfully.
Some clients are reporting back with the following error:Windows Update Client failed to detect with error 0x8024400e.I have done all the usual fixes ie Reset the ID registry keys and then run WUAUCLT /RESETAUTHORIZATION /DETECTNOW, all too no avail. It would appear from the log that the cookie isn't being created so I cleared out all cookies and tried again but same result.I attach the relevant section of the log:2008-05-3012:24:29:1241120cb8Setup * IsUpdateRequired = No2008-05-3012:24:29:8431120cb8PT+++++++++++ PT: Synchronizing server updates +++++++++++2008-05-3012:24:29:8431120cb8PT + ServiceId = 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7, Server URL = 2008-05-3012:24:30:5301120cb8PTWARNING: SyncUpdates failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 2002008-05-3012:24:30:5301120cb8PTWARNING: SOAP Fault: 0x0001902008-05-3012:24:30:5301120cb8PTWARNING: faultstring:Fault occurred2008-05-3012:24:30:5301120cb8PTWARNING: ErrorCode:InternalServerError(5)2008-05-3012:24:30:5301120cb8PTWARNING: Message:(null)2008-05-3012:24:30:5301120cb8PTWARNING: Method:" "2008-05-3012:24:30:5301120cb8PTWARNING: ID:88825c8a-5457-4867-ba1e-d34298ca944b2008-05-3012:24:30:5301120cb8PTWARNING: PTError: 0x8024400e2008-05-3012:24:30:5301120cb8PTWARNING: SyncUpdates_WithRecovery failed.: 0x8024400e2008-05-3012:24:30:5301120cb8PTWARNING: Sync of Updates: 0x8024400e2008-05-3012:24:30:5301120cb8PTWARNING: SyncServerUpdatesInternal failed: 0x8024400e2008-05-3012:24:30:5301120cb8Agent * WARNING: Failed to synchronize, error = 0x8024400E2008-05-3012:24:30:5621120cb8Agent * WARNING: Exit code = 0x8024400E2008-05-3012:24:30:5621120cb8Agent*********2008-05-3012:24:30:5621120cb8Agent** END ** Agent: Finding updates [CallerId = AutomaticUpdates]2008-05-3012:24:30:5621120cb8Agent*************2008-05-3012:24:30:5621120cb8AgentWARNING: WU client failed Searching for update with error 0x8024400e2008-05-3012:24:30:56211206b4AU>>## RESUMED ## AU: Search for updates [CallId = 98F7884B-6AB2-4ABE-95D0-48DEF15032B6]2008-05-3012:24:30:56211206b4AU # WARNING: Search callback failed, result = 0x8024400E2008-05-3012:24:30:56211206b4AU # WARNING: Failed to find updates with error code 8024400E2008-05-3012:24:30:56211206b4AU#########2008-05-3012:24:30:56211206b4AU## END ## AU: Search for updates [CallId = 98F7884B-6AB2-4ABE-95D0-48DEF15032B6]2008-05-3012:24:30:56211206b4AU#############2008-05-3012:24:30:56211206b4AUAU setting next detection timeout to 2008-05-30 16:24:302008-05-3012:24:30:56211206b4AUSetting AU scheduled install time to 2008-05-31 06:00:002008-05-3012:24:35:5621120cb8ReportREPORT EVENT: F80C9D71-3D2D-4291-A7E5-DB77C0A51EA52008-05-30 12:24:30:562+0100114810100000000-0000-0000-0000-00000000000008024400eAutomaticUpdatesFailureSoftware SynchronizationWindows Update Client failed to detect with error 0x8024400e.Any help would be gratefully received,Martin SearleUniversity of Kent 2ff7e9595c
コメント