Symptom

Consider a scenario where roaming users have workstations configured to use a WSUS via Domain Policy. When they are traveling and are without access to the corporate network, they receive the error message below when they try to force a Windows Update:

Understanding the Issue

After receiving this error, if you open the %systemroot%\WindowsUpdate.Log you will notice the following pattern:

-------------------------------------------------------------------------------------------------------------------------------------
2011-08-23 14:12:30:347  748 2140 AU AU setting next detection timeout to 2011-08-24 00:12:30
2011-08-23 14:12:30:348  748 2140 AU Setting AU scheduled install time to 2011-08-24 08:00:00
2011-08-23 14:12:30:349  748 2140 AU Successfully wrote event for AU health state:0
2011-08-23 14:12:30:350  748 2140 AU Successfully wrote event for AU health state:0
2011-08-23 14:12:35:379  748 23f4 Report CWERReporter finishing event handling. (00000000)
2011-08-23 14:13:30:321  748 1280 AU Triggering AU detection through DetectNow API
2011-08-23 14:13:30:321  748 1280 AU Triggering Online detection (interactive)
2011-08-23 14:13:30:322  748 508 AU #############
2011-08-23 14:13:30:322  748 508 AU ## START ##  AU: Search for updates
2011-08-23 14:13:30:322  748 508 AU #########
2011-08-23 14:13:30:324  748 508 AU <<## SUBMITTED ## AU: Search for updates [CallId = {AEC5F2B6-8D4A-4646-A25D-8CFDE73E0C5F}]
2011-08-23 14:13:30:327  748 23f4 Agent *************
2011-08-23 14:13:30:327  748 23f4 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2011-08-23 14:13:30:327  748 23f4 Agent *********
2011-08-23 14:13:30:327  748 23f4 Agent   * Online = Yes; Ignore download priority = No
2011-08-23 14:13:30:327  748 23f4 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2011-08-23 14:13:30:327  748 23f4 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2011-08-23 14:13:30:327  748 23f4 Agent   * Search Scope = {Machine}
2011-08-23 14:13:30:328  748 23f4 Setup Checking for agent SelfUpdate
2011-08-23 14:13:30:328  748 23f4 Setup Client version: Core: 7.5.7601.17514  Aux: 7.5.7601.17514
2011-08-23 14:13:30:329  748 23f4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2011-08-23 14:13:30:343  748 23f4 Misc  Microsoft signed: Yes
2011-08-23 14:13:30:370  748 23f4 Misc WARNING: Send failed with hr = 80072ee7.
2011-08-23 14:13:30:370  748 23f4 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2011-08-23 14:13:30:370  748 23f4 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://wsussrv.contoso.com:80/selfupdate/wuident.cab>. error 0x8024402c
2011-08-23 14:13:30:370  748 23f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2011-08-23 14:13:30:370  748 23f4 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2011-08-23 14:13:30:370  748 23f4 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2011-08-23 14:13:30:389  748 23f4 Misc WARNING: Send failed with hr = 80072ee7.
-------------------------------------------------------------------------------------------------------------------------------------

Notice that it tries to contact the WSUS Server (WSUSSRV.contoso.com) on port 80, which it is an internal server. Since the client workstation doesn't have access to this server during that time the request fails.

Such behavior is expected since the domain policy overwrites the local policy. Therefore, it will always try to use the server that it was specified in the domain policy.

Resolution

Make sure to have corporate access from the corporate workstation while forcing update detection.

Workaround

If you have administrative access to this workstation and you must check for updates during that specific time, change the registry key UseWUServer to 0 (zero). For more information about this registry key, review this article: http://technet.microsoft.com/en-us/library/cc784946(WS.10).aspx