Windows 8.1 update service error code: 80240438

0

I updated to Win 8.1 recently and I've got this issue.

In windows firewall I block all inbound connections and all outbound connections that do not match a firewall rule. I create a custom firewall rule for windows update, but the update service is still being blocked with error code: 80240438. If I unblock all outbound connections, the update works.

Note, I've used the same rule on windows 7 and windows 8 without any problems, so this issues seems specific to win 8.1. I've installed win 8.1 Enterprise edition. Is there some network/filtering hardening rule that is causing this issue or taking precedence over my update allow rule?

How can I allow windows update access without unblocking all outbound traffic?

Jimmy

Posted 2013-12-31T09:53:24.493

Reputation: 1

If you are blocking all outbound traffic you can't communicate with Microsoft's servers. Seems like there is a solution http://superuser.com/questions/278729/how-can-i-use-windows-firewall-to-only-permit-the-windows-update-service-to-make?rq=1

– Ramhound – 2013-12-31T12:06:18.113

80240438 = ERROR_CANNOT_DETECT_DRIVER_FAILURE (Failure actions can only be set for Win32 services, not for drivers). So the configuration in the registry is damaged. – magicandre1981 – 2013-12-31T16:00:02.940

@Ramhound, I'm blocking all traffic but then creating custom rules to allow only specific apps/services to access the internet. I don't think you understood the question. – Jimmy – 2014-01-01T14:17:55.187

@magicandre1981, I investigated your suggestion further but I couldn't find anything helpful. I've decided to reinstall version 8, I will try 8.1 again on another system when I have more time. – Jimmy – 2014-01-01T14:20:35.217

Answers

1

So far, it will work through the control panel but not through the modern UI. This is with the way we have always done it - svchost.exe and windows update service custom rule. Now you have to allow Svchost.exe through like you would any program (or with all services and packages). This way both control panel and modern UI work. I'm not sure why this is. Someone may be able to narrow it down more, to what services and how many need to be let through with svchost.exe (set up as custom rules) to work. Hope this helps.

matt

Posted 2013-12-31T09:53:24.493

Reputation: 11

0

Windows 8.1 has totally trashed windows firewall. Allowing only certain services dont work anymore.

U have to allow svchost.exe and all the useless traffic generated by this and u get windows update to work(tcp port 80/443 and udp 53(dns) if needed).

trollati

Posted 2013-12-31T09:53:24.493

Reputation: 11

0

As of April 2, 2015, the following outbound firewall rule will fix this problem in windows 8.1:

  • Program: svchost.exe (in C:\Windows\System32)
  • Remote Address: 134.170.0.0 - 134.170.255.255 (Microsoft Servers)
  • Protocol: TCP
  • Remote Port: 443

This problem exists because, evidently, one or more non service dll's are being hosted by svchost.exe, which I consider to be a design flaw in windows 8.1.

Charles Cotton

Posted 2013-12-31T09:53:24.493

Reputation: 1

Asked: 2013-12-31T09:53:24.493

Viewed: 3 091 times

Active: 2015-04-02T16:50:20.463