Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, August 15, 2007 6:58 PM
I have installed Windows Server Core, Enterprise Ed. with the firewall enabled. In the Event Viewer I am getting the following messages:
User Name: NT Authority \ System
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Event ID: 16
This message appears with both the firewall enabled and disabled. I have two network ports on the server, but I configured just one. I am able to connect to the server. So, the network is OK.
Please advise
All replies (17)
Monday, August 20, 2007 4:12 PM âś…Answered
It is kind of strange. In the System Event Log I stll can see the 16th Eevnt:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
It was on 8/16/2007 (the firewall was enabled) and on 8/18/2007 (after I disabled the firewall).
In the WindowsUpdateClient Log (Event Viewer/Applications and Services Logs/Microsoft/Windows/WindowsUpdateClient/Operational) I can see only events like this one:
Windows Update sucessfully found 0 updates.
It was each day since 6/6/2007, when I installed the server. Does it mean that Windows Update Service worked fine even with the firewall enabled?
On the server I found only one update installed (using wmic qfe list):
Caption CSName Description FixComments HotFixID InstallDate Installed
By InstalledOn Name ServicePackInEffect
Status
WMSWEBCAST1 Update 934518 S-1-5-21-
2103918969-573365004-4188336801-500 01c7a8960a7a9448
Thursday, August 16, 2007 2:55 AM
Hi,
Do you need a proxy server to access the Internet? If so, have you configured it using netsh winhttp?
When you say you disabled the firewall, how did you do that?
Thanks,
Andrew
Thursday, August 16, 2007 7:14 PM
No, I do not use a proxy server to access the internet. I use the following commands to disable/enable the firewall:
netsh firewall set opmode disable
netsh firewall set opmode enable
Thursday, August 16, 2007 10:06 PM
I have looked into the default settings for Automatic Updates in Server Core.
I posted my findings here.
I have a couple of questions. Answering them might help you troubleshoot the error.
- Are Automatic Updates enabled?
Check with: cscript SCregEdit.wsf /AU /v - Do you have a Group Policy enabled that specifies a WSUS server?
- Do you have a Group Policy enabled that specifies Automatic Updates settings?
- Can you connect to Windows Update or your WSUS?
Check with: **nslookup windowsupdate.microsoft.com
**(or the DNS name of your WSUS of course)
Good luck!
Friday, August 17, 2007 3:54 PM
I think the Automatic Updates is enabled, because the result of the cscript SCregEdit.wsf /AU /v is 4.
I did not touch a Group Policy after the server installation, and I do not use a WSUS server (I assumed that the Group Policy should be changed automatically after you enabled the Automatic Updates).
I disabled the firewall and ran the command nslookup windowsupdate.microsoft.com. I got the following:
Server: <my domain server>
Address: <its IP address>
*** <domain server> can't find windowsupdate.microsft.com: Non-existent domain
but if I run nslookup www.yahoo.com, I get the following:
Server: <my domain server>
Address: <its IP address>
Non-authoritative answer:
Name: www.yahoo-ht3.akadns.net
Address: 69.147.114.210
Aliases: www.yahoo.com
Friday, August 17, 2007 4:20 PM
Your Automatic Updates seem to be enabled, but DNS seems to be the problem.
(unless you really mistyped it as windowsupdate.microsft.com,which your reply seems to point out)
If you haven't mistyped it, this might be caused by the EDNS0 Enigma.
I recall seeing error 16 in my eventviewer as well with Beta 3 of Server Core.
(haven't seen it since I installed the June CTP)
Friday, August 17, 2007 7:11 PM
I think you are right, I could mistype it. Now I just copied it to the server and got the following:
Non-authoritative answer:
Name: windowsupdate.microsoft.nsatc.net
Address: 207.46.18.94
Aliases: windowsupdate.microsoft.com
Friday, August 17, 2007 9:57 PM
Hi,
Can you post the Windowsupdate.log file to see if that has any clues for us? If not, do you have access to the June CTP and can you see if it happens in that as well?
Thanks,
Andrew
Monday, August 20, 2007 6:07 PM
Hi,
It sounds like it is working. One of the default rules must allow it to work, or enabling it opened the appropriate port.
We checked some recent builds we have and are not seeing the repeated Event Log #16 event.
Andrew
Tuesday, August 21, 2007 4:53 PM
I am still getting the error 16 on each second day in the System Event Log, though the firewall is disabled.
Please advise what exectly should be done with the firewall enabled.
Wednesday, December 12, 2007 12:56 PM
I am seeing this same issue on my RC0 to RC1 active directory server.....
WHat i was able to gleem from the windowsupdate.log is that it seems to be pointing to a server which is not valid (or active).
2007-12-12 04:54:24:480 1008 e98 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://test.update.microsoft.com/v6/ClientWebService/client.asmx
When i go to this URL from IE the server reports a) a cert issue (which you can click through) and b) server error 500 ...
What URL should this thing be pointing to and how can i over ride in the registry to fix ...
thanks!
Paul
Wednesday, December 12, 2007 6:16 PM
Hi,
That looks like it is trying to go to the page that tells you "not to use the web site, use Windows Update on the start menu". Not sure why it wants to go there. Did you use the script to enable Auto Update or was it enabled in some other way?
Thanks,
Andrew
Saturday, May 3, 2008 7:48 AM | 1 vote
I just wanted to put this out there ... I'm sure you've moved on, but this happened to me with Win2k8 Std. RTM.
Summary:
I was receiving the "Unable to connect to automatic updates" message and resolved it by looking in the WindowsUpdate.log file, going to tail end of it, and looking for the initial error (for my most recent update attempt), manually hitting the Update URL, and copying a missing CA cert into the Trusted Root CA store on the machine.
System EventLog Error:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
WindowsUpdate.log:
Unfortunately, the error in the WindowsUpdate.log showed as a 0x80072F8F, which again unfortunately, when searched for, yields some trivial and incorrect KBs and posts related to the time on the problem computer being out of sync with the Update server(s). While that would cause problems, that isn't what was going on in my case.
Anyway, the WindowsUpdate.log contained an attempt (and 0x80072F8F failure) to connect to the following URL:
Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
When pasted into a browser, as you said, the browser indicates a Cert issue. In my case, the Windows Update web server SSL cert was untrusted due to a missing root CA cert. The CA (GTE CyberTrust Global Root) cert was not in the Trusted Root Certificates store on the problem machine. It is in the Third-party Root Certificate Authorities store. though.
Once I copied the above GTE cert into the Trusted Root CA store, I was able to successfully execute the Windows Update process.
There are actually three CA certs required for Windows Update to work (in the following hierarchy), but I was only missing the one:
GTE CyberTrust Global Root
Microsoft Internet Authority
Microsoft Secure Server Authority
Anyway, this cost me a couple of hours over two days (on a fresh install).
Later.
Doug
Wednesday, December 23, 2009 12:24 AM
i had this problem with Windows 7 64-bit RTM. you can get the latest root certificates from here:
http://support.microsoft.com/kb/931125/
Friday, April 30, 2010 11:07 PM
In my WindowsUpdate.log I had an entry indicating that it was using a proxy server. Not sure where that came from. I ran PROXYCFG -D to eliminate the proxy server and that fixed my problems.
Tuesday, October 25, 2011 4:31 PM
I have had some success fixing Windows Update problems in Vista and Win7, by updating root certificates. Specifically, error 80072F8F, but you never know, it might fix these problems, too. Look here: http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/windows-7-windows-update-error-80072f8f/70704156-4f4e-4843-b542-409b7e11ba0d
Monday, December 3, 2012 4:29 PM
Please check following link:
Follow the steps "AS IS" - it will certainly work even in worst case scenario.
Let me know if anything goes wrong.