We were seeing Windows Update error 80345006 on several Windows Server 2012 R2 servers and none of the fixes I found helped. ESET Server AV was on each of these servers but I had already temporarily disabled protection but with no effect.
Later, we had decided to uninstall ESET AV just to see if that helped. But first we tried manually turning off options and the
-
first one we tried resolved the problem!
ESET >> Settings >> Advanced Settings >> WEB & EMAIL >> Disable Application protocol content filtering under PROTOCOL FILTERING
This apparently disables all of Web Access protection and Anti-Phishing protection. Once this single option was disabled, Windows Update begin working again normally.
We made an incorrect assumption that using the ESET option to temporarily disable protection would have disabled ALL protection but this was not the case. Will try to update this post again once we hear back from ESET about this. Perhaps this is common knowledge but was not for our team. Hope this helps someone else with this problem.
Same problem, same solution.
Have you had a return from Eset ?
Thanks !
Hi David – Thanks for reply and glad it helped. Yes I did hear back from ESET and their response follows below. I have not yet tried this but will later in January.
Thank you for your reply and for uploading the requested logs.
Windows Update servers use a non-standard certificate for communication. According to the exported settings, SSL-Filtering is being done on the servers via the ESET File Security software. This could be blocking communication to the desired server in this case.
To correct this, please either disable SSL/TLS protcol filtering. Or please change the SSL/TLS protocol filtering mode to “Interactive Mode”, then click “OK” to effect the change. Please run Windows Updates and you can then permit the problematic certificate. Once this is done, you can change the SSL/TLS protocol filtering mode back to “Automatic Mode”.
In the command window you need to type following commands, one by one and hit enter button from your keyboard each time to execute the command.
net stop wuauserv
cd %systemroot%\SoftwareDistribution
ren Download Download.old
regsvr32 %windir%\system32\wups2.dll
net start wuauserv
NET START BITS
NET START WUAUSERV
SC QUERYEX BITS
SC QUERYEX WUAUSERV
Check the Error is fixed if it’s not then going the next method.
https://www.errorsolutions.tech/error/windows-update-error/
Solution 2. Run DISM command with sfc /scannow command
This definitely seems to be a good solution if your Windows update cache has been corrupted. In our case it did turn out that the ESET antivirus was blocking TLS due to a problem with the certificate. Bye disabling TLS checking in ESET Windows update started working again.