Log Name: Microsoft-Windows-WindowsUpdateClient/OperationalThere was another variation of this error with a different error code as well.
Date: 1/4/2017 1:45:54 PM
Event ID: 25
Task Category: Windows Update Agent
Keywords: Failure,Check for Updates
Windows Update failed to check for updates with error 0x800B0101.
Windows Update failed to check for updates with error 0x80248014.
Of course I Googled the crap out of these errors, and everything pointed to the time being off on by system. I checked the date and time on both the system I was trying to update, and the WSUS server and they both looked correct. I ran "w32tm /resync" on both of them to resync the time with our NTP servers, but that didn't change anything either. I applied any missing patches on my WSUS server, including a few that were supposedly related to patching Windows 10/Windows2016, and it still failed.
Looking at the WindowsUpdate.log file, there was finally a hint at the truth.
2017/01/04 12:27:37.6720022 1136 388 WebServices Auto proxy settings for this web service call.That's right, the certificate was expired on my WSUS server. It had nothing to do the date or time on my Windows Update client, or the WSUS server. I renewed the certificate that was configured in the IIS bindings on my WSUS server and everything was happy again!
2017/01/04 12:27:37.7919013 1136 388 WebServices WS error: There was an error communicating with the endpoint at 'https://WSUS-SERVER.DDOMAIN.LOCAL:8531/ClientWebService/client.asmx'.
2017/01/04 12:27:37.7919026 1136 388 WebServices WS error: There was an error sending the HTTP request.
2017/01/04 12:27:37.7919045 1136 388 WebServices WS error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
2017/01/04 12:27:37.7921406 1136 388 WebServices WS error: The date in the certificate is invalid or has expired
2017/01/04 12:27:37.7921478 1136 388 WebServices Web service call failed with hr = 800b0101.