How Windows Update works

  • Article
  • 5 minutes to read

Applies to

  • Windows x
  • Windows eleven

The Windows Update workflow has four core areas of functionality:

Scan

  1. Orchestrator schedules the scan.
  2. Orchestrator verifies admin approvals and policies for download.

Download

  1. Orchestrator starts downloads.
  2. Windows Update downloads manifest files and provides them to the arbiter.
  3. The czar evaluates the manifest and tells the Windows Update client to download files.
  4. Windows Update client downloads files in a temporary binder.
  5. The arbiter stages the downloaded files.

Install

  1. Orchestrator starts the installation.
  2. The arbiter calls the installer to install the package.

Commit

  1. Orchestrator starts a restart.
  2. The arbiter finalizes earlier the restart.

How updating works

During the updating process, the Windows Update Orchestrator operates in the groundwork to scan, download, and install updates. Information technology does these actions automatically, according to your settings, and silently so that doesn't disrupt your computer usage.

Scanning updates

Windows Update scanning step.

The Windows Update Orchestrator on your PC checks the Microsoft Update server or your WSUS endpoint for new updates at random intervals. The randomization ensures that the Windows Update server isn't overloaded with requests all at the same time. The Update Orchestrator searches only for updates that accept been added since the final time updates were searched, allowing information technology to find updates quickly and efficiently.

When checking for updates, the Windows Update Orchestrator evaluates whether the update is appropriate for your device. It uses guidelines defined by the publisher of the update, for instance, Microsoft Office including enterprise group policies.

Make sure y'all're familiar with the following terminology related to Windows Update browse:

Term Definition
Update We use this term to mean several different things, but in this context it'south the actual updated lawmaking or alter.
Bundle update An update that contains 1-Due north child updates; doesn't contain payload itself.
Child update Leaf update that's bundled past another update; contains payload.
Detector update A special "update" that contains "IsInstalled" applicability rule just and no payload. Used for prereq evaluation.
Category update A special "detectoid" that has an IsInstalled dominion that is always true. Used for grouping updates and to let the device to filter updates.
Full scan Scan with empty datastore.
Delta scan Browse with updates from previous scan already cached in datastore.
Online scan Scan that uses the network and to bank check an update server.
Offline browse Browse that doesn't employ the network and instead checks the local datastore. Only useful if online scan has been performed earlier.
CatScan Category browse where caller can specify a categoryId to get updates published under that categoryId.
AppCatScan Category scan where caller can specify an AppCategoryId to get apps published under that appCategoryId.
Software sync Part of the browse that only checks for software updates (both the apps and the operating organization).
Driver sync Part of the scan that checks commuter updates merely. This sync is optional and runs after the software sync.
ProductSync A sync based on attributes, in which the client provides a list of device, product, and caller attributes ahead of time to allow service to bank check applicability in the deject.

How Windows Update scanning works

Windows Update does the following actions when information technology runs a scan.

Starts the browse for updates

When users start scanning in Windows Update through the Settings panel, the following occurs:

  • The scan commencement generates a "ComApi" message. The caller (Microsoft Defender Antivirus) tells the Windows Update engine to scan for updates.
  • "Agent" messages: queueing the scan, then really starting the work:

    • Updates are identified past the different IDs ("ID = ten", "ID = xi") and from the dissimilar thread ID numbers.

    • Windows Update uses the thread ID filtering to concentrate on ane detail task.

      Windows Update scan log 1.

Identifies service IDs

  • Service IDs point which update source is beingness scanned.

  • The Windows Update engine treats every service as a dissever entity, even though multiple services may contain the same updates. Windows Update scan log 2.

  • Mutual service IDs

    Important

    ServiceId here identifies a client abstraction, non any specific service in the cloud. No assumption should be made of which server a serviceId is pointing to. It's totally controlled by responses from the Service Locator Service.

Service ServiceId
Unspecified / Default WU, MU, or WSUS
00000000-0000-0000-0000-000000000000
Windows Update 9482F4B4-E343-43B6-B170-9A65BC822C77
Microsoft Update 7971f918-a847-4430-9279-4a52d1efe18d
Store 855E8A7C-ECB4-4CA3-B045-1DFA50104289
OS Flighting 8B24B027-1DEE-BABB-9A95-3517DFB9C552
WSUS or Configuration Manager Via ServerSelection::ssManagedServer
3DA21691-E39D-4da6-8A4B-B43877BCB1B7
Offline scan service Via IUpdateServiceManager::AddScanPackageService

Finds network faults

Common update failure is acquired due to network issues. To find the root of the result:

  • Look for "ProtocolTalker" messages to encounter client-server sync network traffic.

  • "SOAP faults" tin can exist either client- or server-side problems; read the message.

  • The Windows Update client uses the Service Locator Service to discover the configurations and endpoints of Microsoft network update sources: Windows update, Microsoft Update, or Flighting.

    Note

    If the search is against WSUS or Configuration Manager, you can ignore warning messages for the Service Locator Service.

  • On sites that only utilize WSUS or Configuration Manager, the Service Locator Service might be blocked at the firewall. In this case the request volition fail, and though the service can't scan confronting Windows Update or Microsoft Update, it tin can notwithstanding browse against WSUS or Configuration Director, since it'south locally configured. Windows Update scan log 3.

Downloading updates

Windows Update download step.

Once the Windows Update Orchestrator determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does operation in the background without interrupting your normal use of the device.

To ensure that your other downloads aren't affected or slowed down because updates are downloading, Windows Update uses Delivery Optimization, which downloads updates and reduces bandwidth consumption.

For more information, see Configure Delivery Optimization for Windows 10 updates.

Installing updates

Windows Update install step.

When an update is applicable, the "Arbiter" and metadata are downloaded. Depending on your Windows Update settings, when downloading is complete, the Arbiter will get together details from the device, and compare that with the downloaded metadata to create an "activity list".

The action listing describes all the files needed from Windows Update, and what the installation agent (such every bit CBS or Setup) should do with them. The activeness listing is provided to the installation agent along with the payload to begin the installation.

Committing Updates

Windows Update commit step.

When the option to automatically install updates is configured, the Windows Update Orchestrator, in virtually cases, automatically restarts the device for yous after installing the updates. Information technology has to restart the device because information technology might be insecure, or non fully updated, until information technology restarts. You can apply Group Policy settings, mobile device management (MDM), or the registry (not recommended) to configure when devices will restart after a Windows ten update is installed.

For more information, come across Manage device restarts after updates.