WSUS: Downloadmgr error 0x80072AFC after approving updates

WSUS: Downloadmgr error 0x80072AFC after approving updates

  • Comments 2
  • Likes

I was talking with my good friend Joao Madureira about some of the recent issues he's been seeing on WSUS and he pointed me to an interesting one where you get an 0x80072AFC error after approving updates.  We didn't see a lot of documentation on this already so we decided to post his analysis here:

========

Issue: After approving updates in WSUS 3.x , download manager shows error 0x80072AFC saying that updates cannot be downloaded.  The BITS service may also be paused. You will also see the following in the Windowsupdate.log:

7.1.6001.65, tz: -0600)  ===========
2009-01-28    22:28:54:953    2420    15ac    Misc      = Process: C:\WINDOWS\system32\wuauclt.exe
2009-01-28    22:28:54:953    2420    15ac    AUClnt    Launched Client UI process
2009-01-28    22:28:55:000    2420    15ac    Misc    ===========  Logging initialized (build: 7.1.6001.65, tz: -0600)  ===========
2009-01-28    22:28:55:000    2420    15ac    Misc      = Process: C:\WINDOWS\system32\wuauclt.exe
2009-01-28    22:28:55:000    2420    15ac    Misc      = Module: C:\WINDOWS\system32\wucltui.dll
2009-01-28    22:28:55:000    2420    15ac    CltUI    AU client got new directive = 'Download Progress', serviceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, return = 0x00000000
2009-01-28    22:28:55:000    2420    15ac    CltUI    AU client creating default WU/WSUS UI plugin
2009-01-28    22:28:55:344     824    127c    DnldMgr    Error 0x80072afc occurred while downloading update; notifying dependent calls.
2009-01-28    22:28:55:344     824    1094    AU    AU checked download status and it changed: Downloading is paused
2009-01-28    22:28:55:344    2420    15ac    CltUI    AU client got new directive = 'Shutdown', serviceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, return = 0x00000000

Cause: This can occur if the clients are unable to access any or all of the following sites and WSUS is set not to store updates locally:

  • http://download.windowsupdate.com
  • https://*.windowsupdate.microsoft.com
  • http://*.windowsupdate.microsoft.com
  • http://*.update.microsoft.com
  • http://*.download.windowsupdate.com
  • http://update.microsoft.com
  • http://*.windowsupdate.com
  • http://download.microsoft.com
  • http://windowsupdate.microsoft.com
  • http://ntservicepack.microsoft.com
  • http://wustat.windows.com
  • https://*.update.microsoft.com
  • https://update.microsoft.com

Many times this can occur if the clients access the Windows Update website through a server that is running Microsoft Internet Security and Acceleration (ISA) Server and that server requires authentication.

For more details on this see KB885819You experience problems when you access the Windows Update Version 6 Web site through a server that is running ISA Server.

More Information: When updates are set to not be stored locally, the client machines will be using the Microsoft Update website to download the updates. The agent will get the approvals from WSUS and create a BITS job to handle the downloads, then BITS will create the Winhttp request for the Microsoft Update site.  If the client cannot reach the websites it will generate error 0x80072AFC and will retry the download again later.

Resolution:  To resolve this issue configure the clients to download the updates from the WSUS server instead of from Windows Update.  This requires that we configure WSUS to download and store the updates locally.  To do this, open the WSUS admin console and select Update files and languages:

image

Then check Download update files to this server only when updates are approved:

image

By doing this the client machines will use WSUS to download the updates instead of Microsoft Update.

A special thanks to Joao Madureira and Rich Pesenko for putting in the labor to get this tracked down and bringing it to my attention.  Thanks guys!

J.C. Hornbeck | Manageability Knowledge Engineer

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • PingBack from http://windows2008security.com/?p=568

  • I am getting exactly this error, but my WSUS does store locally. Are there other causes?