1. Verify System Date and Time
- Right-click the taskbar clock β Adjust date/time.
- Enable Set time automatically and Set time zone automatically.
- Sync with internet time servers and retry Windows Update.
2. Update Root Certificates
- Press Win + R, type certmgr.msc, and press Enter.
- Check Trusted Root Certification Authorities.
- Update missing ones via Windows Update or download the Root Certificate Update package from Microsoft.
3. Clear Windows Update Components
- Open Command Prompt (Admin) and run:
net stop wuauserv
net stop bits
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start bits
- Retry the update afterwards.
4. Disable Proxy or VPN Temporarily
- Go to Settings β Network & Internet β Proxy.
- Turn off Use a proxy server.
- Disconnect VPN services before running updates.
5. Reset Internet Explorer/Edge Security Settings
- Open Internet Options from Control Panel.
- Go to Advanced β Reset settings.
- Ensure Use TLS 1.2 is checked under Security.
6. Temporarily Disable Security Software
- Disable third-party antivirus or firewall temporarily.
- Retry Windows Update.
- Re-enable protection after installation.
7. Run System File Checker (SFC) and DISM
- Open Command Prompt (Admin) and run:
sfc /scannow
DISM /Online /Cleanup-Image /RestoreHealth
- This repairs corrupted system files that may interfere with Windows Update.
8. Flush DNS and Reset Network Settings
- Open Command Prompt (Admin) and run:
ipconfig /flushdns
netsh winsock reset
netsh int ip reset
- Restart your PC and try Windows Update again.
9. Use Windows Update Assistant
- Download the Windows Update Assistant from Microsoft.
- Run the tool to bypass certificate-related errors and install updates.