PENDING Cannot install Config Manager client from WSUS - Windows Update Error 0x80244010

[NicholasDechert]

We are looking into using the Software Update Point installation method for the Config Manager Client (2403). I setup a lab instance of MCM and got this working right away - install MCM, setup SUP and WSUS, Client Installation Settings > Software Update-Based Client Installation Properties > Enable. Used group policy to set one-time registry keys to point to the MCM server, check for updates, and it installs the client. No other windows updates were installed prior to this on the test machine, just domain join and check for updates.

Our production instance has been a SUP for years now, and has had the client on it for SUP based installation. However we've never used this for the first-time-install of the client. We normally use a push account. I expected this to work out of the box as well, so I verified that the latest client is available on the SUP, created a policy targeting my test machine to one-time-set the registry keys to that SUP as the WUServer, and checked for updates. After about one minute of searching, I get Windows Update error 0x80244010. I tried this on a second machine just to ensure it was nothing with the OS - fresh install of Windows Server 2019 both times, just as I did in the lab. The second machine also gets the same error.

I have tried removing the client package from the SUP and re-adding it after a few minutes, I have stopped services on my machine and deleted C:\Windows\SoftwareDistribution and C:\Windows\System32\catroot2. I have created a VM on our virtual infrastructure with a fresh install of Server 2019, domain join immediately, verify registry keys, check for updates. I'm not sure where I'm going wrong here. Can anyone help me diagnose this issue?

 

[NicholasDechert]

Attached results of Get-WindowsUpdateLog. It looks like it failed yesterday with Error 0x80d02002

 

[NicholasDechert]

I've looked through D:\WSUS and found all update files with ccmsetup.exe. I unpublished the client in Configuration Manager by unchecking the checkbox, then deleting each folder that contained it (looks like we had some old versions). After removing these I re-enabled it, and verified the folder appears with ccmsetup.exe in it. I'm still getting the same outcome though.

 

[Harshit Pandey]

Software Update-Based Client Installation is not that reliable. Use the client push as it's a reliable way to distribute the client.

 

[NicholasDechert]

We do use the push, but our issue at the moment is the number of people we have at remote locations. Some machines aren't always reachable due to an employee not being on VPN or not being in an office, and have somehow not had the client installed or lost communication. They do at some point connect via VPN, but MCM might not retry during that time. The GPO based installation would have the same issue, not being connected to the domain during startup, and thus not having the client be able to install.

There are a couple ways to tackle this, and this solution doesn't address the cause (just attempts to fix it), but I was hoping for an easy fix of having clients check for updates once an hour, and eventually they'd download the client while connected to VPN or in the office. I'll keep looking at this.

 

[NicholasDechert]

I was able to resolve this. The update path I saw in Get-WindowsUpdateLog was http://mcmfqdn:8530/Content/04/0C59DA9543698D25A60620110C1DE520AD047D04.cab. Browsing locally in Edge on that server to http://mcmfqdn:8530/Content/04 came up with an (expected) IIS 403.1 - Forbidden page, which happened to show the physical path: d:\wsus\WsusContent\04. Looking there, I saw we have another instance of this folder: D:\WSUS\WsusContent\WsusContent. This is the folder the CCM client was actually put, but WSUS was looking under the parent WsusContent folder. I copied the client there from the subfolder, and it downloaded and installed successfully on the client.

Looking at the SUSDB, under the tbConfigurationB table, I see the following setting:

LocalContentCacheLocation
\\MCMFQDN\WsusContent\WsusContent

However, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup\ContentDir is set to d:\wsus. It looks like I have a misconfiguration on this server. I'll see what I can do to fix this.