locked
WSUS - SSL and DMZ servers - 0x80072f8f RRS feed

  • Question

  • Hello,

    First of all sorry for my english.

    I've got error 0x80072F8F when i try to use WSUS (that is in the internal network) on my DMZ's servers.

    Wsus server is a Wsus 3.0 SP1 on Windows 2003 (SSL enabled on port 8531)

    DMZ's servers are Windows 2008 R2

    1 - I have installed the root certificate of my PKI on the trust root certificate store of the DMZ's servers

    2 - I have modified the Hosts file of the DMZ's servers for name resolution of the internal WSUS server therefore the wsus web certificate subject match the Wsus URL of the DMZ's servers.

    3 - I created firewall rule for open the communications on port 8531 between DMZ's servers and Wsus server

    4 -I created firewall rule for the download of the Certificate revocation list (of the WSUS certificate) by the DMZ's servers

    5 - I am able to download https://wsusserver/selfupdate/wuident.cab and there is no certificate error

    6 - I am able to dowload the CRL of the WSUS certificate

    7 - There is no time difference between Wsus server and DMZ's servers

    But after all that when i run a 'wuauclt /detectnow' the DMZ's servers failed on the SelfUpdate check with error 0x80072F8F

    anyone have a idea ?

    WindowsUpdate.log :

    WARNING: Send failed with hr = 80072f8f.
    WARNING: SendRequest failed with hr = 80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    WARNING: WinHttp: SendRequestUsingProxy failed for <https://WSUSserver:8531/selfupdate/wuident.cab>. error 0x80072f8f
    WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072f8f
    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072f8f

    FATAL: SelfUpdate check failed, err = 0x80072F8F

    Wednesday, April 9, 2014 12:15 PM

Answers

  • Sorry i was in holiday !

    Big mistake on my part, I imported the CA certificate in the user store instead of the computer store...

    All is good after that !

    • Marked as answer by PapY_TcheB Wednesday, April 23, 2014 8:47 AM
    Wednesday, April 23, 2014 8:47 AM
  • Wsus server is a Wsus 3.0 SP1 on Windows 2003 (SSL enabled on port 8531)

    The first step here is to either properly identify the actual version of WSUS in use, or to apply all of the required patches.

    5 - I am able to download https://wsusserver/selfupdate/wuident.cab and there is no certificate error

    WARNING: WinHttp: SendRequestUsingProxy failed for <https://WSUSserver:8531/selfupdate/wuident.cab>. error 0x80072f8f

    The second problem here is that SSL should *NOT* be used on the /selfupdate v-dir, so it seems that you have not properly configured the WSUS SSL implementation. Please refer to Secure WSUS with the Secure Sockets Layer Protocol for the proper procedures.

    Note also that there is a known issue with the April Update for Win8.1/WS2012R2 and WSUS SSL environments, so if you have Win8.1/WS2012R2 systems, since installing the update is fundamentally required, you should consider deferring the implementation of SSL on WSUS until the patch for that issue is released.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Thursday, April 10, 2014 1:38 PM

All replies

  • Hi,

    0x80072f8f - ERROR INTERNET SECURE FAILURE

    Do you have any anti-virus software installed? Check if this case give you any clue.

    http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/eerror-code-0x80072f8f-i-cannot-connect-to-wsus/6d17ae31-b792-479a-92d9-80d776b6f8f7

    Hope this helps.

    Thursday, April 10, 2014 9:34 AM
  • Wsus server is a Wsus 3.0 SP1 on Windows 2003 (SSL enabled on port 8531)

    The first step here is to either properly identify the actual version of WSUS in use, or to apply all of the required patches.

    5 - I am able to download https://wsusserver/selfupdate/wuident.cab and there is no certificate error

    WARNING: WinHttp: SendRequestUsingProxy failed for <https://WSUSserver:8531/selfupdate/wuident.cab>. error 0x80072f8f

    The second problem here is that SSL should *NOT* be used on the /selfupdate v-dir, so it seems that you have not properly configured the WSUS SSL implementation. Please refer to Secure WSUS with the Secure Sockets Layer Protocol for the proper procedures.

    Note also that there is a known issue with the April Update for Win8.1/WS2012R2 and WSUS SSL environments, so if you have Win8.1/WS2012R2 systems, since installing the update is fundamentally required, you should consider deferring the implementation of SSL on WSUS until the patch for that issue is released.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Thursday, April 10, 2014 1:38 PM
  • Sorry i was in holiday !

    Big mistake on my part, I imported the CA certificate in the user store instead of the computer store...

    All is good after that !

    • Marked as answer by PapY_TcheB Wednesday, April 23, 2014 8:47 AM
    Wednesday, April 23, 2014 8:47 AM