]> Diagnosing Windows Update 0x8024401C error 🌐:aligrant.com

Diagnosing Windows Update 0x8024401C error

Alastair Grant | Thu 5 Jan 2023

Everybody, quite rightly, hates Windows Update.  Especially the confusing error codes that are given to diagnose the information.  You could search for those codes, but that will get you a million articles telling you to either run "sfx /scannow" or download some dodgy looking app that will magically fix your system, and never going to go into much useful detail.

Well let me start you off on your journey, by pointing you at the list of error codes directly from Microsoft:

This at the very least gives you a constant name that makes more sense than a hexadecimal code.  Hopefully too, a bit of a hint where you need to start looking.

The problem I'm covering today is 0x8024401C, or WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT.  Instantly the latter gives me a really good place to start looking at the problem, I know it's not some issue with figuring something out locally, it's a problem with connectivity to somewhere.

The obvious thing to check is: do you have Internet access?  Just check by pinging a popular search engine in a command line/powershell.  If you can resolve and get a response for this, your basic internet connectivity check is ok.

What I did next, was jump straight into trying to see a bit more about what's going on, and dug out my trusty Wireshark and started sniffing data while trying to run an update.  Instantly, my particular problem became apparent: 407 Proxy Authentication Required.  This happens when using an authenticated HTTP proxy for connecting to the Internet.  This is strange as I have Internet access.

Well it turns out this is a quirk for my setup, where I'm running a lab with a proxy server in (Squid).  But I had this machine configured to use the DNS search suffix to include the domain that the proxy WPAD file is on.  So when Windows does a search for a WPAD configuration host, it adds on the DNS suffixes it has configured and pulled down the configuration from that server.

How you work around this depends on your particular setup.  The easiest way is to remove the DNS suffixes, but this is likely to cause longer term problems if you have this setup in the first place.  Another option would be to intercept/override the WPAD request to a config that points the system directly to the Internet.

Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.