1. Check Internet Connection
A stable network is essential for Windows Update.
- Ensure your PC is connected to a reliable internet network.
- Restart your router or modem.
- Disable temporary VPN connections if active.
2. Verify Date and Time Settings
- Go to Settings - Time & Language - Date & Time.
- Enable Set time automatically and Set time zone automatically.
- Restart your PC and retry Windows Update.
3. Enable TLS 1.2 and TLS 1.3 Protocols
Older TLS versions can block secure connections.
- Press Win + R, type inetcpl.cpl, and press Enter.
- In the Advanced tab - scroll to Security.
- Enable:
- Use TLS 1.1
- Use TLS 1.2
- Use TLS 1.3 (if available)
- Click Apply - OK, then restart your PC.
4. Update Root Certificates
Expired or missing certificates may block server validation.
- Open PowerShell (Admin) and execute:
certutil -generateSSTFromWU RootCAs.sst
certutil -addstore -f Root RootCAs.sst
- This refreshes the trusted root certificates required for secure connections.
5. Reset Cryptographic Services and Cache
- Open Command Prompt (Admin) and run:
net stop cryptsvc
ren %systemroot%\System32\catroot2 catroot2.old
net start cryptsvc
- Restart your computer and retry the update.
6. Reset WinHTTP Proxy Settings
- Open Command Prompt (Admin) and type:
netsh winhttp reset proxy
netsh winsock reset
ipconfig /flushdns
- Restart your system and try updates again.
7. Check Firewall and Antivirus Settings
Security software may block HTTPS connections.
- Temporarily disable the third-party firewall or antivirus.
- Retry Windows Update and re-enable security afterward.
8. Use Windows Update Troubleshooter
Built-in troubleshooting can automatically detect and fix network or SSL issues.
- Go to Settings - System - Troubleshoot - Other troubleshooters.
- Run Windows Update Troubleshooter.
- Apply suggested fixes and restart your PC.
9. Manually Install Updates
If automatic updates fail:
- Visit the Microsoft Update Catalog.
- Search for the KB number of the failed update.
- Download and install manually.