How to Fix Windows 11 Update Error KB5066835 (Build 26100.6899 / 26200.6899)

Flat illustration: A Windows 11 laptop showing an “Update failed” dialog with a warning icon, subtle system gears in the background. Accent colors: cyan + orange highlights (avoid full blue wash). Clean tech style, high contrast, no text clutter.

Introduction

The October 2025 Patch Tuesday cumulative update KB5066835 targets Windows 11 24H2 / 25H2, increasing the OS build to 26100.6899 (24H2) and 26200.6899 (25H2). It includes security fixes, quality improvements, and items rolled up from recent previews. An SSU (Servicing Stack Update: KB5067360) is also involved. Right after release, some users began reporting install failures and developer-facing issues with IIS/localhost. This guide explains what’s changing, which errors are common, and safe, beginner-friendly steps to fix them. A manual .msu install path is also provided.

目次
PR

KB5066835 at a Glance (What’s in this update?)

  • Release date: October 14, 2025 (JST: Oct 15)
  • Targets: Windows 11 24H2 / 25H2
  • OS builds: 26100.6899 / 26200.6899
  • Contents: Security fixes, quality improvements, and preview rollups
  • SSU: KB5067360 (servicing foundation update)
  • Note: Heads-up around Secure Boot certificate timelines (phased expiration in/after June 2026). Plan ahead if your environment depends on custom signing chains.

Tip: Baseline release cadence and known issues are maintained under Microsoft’s “Windows Release Health.” Checking it before large rollouts saves time.

Common Errors and Issues Reported

1) Windows Update installation fails

  • Typical symptoms: Install error - 0x800F0991, 0x800f0983, or a rollback state (UNDOING CHANGES) with repeated reboots. These point to component store hiccups, catalog issues, or interference by third-party tools.

2) IIS / Local development (localhost) breaks

  • ERR_CONNECTION_RESET or ERR_HTTP2_PROTOCOL_ERROR on local sites using IIS / IIS Express. This can affect Visual Studio debugging and local app verification.

3) Known issues (media DRM)

  • Some protected content playback (Blu-ray/DVD/specific DTV apps) may be affected—a chain of issues seen since late August 2025. Parts were mitigated in September, but certain apps may still require vendor updates.

Admin corner: Separate from client KB5066835, Windows Server 2025 has its own advisories (e.g., AD DS replication/DirSync). Don’t mix up the scopes; still, double-check hybrid environments.

Before You Start: Quick Checks

  1. Write down the error code (e.g., 0x800F0991, 0x800f0983). It guides the fix path below.
  2. Verify version/build at Settings → System → About. Target post-update builds: 26100.6899 / 26200.6899.
  3. Disconnect nonessential devices and keep at least 10 GB free on drive C.
  4. Temporarily disable third-party security apps (at your discretion). Real-time scanning can block update staging and sometimes collides with IIS networking hooks.

Step-by-Step Fix (Follow in Order)

PR

Step 1: Run the built-in Windows Update troubleshooter

  • Settings → System → Troubleshoot → Other troubleshootersWindows Update.
  • This often resets failure markers and re-initializes related services.

Step 2: Repair component store and system files (DISM + SFC)

Open Windows Terminal (Admin) or Command Prompt (Admin), then run in order:

DISM /Online /Cleanup-Image /RestoreHealth
sfc /scannow
  • DISM repairs the component store; SFC verifies and replaces system files.
  • Reboot when complete, then retry Windows Update.

Step 3: Clear stuck update caches (SoftwareDistribution & Catroot2)

Stop services:

net stop wuauserv
net stop bits

Rename folders (acts as a safe backup and forces regeneration):

ren %systemroot%\SoftwareDistribution SoftwareDistribution.old
ren %systemroot%\System32\catroot2 catroot2.old

Start services again:

net start wuauserv
net start bits
  • Run Windows Update once more.

Step 4: Apply KB5066835 via standalone package (.msu)

  • Download the appropriate .msu for your edition (24H2 x64/ARM64 or 25H2) from the Microsoft Update Catalog, then install directly.
  • When multiple MSUs are involved, Microsoft notes the application order. You can either queue with DISM (pointing to one folder) or apply sequentially with WUSA.

Step 5: Still failing? Try these

  • Disable Fast Startup temporarily → reboot → retry update.
  • Clean boot (minimal startup) to minimize third-party interference.
  • If stuck in a boot loop, use WinRE to roll back to the previous build or perform System Restore.
  • On work PCs, consider Pause updates (up to 7 days) and monitor—many issues are fixed in the following cumulative.

IIS / Localhost Issues After KB5066835 (For Developers)

  • Symptoms: ERR_HTTP2_PROTOCOL_ERROR or ERR_CONNECTION_RESET when using IIS / IIS Express or during Visual Studio debugging.

Mitigations to try

  • Temporarily disable HTTP/2 to confirm protocol-level clashes (e.g., under HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters or via IIS site bindings).
  • Re-add IIS features (turn Windows features off/on) to correct mismatched components.
  • Regenerate administration.config / applicationHost.config if configuration drift is suspected.
  • Test with security software disabled to rule out TLS inspection and traffic filtering effects.

If disabling HTTP/2 resolves the issue, keep it off only temporarily. Re-enable after the next cumulative or vendor patch to retain performance benefits.

Enterprise / Admin Considerations

  • Stage updates: validate on a pilot ring first (representative hardware, key LOB apps, dev boxes using IIS).
  • Watch Server 2025 advisories: if your schema master or hybrid syncs are on Server 2025, review current AD DS/DirSync notes before parallel rollouts.
  • Secure Boot planning: assess certificate chains and any custom boot policies ahead of the 2026 timeline.

FAQ

Q1. Should I install now or wait?
A. If you rely on IIS/localhost or specialized media apps, consider waiting a few days and watch early field reports. For general users, install with a backup in place.

Q2. Do I need a specific .msu order?
A. When multiple packages are listed, follow Microsoft’s noted order. You can batch via DISM by pointing to one folder, or apply individually with wusa.

Q3. Blu-ray or protected video won’t play after updating.
A. Update to the latest cumulative, check app/vendor updates, and test again. Some DRM chains needed both OS and app-side patches in recent months.

Safe Update Checklist

  • Back up first (external SSD or cloud).
  • Unplug peripherals and ensure enough free space.
  • Temporarily disable security apps if they interfere.
  • If it fails: Troubleshooter → DISM/SFC → cache reset → manual .msu.
  • For work PCs: ring-based rollout and hold periods.
  • Plan for Secure Boot cert changes well ahead of 2026.

Monthly cumulative updates can sometimes feel fragile, but most failures boil down to transient cache or catalog issues. Work through the steps calmly. If your PC feels unstable after updating, the next cumulative often includes relevant fixes—so avoid repeatedly reinstalling in a hurry.

When trouble strikes, good backups and measured decisions protect your system—and your time.

Recommended Reads

OneNote for Windows 10 Support Ending: What’s Happening and How to Prepare (2025 Guide)

Windows 11 25H2 for IT: WSUS Timeline, Pilot Plan, and the Enablement Package Model

Fake CAPTCHA Scam: “I’m not a robot” Used to Spread Malware – How to Spot and Stay Safe

タグ: , , , ,