Windows Update is slow or not working

Windows Server 2012r2 and Windows 10 Windows Update hangs at every step

Windows update slow checking for updates

The basic issue is Windows is trying to connect to the internet and checks connectivity when you check for updates. Even if you try to get it configured Windows Update to go to WSUS server in your local environment. It does this for something to do with the Windows Store. When it tries (and fails) to connect to the internet, it will retry some 10 or so times, locking up the Windows Update interface until each attempt times out.

The best and quickest way to work around it is to use this command:

netsh winhttp import proxy source=ie

To confirm if this is the issue, note the time according to system clock, then do a check for updates using the regular process and let it finish (even though it takes ages), then check out closely your Window update log “C:\Windows\WindowsUpdate.log”. See if it’s got entries about connecting to “windowsupdate.com”. You might have to scroll up a fair way (use the time on the left of the log as a guide because you noted the time earlier). After it fails to connect to the internet, it will then try to talk to local WSUS and work fine. If you’ve configured a local WSUS server, and it’s still trying to connect to internet locations, this should worry you.
The previous entries about using “netsh winhttp import proxy source=ie” is just a workaround to let it connect to the internet. It should never have been connecting in the first place.

The real fix is to deploy a GPO setting :
Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Windows Update -> Do not connect to any Windows Update Internet Locations

This will only appear in Group Policies if you have applied the update KB2989540, possibly to your domain controllers, which should update the WindowsUpdate.admx in the GroupPolicies SYSVOL folder.

If you just want to test the fix without having to make a Group Policy change to see if this is your issue you could also just use the RegKey on the affected machine :
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
“DoNotConnectToWindowsUpdateInternetLocations”=dword:00000001​

Open a Command Prompt. Click Start > Run and type “cmd” then hit “OK”
Type “net stop wuauserv”. This shuts down the windows update service so you can delete the files.
Still on the Command Prompt, type “cd /d %windir%”
Type “rd /s SoftwareDistribution”
Type “net start wuauserv” to restart the service then check for updates as normal