none
wsus clients all not connecting with error 0x80072efd

    Question

  • recently I did  a P2V of the WSUS server.  Now none of the clients have reported since that time.  In the client log file it is filled with :

     

    Server URL = https://wsus.domain.local:8531/SimpleAuthWebService/SimpleAuth.asmx
    2011-11-24 13:16:14:969 1888 12cb8 Misc WARNING: Send failed with hr = 80072efd.
    2011-11-24 13:16:14:969 1888 12cb8 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2011-11-24 13:16:14:969 1888 12cb8 PT   + Last proxy send request failed with hr = 0x80072EFD, HTTP status code = 0
    2011-11-24 13:16:14:969 1888 12cb8 PT   + Caller provided credentials = No
    2011-11-24 13:16:14:969 1888 12cb8 PT   + Impersonate flags = 0
    2011-11-24 13:16:14:969 1888 12cb8 PT   + Possible authorization schemes used =
    2011-11-24 13:16:14:969 1888 12cb8 PT WARNING: GetAuthorizationCookie failure, error = 0x80072EFD, soap client error = 5, soap error code = 0, HTTP status code = 200
    2011-11-24 13:16:14:969 1888 12cb8 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80072efd
    2011-11-24 13:16:14:984 1888 12cb8 PT WARNING: PopulateAuthCookies failed: 0x80072efd
    2011-11-24 13:16:14:984 1888 12cb8 PT WARNING: RefreshCookie failed: 0x80072efd

    No configuration has changed.  The server name is the same.  The IP address is the same.  Server 2003 standard sp2.
    THe IIS ports are TCP 8530, ans SSL 8531.  Can anyone help?  thanks.

    Thursday, November 24, 2011 9:38 PM

Answers

  • I just saw in the app log that WSUS self update is not working.  I guess I need to make sure this is fixed first?  any ideas from here?


    Yep. Given the scenario, the most likely case is that SSL is not properly configured.

    Turn off SSL (as suggested) and see if it works.

    If it does, and you need to have SSL enabled, then re-enable it in accordance with the documentation in the WSUS Deployment Guide.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Monday, November 28, 2011 11:08 PM
    Moderator

All replies

  • Hi,

    Thank you for posting here.

    Did you have some proxy/firewall settings between clients and WSUS server?Sth blocked the connectivity to the WSUS.Have a check of the Windows Firewall on the WSUS to see whether some ports are blocked.
    Best regards,
    Clarence

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, November 25, 2011 8:35 AM
    Moderator
  • Hi,

    Look at this link :

    http://msmvps.com/blogs/Athif/articles/43174.aspx


    MCITP : Server Administrator | VMware : VTSP 4 / Desktop VTSA 4 | NetApp : DataOntap 7/8 Accreditation

    → Thanks for voting this post as answer if it helps

    Friday, November 25, 2011 9:44 AM
  • There is no proxy and the windows firewall on the WSUS is disabled.  The only thing that was changed was the WSUS so I suspect it's something to do on the server side.

    Friday, November 25, 2011 5:20 PM
  • Hi, there is no proxy in our network.   The WSUS is syncing updates fine from the microsoft site.  thanks.
    Friday, November 25, 2011 5:24 PM
  • recently I did  a P2V of the WSUS server.  Now none of the clients have reported since that time.

    No configuration has changed.  The server name is the same.  The IP address is the same. 

    Two things to check as a first step:

    1. Can the WUAgent of the WSUS server, itself, properly detect/report with the WSUS service?

    2. If you disable SSL, can the clients connect?


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Friday, November 25, 2011 10:55 PM
    Moderator
  • I just saw in the app log that WSUS self update is not working.  I guess I need to make sure this is fixed first?  any ideas from here?
    Friday, November 25, 2011 11:02 PM
  • I just saw in the app log that WSUS self update is not working.  I guess I need to make sure this is fixed first?  any ideas from here?


    Yep. Given the scenario, the most likely case is that SSL is not properly configured.

    Turn off SSL (as suggested) and see if it works.

    If it does, and you need to have SSL enabled, then re-enable it in accordance with the documentation in the WSUS Deployment Guide.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Monday, November 28, 2011 11:08 PM
    Moderator
  • Thanks, how do you turn SSL off on wsus? 

    Wednesday, December 7, 2011 5:59 PM
  • Thanks, how do you turn SSL off on wsus? 
    Undo the steps you did to turn it on<???>
    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Wednesday, December 7, 2011 10:12 PM
    Moderator
  • lol<???>  some people inherit things...

    I made it availabel through http instead of https.  clients are connecting.  But will look into learning how to set up ssl.

    Friday, December 9, 2011 9:30 PM
  • lol<???>  some people inherit things...

    Fair enough. And to that scenario, I acknowledge my answer was not particularly helpful, although it was accurate.

    The authoritative response would be to undo the steps as documented in the WSUS Deployment Guide, but that advice presumes that SSL was properly enabled using that procedure -- the fact that it's not working strongly suggests that it was not, and if wasn't, then 'undoing' the correct procedure may not produce a successful result.

    I made it available through http instead of https.  clients are connecting.
    Excellent.
    But will look into learning how to set up ssl.
    Start here, Secure the WSUS 3.0 SP2 Deployment, in the WSUS Deployment Guide.
    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Saturday, December 10, 2011 2:04 AM
    Moderator