Solved Windows 11 updates won't download attempted disabling router settings.

[DJones]

Looking for suggestions as to why windows 11 updates won't download. Stuck at 0% an ongoing issue I’ve had for a year.

What I know works, any VPN will allow the download to work. Also manually updating from catalogue works.

What I've tried:

Cycling windows updates. Also restarted services and via cmd prompt.

Disable Norton Antivirus firewall (even though I can download when enabled with a VPN)
Disable Skynet
Disable Diversion
Disable Network Filter List
Disable Ai Protection
DNS server normally cloudflare with DNS-over TLS, Disable TLS, Set DNS provider to automatic by ISP.
Disable DNS rebind protection
Disable DNSSEC support
Prevent client auto DoH No
UPnP normally off and set to No.
Enable Firewall is YES (don't think I need to change that)
Enable DoS protection is YES (don't think I need to change that)
Disable DNS Director
NTP server time.cloudflare.com

*I do use hyper-v just uses basic default switch. No VLANS on this computer. That system on vm uses windows 10 also and updates fine.
*Jumbo packets used on Ethernet 9014, which shouldn't effect anything as its setup correctly. Still can't download even via Wifi which is MTU 1500 by default on Asus routers.
*My friend can't do windows 11 updates either and has a asus router no idea if this is the same issue, but his is a stock asus router.
*Attempted windows update troubleshooter
*Attempted sfc /scannow - fine
*Attempted chkdsk - fine
*Attempted DISM - fine
*Internet is fibre over pppoe MTU 1492
*Router Merlin Current Version : 3004.388.5
*Router GT-AX11000 - This computer isn't on my mesh node
*Windows updates work on other physical computer which is windows 10
*Delivery Optimizations disabled does not download from other computers on internet or lan.
*Deleted windows update cache didn’t help.

Banging my head against a wall trying to figure this one out. I think I've isolated that it's not the router, doubt it would be my ISP. Windows forums are like getting computer suggestions from my grandmother. What I would like to know is this happening to others on Asus routers? Seems to me that it’s isolated to windows 11, I’ve refreshed the computer before same issue.

*Motherboard is a crosshair viii hero wifi
*Ethernet Network card is a Asus XG-C100C 10G
*Wifi is built in to motherboard. Uses AX testing wifi adapter I unplug Ethernet so it doesn’t default to Ethernet.
*Motherboard also has a gigabit and 2.5 gigabit ethernet port built in tried those same issue.
*This computer connects to a 10G unmanaged switch then goes to 2.5G into the GT-AX11000, 10G is simply lan side for NAS/File transfer purpose.

 

[Viktor Jaep]

Looking for suggestions as to why windows 11 updates won't download. Stuck at 0% an ongoing issue I’ve had for a year.

What I know works, any VPN will allow the download to work. Also manually updating from catalogue works.

What I've tried:

Cycling windows updates. Also restarted services and via cmd prompt.

Disable Norton Antivirus firewall (even though I can download when enabled with a VPN)
Disable Skynet
Disable Diversion
Disable Network Filter List
Disable Ai Protection
DNS server normally cloudflare with DNS-over TLS, Disable TLS, Set DNS provider to automatic by ISP.
Disable DNS rebind protection
Disable DNSSEC support
Prevent client auto DoH No
UPnP normally off and set to No.
Enable Firewall is YES (don't think I need to change that)
Enable DoS protection is YES (don't think I need to change that)
Disable DNS Director
NTP server time.cloudflare.com

*I do use hyper-v just uses basic default switch. No VLANS on this computer. That system on vm uses windows 10 also and updates fine.
*Jumbo packets used on Ethernet 9014, which shouldn't effect anything as its setup correctly. Still can't download even via Wifi which is MTU 1500 by default on Asus routers.
*My friend can't do windows 11 updates either and has a asus router no idea if this is the same issue, but his is a stock asus router.
*Attempted windows update troubleshooter
*Attempted sfc /scannow - fine
*Attempted chkdsk - fine
*Attempted DISM - fine
*Internet is fibre over pppoe MTU 1492
*Router Merlin Current Version : 3004.388.5
*Router GT-AX11000 - This computer isn't on my mesh node
*Windows updates work on other physical computer which is windows 10
*Delivery Optimizations disabled does not download from other computers on internet or lan.
*Deleted windows update cache didn’t help.

Banging my head against a wall trying to figure this one out. I think I've isolated that it's not the router, doubt it would be my ISP. Windows forums are like getting computer suggestions from my grandmother. What I would like to know is this happening to others on Asus routers? Seems to me that it’s isolated to windows 11, I’ve refreshed the computer before same issue.

*Motherboard is a crosshair viii hero wifi
*Ethernet Network card is a Asus XG-C100C 10G
*Wifi is built in to motherboard. Uses AX testing wifi adapter I unplug Ethernet so it doesn’t default to Ethernet.
*Motherboard also has a gigabit and 2.5 gigabit ethernet port built in tried those same issue.
*This computer connects to a 10G unmanaged switch then goes to 2.5G into the GT-AX11000, 10G is simply lan side for NAS/File transfer purpose.

So downloading over VPN will bypass whatever is in place, and works for you. Hum.

Have you tried plugging your Windows 11 device directly into your modem, and bypassing your router? See what the results are there?

Have you tried resetting your router from scratch, and just going with defaults initially?

Do you get any Windows error codes back from failed Windows Update attempts?

Do you see anything in the router's syslog pertaining to any traffic or blocking attempts made by your device when this happens?

 

[DJones]

So downloading over VPN will bypass whatever is in place, and works for you. Hum.

Have you tried plugging your Windows 11 device directly into your modem, and bypassing your router? See what the results are there?

Have you tried resetting your router from scratch, and just going with defaults initially?

Do you get any Windows error codes back from failed Windows Update attempts?

Do you see anything in the router's syslog pertaining to any traffic or blocking attempts made by your device when this happens?

Since it's a fibre modem/router I haven't attempted to plug it in directly, but will attempt this later today. The location is somewhat difficult since the ISP router is located in the basement, and can't be moved and the GT-AX11000 router is located in a different room then the computer. I have a Ethernet coupler somewhere so I'll look for that so I can direct the WAN cable to the LAN cable of my computer and bypass my switch. Bit of a job.

No error that I can see in windows update or event viewer. Task manager shows the Ethernet has no activity.

Nothing in syslog except this computer logging into SSH via putty.

Only thing blocked by skynet from this computer is telemetry from google https://otx.alienvault.com/indicator/ip/34.120.208.123

Only thing that Norton firewall seems to block is EPMAP

Will attempt to factory reset my router as a last resort. Will attempt to directly plug it into the modem first.

Edit: Attempted a cellular hotspot from my phone to my computer which at least according to task manager shows it's not downloading anything after cycling updates. So I think that rules out the router or my internet connection at least on a basic level. God I hate windows.

 

[Viktor Jaep]

Since it's a fibre modem/router I haven't attempted to plug it in directly, but will attempt this later today. The location is somewhat difficult since the ISP router is located in the basement, and can't be moved and the GT-AX11000 router is located in a different room then the computer. I have a Ethernet coupler somewhere so I'll look for that so I can direct the WAN cable to the LAN cable of my computer and bypass my switch. Bit of a job.

No error that I can see in windows update or event viewer. Task manager shows the Ethernet has no activity.

Nothing in syslog except this computer logging into SSH via putty.

Only thing blocked by skynet from this computer is telemetry from google https://otx.alienvault.com/indicator/ip/34.120.208.123

Only thing that Norton firewall seems to block is EPMAP

Will attempt to factory reset my router as a last resort. Will attempt to directly plug it into the modem first.

Edit: Attempted a cellular hotspot from my phone to my computer which at least according to task manager shows it's not downloading anything after cycling updates. So I think that rules out the router or my internet connection at least on a basic level. God I hate windows.

Yeah, plugging it directly into your modem would be my first try at eliminating the router and your ISP at the same time. If it's not that, then it's got to be your PC (or something running on there).

Have you ever tried resetting the ip stack/winsock? This resets your network connections settings back to defaults, and helps clear up the toughest issues at times... from a cmd prompt, run both these commands:

netsh winsock reset
netsh int ip reset

I have literally never seen Windows Update not work...

 

[DJones]

reset winsock and int ip & restarted computer & plugged in directly and signed in directly using pppoe & reset windows update cache. no luck :/

Can't apparently use a vpn on a direct pppoe connection because my vpn considers pppoe as a vpn. :/

But of course when not direct connected and using vpn it works. :/ I have a work around just wish I knew why it doesn't work on my network and cellular network apparently.

Something makes me think this is a issue with dns or windows region locking updates, like my vpn is connected to the US, but I'm in Canada? I know my isp hosts it's own dns, but I think it uses cloudflare. I use cloudflare directly bypassing my isp dns server on my network as I use TLS. My cellular provider just lists my dns as my carrier so I don't know what backend DNS they use.

 

[Viktor Jaep]

reset winsock and int ip & restarted computer & plugged in directly and signed in directly using pppoe & reset windows update cache. no luck :/

Can't apparently use a vpn on a direct pppoe connection because my vpn considers pppoe as a vpn. :/

But of course when not direct connected and using vpn it works. :/ I have a work around just wish I knew why it doesn't work on my network and cellular network apparently.

Something makes me think this is a issue with dns or windows region locking updates, like my vpn is connected to the US, but I'm in Canada? I know my isp hosts it's own dns, but I think it uses cloudflare. I use cloudflare directly bypassing my isp dns server on my network as I use TLS. My cellular provider just lists my dns as my carrier so I don't know what backend DNS they use.

View attachment 54885

View attachment 54884

Definitely a rough one to troubleshoot... One other suggestion... have you had any luck looking through your Windows Event Log, and seeing if there's anything specific to the reason Windows update is giving you issues there?

Also, you mentioned before that another person wasn't able to use Windows Update while on your network? Or was that on his own network? Do you two have the same ISP?

Do you have another Windows device you can use to see if Windows Updates works on that, plugged in directly to the modem?

 

[DJones]

Definitely a rough one to troubleshoot... One other suggestion... have you had any luck looking through your Windows Event Log, and seeing if there's anything specific to the reason Windows update is giving you issues there?

Also, you mentioned before that another person wasn't able to use Windows Update while on your network? Or was that on his own network? Do you two have the same ISP?

Do you have another Windows device you can use to see if Windows Updates works on that, plugged in directly to the modem?

His computer is windows 11, with a stock Asus router with dns to cloudflare, and on a different ISP / network. Also in Canada. Same issue vpn works his network does not. So a few similarities.

Since my updates have finished on my computer using a vpn can’t troubleshoot it further for now least on this device.

I have a windows 11 laptop which hasn’t been on in probably half a year so will check it. My 2 other computers and vm’s are windows 10. The physical computers never updated them to windows 11 as they are older and don’t have a tpm / secure boot.

And no nothing that would lead me anywhere in event log. Like everything is working just something down the line must be blocking. The ISP modem has an interface technically, but the isp removes user control of it once it’s plugged into the the fibre line. I’ve messed around with it a bit in the past factory resetting it and logging into the hidden support account, but as soon as it’s plugged into fibre I lose access as it updates. So maybe there is a firewall on it enabled, but I wouldn’t know.

 

[Viktor Jaep]

His computer is windows 11, with a stock Asus router with dns to cloudflare, and on a different ISP / network. Also in Canada. Same issue vpn works his network does not. So a few similarities.

Since my updates have finished on my computer using a vpn can’t troubleshoot it further for now least on this device.

I have a windows 11 laptop which hasn’t been on in probably half a year so will check it. My 2 other computers and vm’s are windows 10. The physical computers never updated them to windows 11 as they are older and don’t have a tpm / secure boot.

We have quite a few people in this forum from Canada... you'd think if this was a common problem, it would have come up in the past.

Have you tried using a different DNS provider on your router? Perhaps like Quad9? Perhaps enabling DoT in the process?

Also... not sure if this will ever be helpful, but here's a list of hostnames used by windowsupdate incase any whitelisting ever needs to happen?

What are the IP ranges for Microsofty Windows update? - Microsoft Q&A

What are the IP Ranges for microsoft windows update? I know microsoft list the url to be allowed in the firewall for windows update for the wsus but the current firewall does not support url filtering. So IP Addresses are needed.

learn.microsoft.com

 

[DJones]

Thanks. I’ll whitelist those domains either way. But seems the laptop does it’s updates so seems device specific. At this point just going to factory reset my main computer and download a fresh copy from the cloud instead of refreshing it. I haven’t the faintest idea what could be blocking updates on it specifically. If windows would allow updates in safe mode I could at least narrow it down to an application or driver.

Seem just too much of a hassle to cherry pick the cause so I guess it’s time to nuke it. I’ll wait awhile to see if the whitelisting does anything. Thanks for the help @Viktor Jaep

 

[Morris]

As another computer on your network can update without issue, the one that can't be updated has the issue. Verify your time and date. If they are correct the fastest solution is to backup your files, format and reinstall. That's a shame

 

[DJones]

As another computer on your network can update without issue, the one that can't be updated has the issue. Verify your time and date. If they are correct the fastest solution is to backup your files, format and reinstall. That's a shame

Yeah time and date are correct. I even have the time polling every 15 mins to keep ntp from slipping. Unfortunately will end up restoring thankfully everything is already backed up so reinstalling everything takes maybe a half hour plus installing all my programs. Was just hoping I wouldn’t need to.

 

[Keenan]

Have you tried deleting the Windows update cache file and then trying the update again? C:\Windows\SoftwareDistribution\Download

 

[DJones]

Have you tried deleting the Windows update cache file and then trying the update again? C:\Windows\SoftwareDistribution\Download

Yep many times.

 

[Keenan]

Yep many times.

Have you tried it in Safe Mode?

I see where you note that it's not possible.

 

[DJones]

Fixed. Found that by going to beta windows insider build it corrected the download issue. I've set it to unenroll on the next windows build release.

Alternatively if anyone else has this issue they can also download windows updates from powershell, which seemed to work also.

 

[DJones]

Wow, sounds like you've been through the wringer trying to sort out those Windows 11 update issues. It's frustrating when troubleshooting feels like hitting a brick wall, especially with such a laundry list of attempted fixes.

I put together a small power shell script and shortcut that automatically downloads and installs updates and restarts my computer it’s actually more efficient than using windows update from settings. Well both methods work now I had tested it when windows updates weren’t working and it worked flawlessly. So the problem was definitely something to do with my build of windows and the standard updates method.

 

[sfx2000]

Not sure if this is present for Win11 - but I have had issues with "Delivery Optimization" feature in Windows Update, esp for machines that are used intermittently...

Delivery Optimization is on by default, and it allows one machine to locally source updates from adjacent computers on the same network.

In a mixed Win10/Win11 environment, I could see this being a potential issue...

 

[DJones]

Not sure if this is present for Win11 - but I have had issues with "Delivery Optimization" feature in Windows Update, esp for machines that are used intermittently...

Delivery Optimization is on by default, and it allows one machine to locally source updates from adjacent computers on the same network.

In a mixed Win10/Win11 environment, I could see this being a potential issue...

That did occur to me. I've since disabled it on my machines.

 

[DJones]

Here's the quick ps script if anyone wants to recreate it.


Windows 10/11 pro only.

=======

Script contains:

Import-Module PSWindowsUpdate; Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -AutoReboot

Script is saved as a .ps1 extension.

Create a shortcut from this file and change the icon if you wish.

======

Create a folder Windows Update PS on C: drive with script inside. Script can be created in notepad and saved as a .ps1 extension.

Open powershell v1 in administrator and copy and paste the following one by one.

Install-Module -Name PSWindowsUpdate -Force

Get-Package -Name PSWindowsUpdate

Install-WindowsUpdate

======

Open GroupPolicyEditor and go to ComputerConfiguration, then go to Administrative Template then WindowsComponents then WindowsPowerShell.
Click TurnOnScriptExtecution; Enable; and from the drop down Execution Policy; Allow local scripts and remote signed scripts. Exit grouppolicyeditor

Take the "Windows-Update - Shortcut" and copy it to your desktop. Take note the Windows Update PS folder must be located directly on C: if your following these steps exactly.

Double click on the Windows-Update Shortcut it will ask for Administrative Privilege click yes and it will run. If you see nothing happen and it goes straight to "PS C:\WINDOWS\system32>" then their was no updates. If updates are available it will download and install and reboot if necessary.

Troubleshooting:

If the Windows-Update - Shortcut does not ask for administrative privilege right click on the shortcut go to properties advanced, run as administrator.

Setup to work with original powershell. If you would like the newer powershell v7 you get it from here. ' Install the latest powerShell for new features and improvements! https://aka.ms/PSWindows ' this will require modifying the scripts shortcut target to point powershell to the newer version or changing the .ps1 extension type. "C:\Program Files\PowerShell\7\pwsh.exe" -WorkingDirectory ~