I honestly cannot tell you how much time I have spent fixing a broken WSUS server, but it is way more than I should ever have to. About twice a year, I realize that either it can’t hand out updates, or clients stop reporting, or some other stupid issue that seemingly starts out of no where. In theory, WSUS is a great product for managing Windows updates on clients, but I am sorry to say it really does suck as it constantly breaks for no reason at all. If you disagree you are a chump and a liar (JK).
Recently, I realized about a quarter of my clients stopped reporting to the server and also could not install updates. In the console, I saw that they were able to contact the server, but could not report their status. Great. Upon some further troubleshoot, many were throwing the error “* WARNING: Failed to synchronize, error = 0x8024400D” in the WindowsUpdate log. I knew I had come across this problem before, but for the life of me could not remember what the hell the fix was. So, I took to Google to try and research it.
I quickly found a forum about this issue here that triggered my memory. Decline superseded updates on WSUS and all will be holy again. Something to do with having a lot of updates on your server causes this to happen.
Having no patience for trying to figure out to do this in PowerShell myself, I found a nice little script to do it for me here. Perfect. I ran it on my WSUS server (it found and declined thousands of updates) and logged into a client to see it could find them now:
Boom. Case closed. So to prevent this from happening again I configured a scheduled task to do this every month to keep WSUS clean. Hopefully this will help!