I have number of Windows 8 joined to a domain that also has a WSUS (Windows Server Update Services) to manage all internal Windows updates. All ran well except for one thing, none of these Windows 8 machines were able to run Windows Updates. They were all getting the same message with an error code 800B0001.
Since the update went through fine if I go with the option “check online for updates from Windows Update“, I felt that the problem should reside on the server side instead of on these Windows 8 machines. Turns out, it failed because Windows 8 uses a new version of Windows update agent that’s not supported by WSUS 3.0 SP2. It requires a special update (KB2734608) that lets WSUS server to provide the updates to computers that are running Windows 8 or Windows Server 2012.
Download the update (about 30MB) and install it on WSUS. It doesn’t require a reboot but to be safe, reboot the server if possible. Once it’s all set, run the Windows updates again on these Windows 8 computers. In my case, it all went well after the update.
If for some reason it still doesn’t fix your problem, you can try the following Group Policy to bypass WSUS when it comes to Windows Update.
Run gpedit on a command prompt window, navigate down to
Computer Configuration / Administrative Templates / System
Double-click “Specify settings for optional component installation and component repair“, click Enable radio, and check the option “Contact Windows Update directly to download repair content instead of Windows Server Update Services (WSUS)”
Click OK to save all settings. Next time when you run Windows Update, it will bypass internal WSUS server and go talk to Microsoft Update directly.
During the troubleshooting and research to fix this specific problem, I came across a few other things that I thought it would be good to share at the same time.
If Windows Updates are not through WSUS or still failed even with the option “Check online for updates from Windows Update”, that’s probably because Windows Update service is having difficulty determining the cryptography service provider on your computer or simply a file required by Windows Update is corrupted.
First, run the command sfc to quickly repair any corrupted Windows system files, if any.
If it didn’t resolve the problem, try these following commands to repair the cryptography store.
net stop wuauserv
rd /s %SystemRoot%\SoftwareDistribution
net start wuauserv
net stop cryptsvc
rename catroot2 catroot2.old
net start cryptsvc
dism /online /cleanup-image /restorehealth
It may take a little while to finish. Once it’s done, head over to Windows Update and run the update again.