WSUS: Client sync fails with 80072ee7 and 0x8024402c errors in WindowsUpdate.log

Here's a cool tip that comes from Joe Tindale, one of our top Senior Support Escalation Engineers out in Charlotte, North Carolina.  If you're seeing 80072ee7 and 0x8024402c errors in your client's WindowsUpdate.log then this may be your issue:

========

Issue: Clients don't show up in the WSUS console, thus they do not get updates.  When looking in a client computer's %windir%windowsupdate.log you may see this:

2008-08-12 05:04:26:288 1776 12f8 Misc WARNING: Send failed with hr = 80072ee7.
2008-08-12 05:04:26:288 1776 12f8 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2008-08-12 05:04:26:288 1776 12f8 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <https://<server>//selfupdate/wuident.cab>. error 0x8024402c
2008-08-12 05:04:26:288 1776 12f8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2008-08-12 05:04:26:288 1776 12f8 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2008-08-12 05:04:26:288 1776 12f8 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2008-08-12 05:04:28:570 1776 12f8 Misc WARNING: Send failed with hr = 80072ee7.

Cause: This can be caused if an incorrect WSUS server name (FQDN) is used.  The WSUS server name is either configured via group policy or by altering the client registry.

Resolution: To resolve this problem, correct the server name used by the clients.

Group Policy:

Specify intranet Microsoft Update service location:

The settings for this policy enable you to specify a WSUS server that Automatic Updates will contact for updates. You must enable this policy in order for Automatic Updates to download updates from the WSUS server. Enter the WSUS server HTTP(S) URL twice, so that the server specified for updates is also used for reporting client events. For example, type http(s)://servername in both boxes, where servername is the name of the server. Both URLs are required.

To redirect Automatic Updates to a WSUS server:

In the Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update. In the details pane, click Specify Intranet Microsoft update service location.
Click Enabled and type the HTTP(S) URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. For example, type http(s)://servername in both boxes, where servername is the name of the server. If the port is not 80 for HTTP or 443 for HTTPS, you should add the port number: https://servername:portnumber.  Click OK.

For more information see https://technet.microsoft.com/en-us/library/cc708574.aspx.

Client Registry:

Using the registry editor:

Administrators who do not wish to use Group Policy may set up client computers using the registry. Registry entries for the WSUS server are located in the following subkey:

HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdate

WUServer
Reg_SZ
HTTP(S) URL of the WSUS server used by Automatic Updates and (by default) API callers. This policy is paired with WUStatusServer; both must be set to the same value in order for them to be valid.

WUStatusServer
Reg_SZ
The HTTP(S) URL of the server to which reporting information will be sent for client computers that use the WSUS server configured by the WUServer key. This policy is paired with WUServer; both must be set to the same value in order for them to be valid.

For more information see https://technet.microsoft.com/en-us/library/cc720464.aspx.

After correcting the WSUS server name, clients should start showing up in the WSUS console and installing updates.

========

Thanks Joe!

J.C. Hornbeck | Manageability Knowledge Engineer