Microsoft Confirms Windows Update Failures in Restricted Networks

Key Takeaways

• Windows Update fails with error 0x80010002 in air-gapped and firewalled networks after January 2026 preview updates
• Affected systems can download February updates but cannot get March, April, or later patches
• Microsoft has released Known Issue Rollback group policies as a temporary fix

Microsoft has confirmed that Windows systems in restricted network environments are hitting update failures after installing the January 2026 optional non-security preview updates. The issue affects air-gapped systems, strictly firewalled networks, and other network-restricted configurations.

Affected devices display error code 0x80010002 when attempting to update through Windows Update. The problem creates a frustrating pattern: systems can download the February 2026 monthly security update, but then lose the ability to download any updates released in March, April, or later months.

What's Causing the Failure

Microsoft traced the issue to recent changes in download timeout requirements. The company was clear about one thing: this is not a device integrity problem. The affected machines can still install updates. They just cannot download them from the internet through the Windows Update settings page.

“This issue results from recent changes in download timeout requirements when starting download operations. It is not related to device integrity or the device's ability to install Windows updates, only to its ability to download updates from the internet via the Windows Update page under Settings.”

— Microsoft service alert

Microsoft MVP Susan Bradley first spotted the service alert documenting the issue.

The Workaround: Known Issue Rollback

While Microsoft works on a permanent fix, IT administrators have a path forward. The company has released Known Issue Rollback (KIR) group policies that reverse the buggy update behavior. KIR is a Windows feature designed specifically to undo problematic changes delivered through Windows Update.

The specific KIR policies depend on your Windows version:

• Windows 11 26H1: KB5083806 Known Issue Rollback
• Windows 11 24H2, Windows 11 25H2, and Windows Server 2025: KB5083631 Known Issue Rollback

Installing the policy is not enough on its own. Admins must also configure the group policy for their specific Windows version and restart affected devices to apply the settings. Microsoft's support website has detailed guidance on deploying and configuring KIR group policies.

A Pattern of Patching Problems

This is not Microsoft's first encounter with Windows Update issues in enterprise environments. The past two years have seen multiple similar problems.

In April 2025, Microsoft fixed a bug that blocked enterprise customers from installing security updates through Windows Server Update Services (WSUS). Four months later, in August 2025, the company addressed another WSUS issue where the Windows 11 24H2 cumulative update failed with 0x80240069 errors.

More recently, Microsoft released a KIR fix for a separate issue causing the May 2026 Windows 11 security update (KB5089549) to fail with 0x800f0922 errors on some systems.

Why Restricted Networks Are Hit Harder

Restricted network environments face unique challenges with Windows Update. Air-gapped systems, by design, have no direct internet access. Strictly firewalled networks limit which external endpoints machines can reach. These configurations are common in high-security settings: government agencies, financial institutions, healthcare organizations, and critical infrastructure.

When timeout requirements change on Microsoft's end, these environments feel the impact first. Their constrained network paths have less tolerance for altered connection behaviors. A timeout value that works fine on an open corporate network may cause failures when packets must traverse multiple security checkpoints.

What IT Admins Should Do Now

1. Identify affected systems in your environment running in restricted network configurations
2. Download the appropriate KIR group policy for your Windows version
3. Deploy and configure the policy according to Microsoft's guidance
4. Restart affected devices to apply the setting
5. Verify that Windows Update downloads resume normally

Admins managing air-gapped systems may need to use alternative update delivery methods, such as WSUS or manual update deployment, until Microsoft issues a permanent fix.

Frequently Asked Questions

What is error code 0x80010002 in Windows Update?

This error indicates a download failure in Windows Update, specifically in restricted network environments after installing the January 2026 preview updates. It prevents systems from downloading updates released after February 2026.

What is Known Issue Rollback (KIR)?

KIR is a Windows feature that reverses buggy changes delivered through Windows Update without requiring a full update uninstall. Microsoft deploys KIR policies as group policies that admins install and configure.

Which Windows versions are affected by this update failure?

Microsoft has released KIR fixes for Windows 11 26H1, Windows 11 24H2, Windows 11 25H2, and Windows Server 2025, indicating these versions are affected.

Can affected devices still install Windows updates?

Yes. Microsoft confirmed the issue only affects downloading updates through the Windows Update settings page. Devices can still install updates obtained through other means.

Do I need to restart after applying the KIR fix?

Yes. Microsoft states that you must restart affected devices to apply the group policy setting after installing and configuring the KIR policy.

Source: BleepingComputer