This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Update Error 80072F8F

Hi,

we are using Sophos Web Aplliance v4.0.2.3 and couldn't use Windows Update. It allways fails with error code 80027f8f. I installed the root ca from the appliance to the computer account root ca and also treid to disable https scanning and certifcate validation. But nothing helps.
Does anyone have a hint for us?
Thanks

:57955


This thread was automatically locked due to age.
Parents
  • hi,
    I've been in same situation since couple of weeks. i haven't tried to disable https scanning but exempted some URL's in "https scanning". its not working on all of the PCs but some clients are being updated. here are the URLs

    www.ds.download.windowsupdate.com
    www.fe2.update.microsoft.com
    www.update.microsoft.com
    ds.download.windowsupdate.com:443
    fe2.update.microsoft.com:443

    let me know if it worked for you or if you found a perfect solution.

    Regards,
    Faheem Sarwar
  • I have added all the Microsoft update IP addresses and URLs to the trusted sites lists in our web appliance and it is still blocking windows update servers.

    This is VERY critical to our environment.

    We need this issue resolved ASAP.

    We are updated to the latest version on our appliance.

Reply
  • I have added all the Microsoft update IP addresses and URLs to the trusted sites lists in our web appliance and it is still blocking windows update servers.

    This is VERY critical to our environment.

    We need this issue resolved ASAP.

    We are updated to the latest version on our appliance.

Children
  • Here are a few more ideas to try:

    Do you see requests to the Microsoft Update domains in the reports on the SWA or in the User Activity Search? If you see blocked requests, then there may be a policy issue. If you do not see any requests, then perhaps there is a problem with the requests getting to the SWA at all.

    Are your endpoints using explicit proxy configuration to connect to the SWA or do you have it deployed transparently? If using an explicit proxy setup, are non-proxied connections blocked by your firewall? The windows update service does not always pick up proxy configuration from the logged-on user. It may be necessary to configure a system-level proxy using the netsh command. Take a look at this Microsoft article: https://support.microsoft.com/en-ca/kb/900935 

    Apologies if this is too obvious, but have you tried looking at this Microsoft article: http://windows.microsoft.com/en-ca/windows/windows-update-error-80072f8f#1TC=windows-7

    Is HTTPS Scanning enabled? If so, is the time setting on your Web Appliance correct? Have you also added the Microsoft IP addresses and URLs to the HTTPS Exemption list.

  • Dear Kerry Alcock,

    do you have HTTPS scanning enabled ? . if yes, then you need to exempt URLs (in my previous post) from HTTPS scanning. adding them into trusted web filter list doesn't make any difference since you must be a user with "everything allowed" category.

    trust me, nothing gets blocked in Web filter when its about HTTPS scanning.

    if exempting URLs doesn't make any difference while HTTPS is enabled. try adding certificates from the websites windows update hits. 

    Regards,

    Faheem Sarwar