October 1, 2016

Is this why #WannaCry manged to spread?

Is this why #WannaCry manged to spread?

Windows 7? Windows Update not working? Here’s the fix…

I originally posted this story in October 2016, after realising that Windows 7 was fundamentally broken when trying to use Windows Update.

Given the recent outbreak of #WannaCry, affecting largely Windows 7 clients, I can’t help wondering whether lots of machines have failed to update because of this problem.

If your Windows 7 machine is failing to update, please see the article below.


We recently migrated pretty much all of our users to Windows 10, mainly because our new hardware doesn’t have any Windows 7 drivers, thanks Intel.

As with all deployments, every now and then there is the need to make an exception, and this week such an exception occurred, so we found ourselves installing Windows 7 Enterprise.

  • Windows 7 Drivers? ✅
  • Windows 7 Media? ✅
  • Downloading the latest updates? ❌

It’s only after you’ve wasted an hour of your day waiting for Windows Updates to begin downloading that you start to suspect something may be wrong, such are the historically low expectations when it comes to updating Windows 7. But after a time watching the “Checking for updates” bar, the CPU sitting at a steady 25% and absolutely no change to the WindowsUpdate.log, you realise that something’s not right.

We tried everything to get it working. We manually updated to the latest version of the Windows Update agent, then we deployed the system update readiness tool, and finally the Windows 7 April 2016 update roll up and rebooted in the hope it would contain a magic patch.

Nothing. Nada. Zero. Zilch.

Frustrated but not giving up, we rebuilt a different machine from scratch to establish if perhaps the drivers or even the laptop we were using were at fault, but alas, exactly the same issue occurred.

There have been a number of issues with Windows Update ever since Microsoft released Windows 10. My understanding is that the mechanism changed quite significantly on the back end, and that Windows 7 required updating to work with the newer system. If you search for this problem, it’s obvious the issue is widespread.

The problem is, once you’ve just installed a seven year old operating system using the ‘latest ISO’ there is very little chance of you being able to find the exact update you need to get the rest, so you end up stuck in an updating loop.

But there is salvation, because Microsoft offer free premier support for issues relating to Windows Update.

That’s right. If your PC is broken and Windows Update caused the issue, they will fix it free of charge. Similarly, if Windows Update itself is failing, Microsoft will investigate and rectify it for you. So after many wasted hours, that’s what we did…

There are two distinct pathways here. You likely arrived at this post because either you are:

  • Having problems with an existing W7 install that no longer updates.
  • Deploying Windows 7 from scratch, and have a Windows 7 ISO with SP1 that fails to update once installed.

Whichever it is, I’m posting the full instructions from Microsoft for both solutions, but the former involves extra steps.

I’ll break the procedures into two below, but if you’re installing Windows 7 fresh, please skip to the CLEAN INSTALL section. It’s much shorter.

Here goes…


Fixing Windows Update — Windows 7 (Broken Existing Install)

  1. Go to the Services control panel (services.msc)
  2. Start/Restart Background Intelligent Transfer Service (BITS).
  3. Ensure the BITS service startup is set to Automatic.
  4. Start/Restart the Windows Update service.
  5. Ensure the Windows Update service startup is set to Automatic.
  6. Start/Restart the Cryptographic service.
  7. Open a command prompt, ensuring you run it as an administrator.
  8. Issue the command “netsh winsock reset”
  9. Restart the computer in Safe Mode + Networking

10. Download ResetWUEng.zip and unzip the folder/contents.

11. Run the launcher batch file, executing options 2 & 3 to reset Windows Update and rename the SoftwareDistribution folder, among many other things.

12. Once complete, reboot back out of Safe Mode.

13. Set the Windows Update service startup to Manual, and stop the service.

14. Install update 3135445 and reboot if prompted.

15. Install update 3102810 and reboot if prompted.

16. Install update 3138612 and reboot if prompted.

NOTE: If you aren’t required to reboot, installation of the updates above may cause the Windows Update service to start. I would recommend you stop it again after each update is installed, otherwise you may find the subsequent updates install much more slowly.

17. Set the Windows Update service to Automatic and start the service.

18. Check for updates, and watch them download (a 10–15 minute detection time is normal if you have lots of outstanding updates).


Fixing Windows Update — Windows 7 (Clean Install)

If you have just reinstalled Windows 7 from scratch, this process should be much simpler.

1. Set the Windows Update service startup type to Manual.

2. Install update 3135445 and reboot if prompted.

NOTE: If you aren’t required to reboot, installation of the update above (and below) may cause the Windows Update service to start. I would recommend you stop it again after each update is installed, otherwise you may find the subsequent updates install much more slowly.

3. Install update 3102810 and reboot if prompted.

4. Install update 3138612 and reboot if prompted.

5. Check for updates and watch them download (a 10–15 minute detection time is normal when you have lots of outstanding updates).


I hope this helps some frustrated admins, if it does, please share! With Windows 7 supported until 2020, I hope it comes in handy for a few people.


Originally published at https://www.linkedin.com on October 1, 2016.