WSUS and issues pushing Win 10 1703 Update and Win 7 Upgrades

I am in the process of testing roll outs of Windows 7 to Windows 10 upgrades using WSUS, as well as rolling out the creators update to our Windows 10 machines. I am testing with three machines - a Dell Desktop running Windows 7 Pro, a VirtualBox VM running Windows 7 Pro and a Dell XPS Running Windows 10 Pro build. The WSUS Server is running on a Sever 2012 R2 machine. The Windows 10 XPS has bitlocker with a TPM enabled, while the Windows 7 machines do not.

The machines are in a test WSUS group for the Windows 10 upgrades. If I do a search for upgrades, the Windows 7 machines show in the WindowsUpdate.log that the download starts then fails shortly after. The Update History setting in Windows Update show the Status of the update as "Failed" but installed.

WSUS log says: "Windows failed to install the following update with error 0x80240020: Windows 7 and 8.1 upgrade to Windows 10 Pro, version 1703, en-us."

2017-05-09  11:41:58:028     804    358 Report  REPORT EVENT: {07B79E9B-0A6D-4D08-AA68-38179A2C566C}    2017-05-09 11:41:50:707+0100    1   182 101 {081B357C-B9A3-497C-8E8C-206E1D723B29}  201 80240020    AutomaticUpdates    Failure Content Install Installation Failure: Windows failed to install the following update with error 0x80240020: Windows 7 and 8.1 upgrade to Windows 10 Pro, version 1703, en-us.

The Windows 10 machine shows that the update is avalible, but stays on 0% downloaded. There is no network activity on the LAN cable, and TCPView does not show anything being downloaded.

What I have tried so far:

• Check that the KB3159706 for decryption of ESD content is installed
• Checked that the prerequsites for KB3095113 are all installed
• Checked that the KB3095113 for WSUS support for Windows 10 feature upgrades.
• Set the MIME type on the IIS Server for the .esd file (which the above update should have sorted).
• Removed the Windows Update cache from the machines, stopped the BITS/Windows Update services and restarted.
• Restarted IIS Website
• Rebooted WSUS server
• Checked Windows Firewall status (disabled on Server)
• Asked the Windows 10 machine to get updates from Windows Updates rather than WSUS (this appeared to download and install OK) so this makes me think it's an issue with our WSUS server.

Update 24th May: I have built another WSUS server and the same issue is happening with it as well - clients are showing at "Downloading 0%". I've upgraded machines fine when checking direct from Windows Update, so I'm really not sure of the issue now.

I had a similar problem here and found a solution to mine today. But I was not upgrading from Windows 7 to Windows 10, only from Windows 10 1607 to 1703. It might help you or not. I'm not sure.

If the 1703 upgrade is synced into WSUS before KB3159706 was installed, then after performing the necessary update of KB3159706 and its post-installing servicing (link), we still need to follow the instructions here:

https://social.technet.microsoft.com/Forums/en-US/b1165b9d-bad3-4ce3-9fc1-0fe3876df5c6/0xc1800118-with-1506301703171834rs2esd-after-kb3159706-manual-steps-the-decryptionkey-in?forum=winserverwsus

There are basically 4 steps to be performed:

1 - Remove packages synced before KB3159706 is installed. Via WSUS server's powershell:

Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq "Upgrades"} | Set-WsusClassification -Disable
$s = Get-WsusServer
$1703Updates = $s.SearchUpdates("version 1703")
$1703Updates | foreach { $_.Decline() }
$1703Updates | foreach { $s.DeleteUpdate($_.Id.UpdateId) }
Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq "Upgrades"} | Set-WsusClassification

2 - Delete from WSUS databse the bad contents about upgrade 1703, run from database. Mind: remove the trailing semi-colon from the SQL script in the post. They might result in the error of "table variable not declared"

declare @NotNeededFiles table (FileDigest binary(20) UNIQUE)
insert into @NotNeededFiles(FileDigest) (select FileDigest from tbFile where FileName like '%15063%.esd'  except select FileDigest from tbFileForRevision)
delete from tbFileOnServer where FileDigest in (select FileDigest from @NotNeededFiles)
delete from tbFile where FileDigest in (select FileDigest from @NotNeededFiles)`

3 - Restart syncing by WSUS GUI or powershell command, on WSUS server.

$s = Get-WsusServer
$sub = $s.GetSubscription()
$sub.StartSynchronization()

4 - Repair client computers that has the error, on client computer: Control Panel->Troubleshooting->Windows Update->Try troubleshooting as an administrator

During all these activities, no reboot is required. Then, retry and good-luck!