Have you ever been sitting at home, been working on your laptop and suddenly discover through a message emanating from your Systray that, "Hey – you’ve got patches to install." Or maybe you were watching the Premier broadcasts over Exchange about patches being released and decided, "Hmmm. I guess I should patch my machine too."
So you went to Control Panel –> Windows Update and attempted to install the updates, only to find it return with as unfriendly and ambiguous red error message saying that your machine couldn’t be updated. In fact, nothing you do allows you to install Updates/Patches through Windows Update OR download any of the Windows Vista Ultimate Extras.
Whhhhaaaa? What’s wrong with my machine?
Nothing’s wrong with your machine. Windows Vista’s error messages here are just weak sauce.
WINDOWS IS TRYING TO CONNECT TO AN INTRANET SERVER
What’s happened is that via Group Policy, your workstation was redirected to obtain its Windows Update patches from a Microsoft-Internal installation of Windows Update Services instead of the publicly available UPDATE.MICROSOFT.COM servers. And since you weren’t VPN’ed in, it was unable to contact the internal SUS server and thus, your patch download/installation failed. (Heaven forbid Windows Update actually tell you any of this information in its error message.)
HOW TO RESET YOUR MACHINE TO USE THE EXTERNAL WINDOWS UPDATE SERVERS
So, if you want to undo those changes so that you can install said patches, you can override the Group Policy set registry redirection of Windows Update by running as administrator and running the .REG file from this link. (http://www.evilkoala.org/Documents/FixWindowsUpdate.zip) Don’t worry – the next time you boot up on your corporate Intranet, your machine will have the Group Policy settings for the Internal SUS server re-tattooed onto your box.
For the curious, (or the paranoid that don’t want to download the .REG file) here’s the content of the REG file in text form:
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionGroup Policy ObjectsLocalUserSoftwareMicrosoftWindowsCurrentVersionPoliciesWindowsUpdateDisableWindowsUpdateAccess]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoWindowsUpdate"=dword:00000000[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoWindowsUpdate"=dword:00000000[HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateAU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000000[-HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdate]
[-HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWindowsUpdate]
[-HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoDevMgrUpdate"=dword:00000000[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain]
"NoUpdateCheck"=dword:00000000[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWindowsUpdate]
"DisableWindowsUpdateAccess"=dword:00000000[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
"NoWindowsUpdate"=dword:00000000
Kurt Shintaku's Blog 