Thursday 25 May 2017

SCCM Software Update Scan Error 0x80240fff on Windows 10 (1511) Clients and more

**Another Update - Even more resource regarding WSUS and cleanups that should be used.
Fixing WSUS - When the Best Defense is a Good Offense

*Update - With all the current WSUS issues I suggest folks also have a look at this new article from Microsoft, we are currently investigating its affects as well.
High CPU/High Memory in WSUS following Update Tuesdays

With the WannaCry crisis currently happening around the world I think everyone is in patching mode.

While working on a client I started picking up weird errors when looking at Scan Reports as well as Deployment Error reports.

We had lots of machines failing mostly 1511. Now that most machines are sorted out we saw 1607 Windows 10 also giving errors.

The first set of errors where related to 1511 which was that 0x80240fff which is discussed in the System Center Dudes post:
SCCM Software Update Scan Error 0x80240fff on Windows 10 Clients
I found another article on Technet related to the error which pointed us in the direction of KB4015219:
April 11, 2017—KB4015219 (OS Build 10586.873)

In the improvement and fixes portion there was a particular line that they mentioned in the Technet post:

  • Addressed issue that might sometimes lead to updates not getting installed on machines due to file corruption.


With this new knowledge we went and downloaded the patches and ran them manually on a few machines. After the reboot the 0x80240fff scan error went away and it installed the May release of patches. We did not decline any updates in WSUS yet as mentioned in the articles above.
So another workaround was to package the updates and use an application to deploy it which also worked. (Reminds me of the Windows 7 update agent issues 2 years ago.)

Our Compliance started to go up nicely but plateaued 2 days later. After more investigation this morning I started seeing the following in the UpdatesDeployment.log file on a bunch of machines:


Endless Google searches did not give anything that would help.I found an article about Application Deployments failing with same error code and one of the comments was to untick the "Delay enforcement of this deployment according to the user preferences, up to the grace period defined in the client settings" as our Client Setting is set to 0 on the Grace period.


So I changed the deployment setting of the update groups, did a policy refresh and deployments evaluation cycle on the machine and the updates installed without any issues.