none
Unable to connect to automatic updates

    Question

  • I have installed Windows Server Core, Enterprise Ed. with the firewall enabled. In the Event Viewer I am  getting the following messages:

    User Name:     NT Authority \ System
    Description:     Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
    Event ID: 16

    This message appears with both the firewall enabled and disabled. I have two network ports on the server, but I configured just one. I am able to connect to the server. So, the network is OK.

    Please advise
    Wednesday, August 15, 2007 6:58 PM

Answers

  • It is kind of strange. In the System Event Log I stll can see the 16th Eevnt:

    Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

    It was on 8/16/2007 (the firewall was enabled) and on 8/18/2007 (after I disabled the firewall).

    In the WindowsUpdateClient Log (Event Viewer/Applications and Services Logs/Microsoft/Windows/WindowsUpdateClient/Operational) I can see only events like this one:

    Windows Update sucessfully found 0 updates.

    It was each day since 6/6/2007, when I installed the server. Does it mean that Windows Update Service worked fine even with the firewall enabled?

    On the server I found only one update installed (using wmic qfe list):

    Caption  CSName       Description  FixComments  HotFixID  InstallDate  Installed
    By                                   InstalledOn       Name  ServicePackInEffect
      Status
             WMSWEBCAST1  Update                    934518                 S-1-5-21-
    2103918969-573365004-4188336801-500  01c7a8960a7a9448
    Monday, August 20, 2007 4:12 PM

All replies

  • Hi,

     

    Do you need a proxy server to access the Internet? If so, have you configured it using netsh winhttp?

     

    When you say you disabled the firewall, how did you do that?

     

    Thanks,

     

    Andrew

    Thursday, August 16, 2007 2:55 AM
  • No, I do not use a proxy server to access the internet. I use the following commands to disable/enable the firewall:

    netsh firewall set opmode disable

    netsh firewall set opmode enable
    Thursday, August 16, 2007 7:14 PM
  • I have looked into the default settings for Automatic Updates in Server Core.

    I posted my findings here.

     

    I have a couple of questions. Answering them might help you troubleshoot the error.

    • Are Automatic Updates enabled?
      Check with: cscript SCregEdit.wsf /AU /v
    • Do you have a Group Policy enabled that specifies a WSUS server?
    • Do you have a Group Policy enabled that specifies Automatic Updates settings?
    • Can you connect to Windows Update or your WSUS?
      Check with: nslookup windowsupdate.microsoft.com
      (or the DNS name of your WSUS of course)

    Good luck!

    Thursday, August 16, 2007 10:06 PM
  • I think the Automatic Updates is enabled, because the result of the cscript SCregEdit.wsf /AU /v is 4.

    I did not touch a Group Policy after the server installation, and I do not use a WSUS server (I assumed that the Group Policy should be changed automatically after you enabled the Automatic Updates).

    I disabled the firewall and ran the command  nslookup windowsupdate.microsoft.com. I got the following:

    Server:  <my domain server>
    Address:  <its IP address>

    ***
    <domain server> can't find windowsupdate.microsft.com: Non-existent domain

    but if I run nslookup www.yahoo.com, I get the following:

    Server:  <my domain server>
    Address:  <its IP address>

    Non-authoritative answer:
    Name:    www.yahoo-ht3.akadns.net
    Address:  69.147.114.210
    Aliases:  www.yahoo.com



    Friday, August 17, 2007 3:54 PM
  • Your Automatic Updates seem to be enabled, but DNS seems to be the problem.

    (unless you really mistyped it as windowsupdate.microsft.com,which your reply seems to point out)

    If you haven't mistyped it, this might be caused by the EDNS0 Enigma.

     

    I recall seeing error 16 in my eventviewer as well with Beta 3 of Server Core.

    (haven't seen it since I installed the June CTP)

    Friday, August 17, 2007 4:20 PM
  • I think you are right, I could mistype it. Now I just copied it to the server and got the following:

    Non-authoritative answer:
    Name:    windowsupdate.microsoft.nsatc.net
    Address:  207.46.18.94
    Aliases:  windowsupdate.microsoft.com

    Friday, August 17, 2007 7:11 PM
  • Hi,

    Can you post the Windowsupdate.log file to see if that has any clues for us? If not, do you have access to the June CTP and can you see if it happens in that as well?

     

    Thanks,

     

    Andrew

     

    Friday, August 17, 2007 9:57 PM
  • It is kind of strange. In the System Event Log I stll can see the 16th Eevnt:

    Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

    It was on 8/16/2007 (the firewall was enabled) and on 8/18/2007 (after I disabled the firewall).

    In the WindowsUpdateClient Log (Event Viewer/Applications and Services Logs/Microsoft/Windows/WindowsUpdateClient/Operational) I can see only events like this one:

    Windows Update sucessfully found 0 updates.

    It was each day since 6/6/2007, when I installed the server. Does it mean that Windows Update Service worked fine even with the firewall enabled?

    On the server I found only one update installed (using wmic qfe list):

    Caption  CSName       Description  FixComments  HotFixID  InstallDate  Installed
    By                                   InstalledOn       Name  ServicePackInEffect
      Status
             WMSWEBCAST1  Update                    934518                 S-1-5-21-
    2103918969-573365004-4188336801-500  01c7a8960a7a9448
    Monday, August 20, 2007 4:12 PM
  • Hi,

     

    It sounds like it is working. One of the default rules must allow it to work, or enabling it opened the appropriate port.

     

    We checked some recent builds we have and are not seeing the repeated Event Log #16 event.

     

    Andrew

    Monday, August 20, 2007 6:07 PM
  • I am still getting the error 16 on each second day in the System Event Log, though the firewall is disabled.

    Please advise what exectly should be done with the firewall enabled.
    Tuesday, August 21, 2007 4:53 PM
  • I am seeing this same issue on my RC0 to RC1 active directory server.....

     

    WHat i was able to gleem from the windowsupdate.log is that it seems to be pointing to a server which is not valid (or active).

     

    2007-12-12 04:54:24:480 1008 e98 PT   + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, Server URL = https://test.update.microsoft.com/v6/ClientWebService/client.asmx

     

    When i go to this URL from IE the server reports a) a cert issue (which you can click through) and b) server error 500 ...

     

    What URL should this thing be pointing to and how can i over ride in the registry to fix ...

     

    thanks!

    Paul

    Wednesday, December 12, 2007 12:56 PM
  • Hi,

     

    That looks like it is trying to go to the page that tells you "not to use the web site, use Windows Update on the start menu". Not sure why it wants to go there. Did you use the script to enable Auto Update or was it enabled in some other way?

     

    Thanks,

     

    Andrew

    Wednesday, December 12, 2007 6:16 PM
  •  

    I just wanted to put this out there ... I'm sure you've moved on, but this happened to me with Win2k8 Std. RTM.

     

    Summary:

     

    I was receiving the "Unable to connect to automatic updates" message and resolved it by looking in the WindowsUpdate.log file, going to tail end of it, and looking for the initial error (for my most recent update attempt), manually hitting the Update URL, and copying a missing CA cert into the Trusted Root CA store on the machine.

     

    System EventLog Error:

     

    Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

     

    WindowsUpdate.log:

     

    Unfortunately, the error in the WindowsUpdate.log showed as a 0x80072F8F, which again unfortunately, when searched for, yields some trivial and incorrect KBs and posts related to the time on the problem computer being out of sync with the Update server(s). While that would cause problems, that isn't what was going on in my case.

     

    Anyway, the WindowsUpdate.log contained an attempt (and 0x80072F8F failure) to connect to the following URL:

     

    Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx

     

    When pasted into a browser, as you said, the browser indicates a Cert issue. In my case, the Windows Update web server SSL cert was untrusted due to a missing root CA cert. The CA (GTE CyberTrust Global Root) cert  was not in the Trusted Root Certificates store on the problem machine. It is in the Third-party Root Certificate Authorities store. though.

     

    Once I copied the above GTE cert into the Trusted Root CA store, I was able to successfully execute the Windows Update process.

     

    There are actually three CA certs required for Windows Update to work (in the following hierarchy), but I was only missing the one:

     

    GTE CyberTrust Global Root

    Microsoft Internet Authority

    Microsoft Secure Server Authority

     

    Anyway, this cost me a couple of hours over two days (on a fresh install).

     

    Later.

     

    Doug

    • Proposed as answer by Aaron B Wednesday, December 23, 2009 12:26 AM
    Saturday, May 03, 2008 7:48 AM
  • i had this problem with Windows 7 64-bit RTM. you can get the latest root certificates from here:
    http://support.microsoft.com/kb/931125/
    Wednesday, December 23, 2009 12:24 AM
  • In my WindowsUpdate.log I had an entry indicating that it was using a proxy server.  Not sure where that came from. I ran PROXYCFG -D to eliminate the proxy server and that fixed my problems.
    Friday, April 30, 2010 11:07 PM
  • I have had some success fixing Windows Update problems in Vista and Win7, by updating root certificates.  Specifically, error 80072F8F, but you never know, it might fix these problems, too.  Look here: http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/windows-7-windows-update-error-80072f8f/70704156-4f4e-4843-b542-409b7e11ba0d
    Tuesday, October 25, 2011 4:31 PM
  • Please check following link:

    http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/a47039d9-4d45-4a61-aa26-6100aeffc1f0

    Follow the steps "AS IS"  -  it will certainly work even in worst case scenario.

    Let me know if anything goes wrong.

    Monday, December 03, 2012 4:29 PM