For several months, I had a client with a Small Business Server 2008 that just would not update. It worked for a while and just suddenly quit after a round of updates through automatic update. No matter what I tried from confirming network connectivity, checking firewall settings, adding and re-adding the update sites to firewall exceptions, disabling anti-virus applications and software accelerators to spending long hours reading Technet articles and suggested fixes from Microsoft, and a thorough step-by-step here, the problem would not go away and kept giving “Windows can’t connect to update…” error 80072efd.
I finally found a solution in the notes I took while researching this problem that worked, at least temporarily, to allow updates to the server. I am not sure who the original provider of this solution is, but if I come across it again, I will surely give them credit for it.
It appears that the major cause of the 0x80072efd error, at least on the SBS 2008, is a misconfiguration or meltdown of Windows Server Update Services (WSUS) and it can happen if your network goes out of alignment or something screws up like if your NT AUTHORITY\NETWORK SERVICE entry in the registry says 0 instead of 1.
Since WSUS is a core part of SBS 2008 and is supposed to pull updates from Microsoft and distribute the updates to computers on your network, when you call for updates, the agent goes to http://server:8530 expecting to communicate with the Windows Update Server locally. A problem with WSUS will affect the ability of the update agent to pull down updates since the WUAgent gets no response back from an assigned WSUS server. It then throws up error 80072efd.
A quick and dirty fix is to temporarily hide or remove the local server and allow the agent to pull down updates directly from the Microsoft website. To do this, I uninstalled WSUS and edited the Windows Update entry in the registry.
To edit the registry:
- Click Start > Run > type “regedit” without the quotes, and accept the UAC prompt to continue
- Navigate to HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
- Look at the keys in that folder, if they look something like this:
“WUServer”=”http://SERVER:8530″
“WUStatusServer”=”http://SERVER:8530″
that means Windows Update is trying to look for updates on your own server. Chances are those updates don’t exist on the server (unless you have a successful installation of WSUS which was not our case).
- Delete the “WindowsUpdate” key from the registry at HKLM\Software\Policies\Microsoft\Windows. I’d recommend you export this to a .reg file to be safe. Right-click on the folder and select “export” to save.
- Restart the Windows Update service. (located in Start > Run > type “services.msc” without quotes), or Start > Administrative Tools > Services > Windows Update Service (for those who like doing things the hard way).
If you don’t even see the HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate folder then this probably doesn’t apply to you.
This worked for me and I was able to update a server that had not been updated since November 2009!
After making sure that all updates were current, I went back and added WSUS as a role causing a fresh install of the update server. Your mileage may vary on this one. Make sure you have a reliable backup of your server before messing with the registry, and do this on a weekend just in case things go sour for you.
Good luck.
14 comments until now
Thank you!!! This fairly simple fix relieved massive frustration. It is astounding to me that Microsoft doesn’t have this posted on their technet site.
Worked for me !!!
THANKS for posting this fixed it for me as well
Brilliant! Thank you for posting this resolution; had been unable to locate any fix that actually worked until my googlefoo found this post.
Thanks for visiting. Glad I could be of help. Happy Holidays.
Brilliant! Thank you for sharing this solution; this stuff is priceless!
Thank you for sharing this solution! After spending hours on this problem, this did the trick in less than a minute…
Vielen Dank! Noch tagelange suchen und probieren…. endlich die Lösung!
Freut mich, von Hilfe sein. Danke für Ihren Besuch.
Believe me, I tried every tricks on the book, online, microsoft help and online HP chat, to no avail.
I even uninstall, and ended up much worse because now I am totally without any previous updates and can’t sign in to secure websites too.
Finally, I go online and let HP automatically detect my notebook for updates and drivers. I reinstall everything again, paying particular attention to Flash Bios. It did the trick. Hope it works for you as it did for me.
That is great – thank you for your effort.
That is the only straight solution.
Thanks, it also worked for us on 2008 server Standard…
Best regards from France
Thanks for publishing this. It’s the first resolution that I’ve found that works. Top job.
The credit really goes to the author of a post whose link I am still trying to locate. I spent many frustrating hours trying all kinds of solutions including the ones recommended by Microsoft to no avail until I came across some notes I took and tried the fix and it worked, at least for my specific problem. I am happy it worked for you too.
Comments are disabled in this entry.