01825 818572
A Server 2016 VM was stuck at 0% attempting to download updates. Neither a manual restart of the Windows Update service, nor a server reboot, rectified the problem. Even tried to manually download the latest servicing stack update and cumulative update from the Microsoft Catalog site and apply those directly but no progress was made. Next option was the now classic renaming of the SoftwareDistribution and CatRoot2 folders, and whilst looking for any further pointers I found an MS KB article that outlines this process but with an additional step that I thought might be worth a shot. The result was successful, and no reboot required!
Open an administrative command prompt. Enter each command shown below, one at a time, pressing Enter after each.
Stop the relevant services [NOTE: The Windows Update service (wuauserv) wouldn’t stop in a timely manner so I had to use taskkill to manually force it to stop]:
net stop bits
net stop wuauserv
net stop cryptsvc
Rename the folders (e.g. append .OLD to each) [NOTE: You may find that one or more of the services restart themselves whilst you are attempting to rename the folders, simply stop the service(s) again if you see a ‘permission denied’ error during the rename process. In this example the Cryptographic Services (cryptsvc) restarted so I was unable to rename the Catroot2 folder until I stopped it again]:
Ren %Systemroot%\SoftwareDistribution\DataStore DataStore.old
Ren %Systemroot%\SoftwareDistribution\Download Download.old
Ren %Systemroot%\System32\catroot2 catroot2.old
Reset the BITS and Windows Update service security descriptors:
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
Restart the services:
net start bits
net start wuauserv
net start cryptsvc
If all the above still doesn’t allow Server 201x to successfully find and start downloading updates, you may need to run through all the steps in the MS KB article under the heading ‘How do I reset Windows Update components?’.
