Hello P, Thomas Mathew,
Has your issue been resolved yet? If it has, please consider accepting the answer so that others sharing the same problem would benefit too. If not, please get me updated. Thanks
VP
Windows 11 Feature Update fails with 0x80240440 when UpdateServiceUrlAlternate is set to localhost:8005
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 14.000000000000002%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPT%3C/text%3E%3C/svg%3E)
P, Thomas Mathew
0
Reputation points
We are managing Windows updates using Configuration Manager (SUP/WSUS).
Clients have the following Windows Update policy configured:
WUServer = https://SUPSERVER:8531
WUStatusServer = https://SUPSERVER:8531
UpdateServiceUrlAlternate = http://localhost:8005
Issue observed:
- Some Windows 11 devices fail Feature Updates (23H2 → 24H2 / 25H2)
UpdatesHandler.log shows:
Updates scan completion received, result = 0x80240440
Other devices with the same deployment succeed
Cache size and content distribution are healthy
Port 8005 is listening on affected devices, but Feature Update content does not download
Understanding so far:
Port 8005 is automatically configured by Configuration Manager for delta/express content
Feature Updates use UUP and may follow a different download path
Suspecting UpdateServiceUrlAlternate (localhost:8005) causes scan/download failures for Feature Updates
Questions:
Is UpdateServiceUrlAlternate (localhost:8005) supported/recommended for Feature Updates?
Can Feature Updates fail if the delta endpoint is reachable but not functional?
Is bypassing delta download the recommended approach for Feature Updates?
Looking for Microsoft guidance or best practices.We are managing Windows updates using Configuration Manager (SUP/WSUS).
Clients have the following Windows Update policy configured:
WUServer = https://SUPSERVER:8531
WUStatusServer = https://SUPSERVER:8531
UpdateServiceUrlAlternate = http://localhost:8005
Issue observed:
Some Windows 11 devices fail Feature Updates (23H2 → 24H2 / 25H2)
UpdatesHandler.log shows:
Updates scan completion received, result = 0x80240440
Other devices with the same deployment succeed
Cache size and content distribution are healthy
Port 8005 is listening on affected devices, but Feature Update content does not download
Understanding so far:
Port 8005 is automatically configured by Configuration Manager for delta/express content
Feature Updates use UUP and may follow a different download path
Suspecting UpdateServiceUrlAlternate (localhost:8005) causes scan/download failures for Feature Updates
Questions:
Is UpdateServiceUrlAlternate (localhost:8005) supported/recommended for Feature Updates?
Can Feature Updates fail if the delta endpoint is reachable but not functional?
Is bypassing delta download the recommended approach for Feature Updates?
Looking for Microsoft guidance or best practices.
Windows for business | Windows Client for IT Pros | Devices and deployment | Install Windows updates, features, or roles
3 answers
Sort by: Most helpful
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 16%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
VPHAN 25,000 Reputation points Independent Advisor2026-02-15T08:25:36.4266667+00:00 Hello again P, Thomas Mathew,
Just following up. The
UpdateServiceUrlAlternatelistener on port 8005 is fundamentally incompatible with the Unified Update Platform (UUP) architecture used by Windows 11 Feature Updates, leading directly to theWU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST(0x80240440) error. The legacy Delta content provider cannot interpret the UUP metadata structure, so you must strictly disable "Allow clients to download delta content when available" in your Configuration Manager Client Settings to remove the local proxy and restore direct communication with the Distribution Point; this is the authoritative best practice for managing UUP on-premises.However, to ensure the solution is complete, I must ask for a specific detail regarding your Distribution Point's IIS configuration which is absent from your description. Have you verified that the MIME Types for
.wimand.msuare correctly registered in the IIS settings on your Distribution Points? UUP content introduces these specific file extensions, and if your IIS instance is not configured to serve them, the agents will simply trade the current scan error for a download failure (HTTP 404) once the proxy issue is resolved.Hope you found something useful in the answer. If it helped you get more insight into the issue, please consider accepting it. Thank you.
VP
-
VPHAN 25,000 Reputation points Independent Advisor
2026-02-14T08:03:49.18+00:00 Hello P, Thomas Mathew,
This error code (
WU_E_PT_ECP_FAILURE_TO_EXTRACT_DIGEST) indicates that the Windows Update Agent received metadata it could not parse or verify, which occurs when the local Delta proxy (listening on port 8005) intercepts UUP traffic it was never designed to handle. Windows 11 Feature Updates utilize UUP to perform differential downloads natively, making the Configuration Manager "Delta content" setting not only redundant but actively harmful to the update path.To resolve this, you must modify your Configuration Manager Client Settings under Administration > Client Settings > Default Client Settings > Software Updates. Specifically, set "Allow clients to download delta content when available" to No. It is insufficient to merely disable Express Files; the Delta Content setting controls the local listener on port 8005. Furthermore, verify your Software Update Point (SUP) Component Properties on the site server and ensure "Download both full files for all approved updates and express installation files" is uncheck/disabled to prevent metadata mismatches. Once these changes are propagated via a Machine Policy Retrieval Cycle, the
UpdateServiceUrlAlternateregistry key atHKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdatewill be automatically deleted, restoring the direct path between the Windows Update Agent and your Distribution Points.While the provided log snippet is highly indicative of the Delta proxy issue, please clarify if the affected devices are utilizing a Cloud Management Gateway (CMG) or a VPN split-tunnel configuration. UUP content often requires access to
tlu.dl.delivery.mp.microsoft.comand related endpoints even when managed by WSUS; if the Delta proxy removal does not immediately resolve the download, we must investigate if your network boundaries are correctly permitting these UUP range requests.Do you find this answer useful? Should you have more questions, feel free to leave a comment. If the answer helps you get more insight into the issue, please consider accepting it. Thank you and have a nice day!
VP
-
P, Thomas Mathew 0 Reputation points
2026-02-16T06:05:42.3666667+00:00 Hi, Some are not listening to Port 8005, that will also cause an issue right ?
-
VPHAN 25,000 Reputation points Independent Advisor
2026-02-16T20:31:09.5633333+00:00 P, Thomas Mathew Yes. If the
UpdateServiceUrlAlternateregistry key is present pointing tohttp://localhost:8005, the Windows Update Agent (WUA) is hard-coded to route its traffic through that local proxy. If the Configuration Manager Delta Download component is not actively listening on port 8005 on those specific devices, the WUA connection attempts will effectively be "blackholed," resulting in immediate communication failures like0x8024402cor the0x80240440digest error you are seeing.This inconsistency (where the policy demands a local proxy that isn't running) confirms that the Delta content configuration is unstable in your environment and reinforces my recommendation to disable "Allow clients to download delta content when available" in the Client Settings. The goal for Windows 11 UUP (Unified Update Platform) Feature Updates is to eliminate this local loopback dependency entirely, allowing the WUA to hand off content handling directly to the Delivery Optimization service rather than the legacy SCCM delta handler. Please verify if you have any conflicting Group Policies set under Computer Configuration > Administrative Templates > Windows Components > Delivery Optimization, specifically the "Download Mode," as UUP relies heavily on this service being healthy (typically set to LAN or Group) once the Delta proxy is removed.
Hope you found something useful in the answer. If it helped you get more insight into the issue, please consider accepting it. Thank you!
VP
Sign in to comment -