Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 40268 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Update Error 80072F8F

gfaffm

Hi,

we are using Sophos Web Aplliance v4.0.2.3 and couldn't use Windows Update. It allways fails with error code 80027f8f. I installed the root ca from the appliance to the computer account root ca and also treid to disable https scanning and certifcate validation. But nothing helps.
Does anyone have a hint for us?
Thanks

:57955


This thread was automatically locked due to age.
  • 0

    the clients are pointing to wsus or Microsoft servers?

    :57974
  • 0

    The clients poitning to the microsoft servers.

    After the last update to firmware 4.0.3.1 the updates just work, but now with firmware 4.0.4 we get the same error.

    :58086
  • 0
    The latest version of the web appliance is 4.1.1. Can you try updating to the latest version and see if you continue to have this issue with Windows updates?
  • 0
    I have seen a number of times that the caching feature on the web appliance can interfere with windows updates. I would recommend that if caching is turned, to turn it off. This setting can be found by going to Configuration > General Options > Cache Settings.
  • 0
    Hi gfaffm,

    There are also several proxy and policy issues in the version you are running. I highly recommend you upgrade to the latest version of the appliance, 4.1.1.

    Petr.
  • 0
    hi,
    I've been in same situation since couple of weeks. i haven't tried to disable https scanning but exempted some URL's in "https scanning". its not working on all of the PCs but some clients are being updated. here are the URLs

    www.ds.download.windowsupdate.com
    www.fe2.update.microsoft.com
    www.update.microsoft.com
    ds.download.windowsupdate.com:443
    fe2.update.microsoft.com:443

    let me know if it worked for you or if you found a perfect solution.

    Regards,
    Faheem Sarwar
  • 0 in reply to FaheemSarwar

    I have added all the Microsoft update IP addresses and URLs to the trusted sites lists in our web appliance and it is still blocking windows update servers.

    This is VERY critical to our environment.

    We need this issue resolved ASAP.

    We are updated to the latest version on our appliance.

  • 0 in reply to KerryAlcock

    Here are a few more ideas to try:

    Do you see requests to the Microsoft Update domains in the reports on the SWA or in the User Activity Search? If you see blocked requests, then there may be a policy issue. If you do not see any requests, then perhaps there is a problem with the requests getting to the SWA at all.

    Are your endpoints using explicit proxy configuration to connect to the SWA or do you have it deployed transparently? If using an explicit proxy setup, are non-proxied connections blocked by your firewall? The windows update service does not always pick up proxy configuration from the logged-on user. It may be necessary to configure a system-level proxy using the netsh command. Take a look at this Microsoft article: https://support.microsoft.com/en-ca/kb/900935 

    Apologies if this is too obvious, but have you tried looking at this Microsoft article: http://windows.microsoft.com/en-ca/windows/windows-update-error-80072f8f#1TC=windows-7

    Is HTTPS Scanning enabled? If so, is the time setting on your Web Appliance correct? Have you also added the Microsoft IP addresses and URLs to the HTTPS Exemption list.

  • 0 in reply to KerryAlcock

    Dear Kerry Alcock,

    do you have HTTPS scanning enabled ? . if yes, then you need to exempt URLs (in my previous post) from HTTPS scanning. adding them into trusted web filter list doesn't make any difference since you must be a user with "everything allowed" category.

    trust me, nothing gets blocked in Web filter when its about HTTPS scanning.

    if exempting URLs doesn't make any difference while HTTPS is enabled. try adding certificates from the websites windows update hits. 

    Regards,

    Faheem Sarwar

Unfiltered HTML