Scenario
You've just installed a new Windows Vista / 7 PC / VM for whatever reason (I'm not here to judge!) and you've connected it to your WSUS server. Upon triggering a search for updates, you're met with an error:
Windows could not search for new updates
An error occurred while checking for new updates for your computer.
Error(s) found:
Code 80244010 - Windows Update encountered an unknown error.
Furthermore, if you go and check C:\Windows\WindowsUpdate.log, you'll see the following towards the bottom:
2023-01-25 21:25:19:407 968 119c PT WARNING: Exceeded max server round trips: 0x80244010 2023-01-25 21:25:19:409 968 119c PT WARNING: Sync of Updates: 0x80244010 2023-01-25 21:25:19:409 968 119c PT WARNING: SyncServerUpdatesInternal failed: 0x80244010 2023-01-25 21:25:19:410 968 119c Agent * WARNING: Failed to synchronize, error = 0x80244010 2023-01-25 21:25:19:437 968 119c Agent * WARNING: Exit code = 0x80244010 2023-01-25 21:25:19:437 968 119c Agent ********* 2023-01-25 21:25:19:438 968 119c Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 2023-01-25 21:25:19:438 968 119c Agent ************* 2023-01-25 21:25:19:439 968 119c Agent WARNING: WU client failed Searching for update with error 0x80244010
This error is one of the rare Windows Errors that is sort of helpful. Exceeded max server round trips isn't explicit, but it is telling you it's talking to the server too much. Thankfully, you have two possible solutions here.
The Issue
The official Microsoft Blog post about this issue is from prior to 2003 (The date on the post is 2008, but there are several comments from 2003-01-01 that appear to be back-dated). The post boils down to:
- The WU (Windows Update) client is fetching information from the server about available updates
- The WU client is storing what it receives from the server.
- The WU client has a hard-coded limit of 200 "round-trips" or queries to the server.
- The WU client is hitting that limit and giving up.
It also points out that
- The client is actually making progress - the 200 queries it is making are being ingested and saved
- This (usually?) goes away after one or more subsequent "detections" / scans
The easy fix
Just keep hitting "Check for updates".
That's literally it. If this machine is a bit of a unicorn and has no risk of getting compromised, and also poses no risk of compromising other machines, then you can just leave it to keep scanning for updates on the schedule it already has.
If you actually want this machine updated, then you'll have to have that button pressed repeatedly until it gets all the information it's trying to get. A job for an intern or PFY, perhaps.
I've seen a few places say it took more than three or four "scans" before it worked.
The better fix
Now you may have realised that this is because the server probably contains too many updates, and you'd be right. This error still occurs even if you have the machine scoped to a "group" with only a few updates approved, so you will need to decline or delete some updates.
Declined updates aren't visible to WU clients at all, so there will be less queries to the server.
In list of increasing amount of effort:
Quick
- In your WSUS console, decline all superseded updates that would apply to this machine
- You'll probably have to go to the All Updates section of the updates tree, and select Approval: Any Except Declined and Status: Any.
- Note: This will probably take a while to fill out.
- Then add the Supersedence column, and sort by it
- Any updates that have a supersedence icon, except for the icon with one blue box above three grey boxes, probably can be declined. Hover over the icons in the Supersedence to confirm what the icon means. Use your intuition here, you can probably stand to leave a few updates if you think they are needed.
- Click the first update you find that has either the "Is superseded and supersedes others" or "Is superseded" icons, then scroll down and CTRL+Click the last one, and right click > Decline Update them all.
- You'll probably have to go to the All Updates section of the updates tree, and select Approval: Any Except Declined and Status: Any.
Better, but fragile
- In your WSUS console / PowerShell, run the cleanup wizard.
- This will approximately do the same thing as the above, but it won't remove superseded updates that have been approved. This is probably slightly better, but...
- This will probably fail. This wizard is notoriously flaky, and like the WU client, gives up easily. There's a fixed timeout, so you might need to run it a few times before it completes. Unless you've had something messing around in the database directly, you shouldn't need to worry about errors causing it to fail.
Best, but effort to setup
- Download and run a WSUS cleanup script.
- I use https://damgoodadmin.com/download/invoke-dgasoftwareupdatemaintenance/
- It requires a little bit of config, but works pretty well.
- .\Invoke-DGASoftwareUpdateMaintenance.ps1 -StandAloneWSUS $SERVERNAME -DeclineSuperseded -UseCustomIndexes -RunCleanupWizard -DeleteDeclined -DeclineByTitle @('*Itanium*','*ia64*','*Beta*','*Preview*') -DeclineByPlugins -Force
- I have this in a scheduled task to run weekly.
Links
- http://trentent.blogspot.com/2016/03/wsus-clients-fail-with-warning-exceeded.html - A good discussion of the issue, with going in-depth to confirm the details of the following post (also source of the initial image above).
- https://learn.microsoft.com/en-au/archive/blogs/sus/wsus-clients-fail-with-warning-syncserverupdatesinternal-failed-0x80244010 - Classic MS blog post from pre-2003 discussing the hard-coded 200 query limit