Since when did Windows update become such a pain to update?
Just for a little background I’ve had this error on a number of occasions. WSUS is installed and configured within the environment, Windows updates are filtered and applied from WSUS (v3.2) running on Server 2003. The clients are configured using an update GPO. Windows firewall on the domain is turned off.
Servers are allowed outbound with no Firewall restrictions on the Cisco ASA
Clients aren’t allowed outbound with Firewall restrictions on the Cisco ASA. (They have internet access via a Proxy Server and I.E. settings are configured via GPO and a PAC file)
Error: 80072F78
After installing a new Windows Server 2008 R2 server I was greeted with this error after adding the server to the domain and performing manual windows updates. The error was displayed after clicking the “Check online for updates from Windows Update” – Although I want to apply the updates from WSUS I wanted to ensure that it was obtaining the latest updates as some may not have been approved.
I checked out some forums and found that this is a known issue with the “authroot.stl” cert installed. I downloaded a newer version and installed:
- Download: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- Extract
- Install (using the default settings, next, next, finish)
This didn’t work straight away until I reset all settings in I.E. 9.0 | after which the error disappeared and I could view the update options (or in my case no updates)
Although this resolved my issue it may not for all! I did find a number of different error codes and suggested fixes on my internet travels, most of these relating to proxy or connection restrictions. Microsoft have documented some debugging steps here: http://support.microsoft.com/kb/836941
Download the “Client Diagnostics Tool”
http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx
netsh winhttp reset proxy
- wuauclt.exe /detectnow
Update: OK I thought the above would work… apparently not!
OK the secret is in this file:
C:\windows\windowsupdate.log
Delete the entire registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
Which will revert the WUAgent to the original installed behavior of Automatic Updates and then set the desired behavior usign the Control Panel | Windows Update dialog.
Reference:
https://www.trustwave.com/support/kb/KnowledgebaseArticle10726.aspx