Windows Update Error Code 80240440 on Hyper-V 2012 R2 VM

Recently I’ve been experimenting with Microsoft’s Hyper-V 2012 R2 in the lab and have discovered a bug with TCP/IP offloading when used in a specific deployment scenario – NAT using RRAS on the Hyper-V host server.

Initially I find this causes trouble with Windows Updates and results in error code 80240440, but it could easily cause bigger problems down the line for virtual machines launched into production.

Before detailing the bug I will briefly detail the Hyper-V 2012 R2 configuration I am using.

The Hardware

Processor (CPU): Intel Core i7-2600 CPU (4-core, 8-thread, 3.40GHz)
Memory (RAM): 16.0GB DDR3
Hard disk: 2 x 3TB Sata-II 7,200 rpm
Raid: None
Network (NIC): Onboard Realtek PCIe Gigabit Ethernet

The Software

Operating System: Microsoft Windows Server 2012 R2 Datacenter
Installed Roles: Hyper-V, IIS, Remote Access
Additional Software: Google Chrome, VeeamONE Free

Setup Overview

The server is hosted on a single 1gbps connection in a datacenter with 1 IPv4 address. All IPv6 is currently link-local only.

The operating system is extremely close to a stock installation. No product key has been entered and it is running in grace period. All Windows Updates available were completed before installation of roles, and I subsequently checked for updates after role installation.

The Hyper-V role was the first added to the server. I removed the out-the-box external network virtual switch to set up a fresh two virtual switches for a NAT networking configuration.

The external network virtual switch was added with options:

  • Allow management operations system to share this network adapter
  • Enable single-root I/O virtualisation (SR-IOV)

The internal network virtual switch was added with options:

  • Allow management operating system to share the network adapter

After this the Remote Access role was added to facilitate VPN and NAT networking.

The NAT network is configured to use the external network adapter as public interface and the internal network adapter as private interface. No ports are forwarded.

RRAS NAT Overview

DNS and DHCP are provided for VMs on the internal network from a Windows 2012 R2 AD DC VM running with only the internal network attached.

Hyper-V Manager showing DCs

All virtual machines are Generation 2 and run Microsoft Windows Server 2012 R2 Datacenter.

The Problem

When attempting to run Windows Updates on any virtual machine connected only to the internal network I receive error code: 80240440.

Windows Update Error Code 80240440

This is similar to error codes 80072EFE and 80072EE2 which basically mean an error with the internet connection stopped the connection to Microsoft servers.

Regardless of how many times I tried again, or rebooted the VM, Windows Update servers simply could not be contacted.

The Bug

This appears to be a problem with the TCP/IP offload support in Hyper-V 2012 R2.

This only occurs in a RRAS-based NAT configuration where RRAS has been installed on the Hyper-V 2012 R2 host. Installing RRAS in a VM with both the external network and internal network attached directly does not require the below solution.

The Solution

This is easily fixed by adjusting the virtual machines network card (NIC) settings.

To do this, go to the NICs properties and click the Configure… button.

NIC Properties

This will open up a new window. Click on the Advanced tab in this window.

NIC Configuration Advanced Tab

In this window you need to change the settings of a few keys.

IPv4 Checksum Offload

Was: Rx & Tx Enabled
Now: Disabled

Large Send Offload Version 2 (IPv4)

Was: Enabled
Now: Disabled

Large Send Offload Version 2 (IPv6)

Was: Enabled
Now: Disabled

TCP Checksum Offload (IPv4)

Was: Rx & Tx Enabled
Now: Disabled

TCP Checksum Offload (IPv6)

Was: Rx & Tx Enabled
Now: Disabled

UDP Checksum Offload (IPv4)

Was: Rx & Tx Enabled
Now: Disabled

When finished with your changes click the OK button to save them.

The Network Card will automatically re-initialise with the settings changes, no need to reboot the virtual machine [in Windows Server 2012 R2 anyway].

Conclusion

Once these changes are in place we can immediately Try Again to find more updates, and this time it will succeed!

Windows Updates Found

Installing a secure, high performance, FTP Server with SSL on CentOS 6

In this guide we’re going to install a secure and high performance FTP server supporting SSL / TLS secured connections on top of Red Hat Enterprise Linux (RHEL) 6, CentOS 6, Scientific Linux 6 or generally any other Red Hat variant of Linux distribution using the yum package manager.

Unlike a lot of tutorials and guides I go into some detail on why I have chosen to configure each of the settings in the configuration as well as simply providing a good to go, copy and paste-able, configuration sample. Please note that vsftpd configuration may be updated or change over time. I make no guarantees that this will work for you, simply it has for me – time and time again. Continue reading

Iain Kay's Little Piece of the Web