This site requires JavaScript to be enabled
Welcome Guest|
Recent searches

WSUS: Troubleshooting

Number of views : 9
Article Number : KB0011587
Published on : 2021-11-30
Last modified : 2021-11-30 17:36:17
Knowledge Base : IT Public Self Help


Error codes, causes, and solutions.


Client cannot update from WSUS server

Error Code Explanation
0x80244015 The reply from the server indicates that the server was changed or the cookie was invalid; refresh the state of the internal cache and retry.
0x8024400D Same as SOAP_E_CLIENT - SOAP client found the message was malformed; fix before resending.

Posts about these errors point to two issues.

  • 0x8024400D is the result of having an unpatched WSUS server, possibly KB2938066 is not installed.
  • 0x80244015 is related to the cache local on the client, i.e. the contents of the SoftwareDistribution folder in C:\Windows.


  • Ensure that the WSUS server in question is fully patched and up to date
  • Ensure that the WSUS client on client systems is up to date (see KB2887535)

Once that is complete, perform the following steps on the client:

  1. Point the computer in question to update against the WSUS server
  2. Stop the Windows Update service on the client.
  3. Stop the BITS service on the client.
  4. Rename the c:\windows\softwaredistribution folder
  5. Start BITS service
  6. Start Windows Update service
  7. From an elevated command prompt run: wuauclt.exe /resetauthorization /detectnow

Regarding wuauclt /resetauthorization /detectnow

The /resetauthorization parameter forces the targeting cookie to be immediately expired. Normally the cookie has an ~60 minute expiration. Typically this form of the command is used when server-side targeting is being used, and a client system has just been reassigned to new group(s) via the WSUS console. Use of this command forces the WUAgent to discard any previously known group memberships and to requery the WSUS server for the current memberships. This command should also be used when the SusClientID has been deleted and a detection was performed within the previous hour to ensure the WUAgent does not use the SusClientID that is cached in the targeting cookie.

Also note that the order of these parameters is critical -- the /resetauthorization flag must be the first of these flags on the command line. 

Additional troubleshooting 

  1. DNS: Verify you can resolve by DNS the WSUS hostname
  2. Firewall - Verify that ports 80,443, 8530 and 8531 are not blocked.

Thank You! Your feedback has been submitted.