A customer of mine wanted to use the built-in windows update of Windows Server 2008 R2 to apply the latest security patches. When they clicked check for updates they received the following error:
In words: An error occurred while checking for new updates for your computer. Error Code 80072EE2
I’ve came across this in the past and I know google would lead me to a solution in 1-2-3: http://tmgblog.richardhicks.com/2010/08/07/running-windows-update-on-a-tmg-firewall-fails-with-result-code-80072ee2/ The solution mentioned over there is to point the SYSTEM to the TMG for http requests. This can be done by executing the following command from an elevated command prompt:
- netsh winhttp set proxy localhost:8080 [when 8080 is your proxy port]
Thinking all would by fine I clicked try again. And guess what, it failed again, but now with a slightly different error: 80072F8F. I googled and googled, tried some workaround for which I doubted they would work, but finally I came across this page: http://bent-blog.de/wsus-fehler-bei-der-synchronisierung-fehler-0x80072f8f-bei-windows-update/ I only read it diagonally as I can manage to understand German, but not that great. But I saw some screenshots which resembled a lot to my case.
The reason seems to be the absence of a root certificate in the trusted root certificate store. You can easily verify this by opening https://www.update.microsoft.com on the TMG server. If you receive a certificate error, you might be suffering the same problem. I just took the missing root certificate (GTE CyberTrust Global Root) and added it to the trusted root certificates of the computer certificate store. And voila!