In your newsreader:
news://msnews.microsoft.com/microsoft.public.windows.server.update_services
]]
Claude Lachapelle wrote:
> I would like to know where Automatic Updates are getting this setting
> (Proxyservername:port), since I never configured a proxy on this server,
> and
> the one specified do not exist anymore in the the company.
>
> And due to that, Automatic Updates are failing all communications with the
> WSUS server...
>
> So, I cleared ALL Connections configuration under Internet Settings in the
> registry, run proxycfg -d, re-installed Automatic Updates with the special
> rundll command, reset the SoftwareDistribution directory many times,
> reboot
> the server, STILL HAVE THE SAME PROBLEM:
>
> + Proxy list used = proxy:8080
>
> Where Automatic Updates are getting this setting?
>
> Thanks.
>
> Claude Lachapelle
> System Administrator, MCSE
The WUA (Automatic Updates) uses the WinHTTP proxy configuration.
On WinXP/2003 machines (and earlier) you can view these settings with the
simple command: PROXYCFG
On WinVista/2008 machines, you'll need to use 'netsh winhttp show proxy'
>> So, I cleared ALL Connections configuration under Internet Settings in
>> the
>> registry, run proxycfg -d, re-installed Automatic Updates with the
>> special
>> rundll command, reset the SoftwareDistribution directory many times,
>> reboot the server, STILL HAVE THE SAME PROBLEM:
>>
>> + Proxy list used = proxy:8080
>>
>> Where Automatic Updates are getting this setting?
In that case.. almost certainly from a POLICY.
>> Claude Lachapelle
>> System Administrator, MCSE
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
>> I would like to know where Automatic Updates are getting this setting
>> (Proxyservername:port), since I never configured a proxy on this
>> server, and the one specified do not exist anymore in the the company.
Could you please run the WSUS client diagnostics tool on the affected client and
post the results?
<http://technet.microsoft.com/en-us/wsus/bb466192.aspx>
http://technet.microsoft.com/en-us/wsus/bb466192.aspx
Also post the results of running proxycfg with no arguments.
Harry.
Current WinHTTP proxy settings under:
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
WinHttpSettings :
Direct access (no proxy server).
Another not easy one... eheheheheh!
WSUS Client Diagnostics Tool
Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is running. . . PASS
Wuaueng.dll version 5.7.3790.3959 . . . . . . . . . . . PASS
This version is WSUS 2.0
Checking AU Settings
AU Option is 3 : Notify Prior to Install. . . . . . . . PASS
Option is from Policy settings
Checking Proxy Configuration
Checking for winhttp local machine Proxy settings . . . PASS
Winhttp local machine access type
<Direct Connection>
Winhttp local machine Proxy. . . . . . . . . . NONE
Winhttp local machine ProxyBypass. . . . . . . NONE
Checking User IE Proxy settings . . . . . . . . . . . . PASS
User IE Proxy. . . . . . . . . . . . . . . . . NONE
User IE ProxyByPass. . . . . . . . . . . . . . NONE
User IE AutoConfig URL Proxy . . . . . . . . . NONE
User IE AutoDetect
AutoDetect not in use
Checking Connection to WSUS/SUS Server
WUServer = http://wsus01.domain.com
WUStatusServer = http://wsus01.domain.com
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
GetAUSettingsRegistry(false, TEXT("SusServerVersion"), &dwSusVersion) failed
wit
h hr=0x80070002
The system cannot find the file specified.
Here what we got in WindowsUpdate.log:
2009-05-08 09:15:40-0400 800 c64 Service status is now SERVICE_RUNNING
2009-05-08 09:16:25-0400 800 c64 start delayed initialization of WU client
2009-05-08 09:16:25-0400 800 c64 BatchFlushAge = 16290.
2009-05-08 09:16:25-0400 800 c64 SamplingValue = 203, sampling required = Yes
2009-05-08 09:16:25-0400 800 c64 Reopened existing event cache file at
C:\WINDOWS\SoftwareDistribution\EventCache\{4FAA8CFD-6315-4049-AF0A-BC5802CDFC22}.bin for writing.
2009-05-08 09:16:25-0400 800 c64 Successfully initialized event uploader
for server 3da21691-e39d-4da6-8a4b-b43877bcb1b7.
2009-05-08 09:16:26-0400 800 c64 Client Call Recorder finished delayed
initialization
2009-05-08 09:16:26-0400 800 c64 AU finished delayed initialization
2009-05-08 09:16:26-0400 800 34c Successfully opened event cache file at
C:\WINDOWS\SoftwareDistribution\EventCache\{3CF0BE48-7311-4BFD-98FD-0F534AE013E4}.bin for reading.
2009-05-08 09:16:26-0400 800 34c Failed to upload events with hr = 8024f001.
2009-05-08 09:16:26-0400 800 34c Successfully opened event cache file at
C:\WINDOWS\SoftwareDistribution\EventCache\{3CF0BE48-7311-4BFD-98FD-0F534AE013E4}.bin for reading.
2009-05-08 09:16:26-0400 800 34c Failed to upload events with hr = 8024f001.
2009-05-08 09:25:28-0400 800 b68 Triggering AU detection through DetectNow
api
2009-05-08 09:25:28-0400 800 c64 AU received event of type: 1
2009-05-08 09:25:28-0400 800 c64 WU client succeeds
CClientCallRecorder::BeginFindUpdatesEx from AutomaticUpdates with call id
{50BD85FC-E2B1-46D0-9811-2083E7D2A8D8}
2009-05-08 09:25:28-0400 800 34c WU client executing call
{50BD85FC-E2B1-46D0-9811-2083E7D2A8D8} of type Search Call
2009-05-08 09:25:49-0400 800 34c SendRequest failed with hr = 80072efd.
Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth Schemes used :
<>
2009-05-08 09:25:49-0400 800 34c WinHttp: SendRequestUsingProxy failed for
<http://wsus01.domain.com/SelfUpdate/wuident.cab>. error 0x80072efd
2009-05-08 09:25:49-0400 800 34c WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2009-05-08 09:25:49-0400 800 34c WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2009-05-08 09:25:49-0400 800 34c WinHttp: ShouldFileBeDownloaded failed
with 0x80072efd
2009-05-08 09:26:10-0400 800 34c SendRequest failed with hr = 80072efd.
Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth Schemes used :
<>
2009-05-08 09:26:10-0400 800 34c WinHttp: SendRequestUsingProxy failed for
<http://wsus01.domain.com/SelfUpdate/wuident.cab>. error 0x80072efd
2009-05-08 09:26:10-0400 800 34c WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2009-05-08 09:26:10-0400 800 34c WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2009-05-08 09:26:10-0400 800 34c WinHttp: ShouldFileBeDownloaded failed
with 0x80072efd
Server proxy do not exist anymore...
Where it is getting this settings (not in GPOs, PROXYCFG return nothing, I
searched the registry and files, reset the SoftwareDistribution directory,
reinstall the Automatic Updates client)?
Thanks.
> GetAUSettingsRegistry(false, TEXT("SusServerVersion"), &dwSusVersion) failed with hr=0x80070002
>
> The system cannot find the file specified.
Typical MS incomplete diagnostic? What I would try is running
ProcMon to see if it can help identify *which* file is "specified". ; )
Good luck
Robert Aldwinckle
---
Robert, no file is specified here... this error is caused by a failure
reading the registry... GetAUSettingsRegistry().
Incidentally, the *only* file retrieved from the WSUS Server by the CDT is
well known -- it's the wuaucomp.cab file in the folder tree appropriate to
the platform where the CDT is being executed.
In this case, the CDT never got to that step, having failed trying to read
the registry.
First thing to note is that this client is not running the current version
of the WUA.
What that also tells me is that this client has *NEVER* been updated.
So, let's back up a second and talk about exactly when/how this client was
built.
And, on the off chance that you're going to tell me what I think might have
happened...
I'll offer this post as a possible resolution:
http://support.microsoft.com/kb/956708 (Note: while the error codes do not
match, if the description in the Symptoms section matches reality -- e.g.
this is a fresh machine installed to XP SP2 and immediately upgraded to XP
SP3 -- then this is the fix you need.)
I've noticed that the error messages in the log are coming from a different
process than the Automatic Updates service process. I don't think the AU
service normally spawns a subprocess in this situation, so I suspect some other
program is involved; if so, it'll be that program that is providing the proxy
information, and those errors probably isn't related to the issue with
contacting the WSUS server.
If I'm right, the part of the log you've posted doesn't contain the information
we'd need to diagnose the WSUS server issue. However, Lawrence has already
pointed out the most common cause, so do try his suggestion and see if it helps.
If it doesn't, answers to these questions may help us:
What version of WSUS are you running? Does the faulty client appear in the WSUS
server, and if so, what is the last report date? How long has the current WSUS
server been running and what did you use before that? How long since the faulty
client was installed?
Also, a better log fragment would help:
1) Wait until the log hasn't had any new entries for twenty minutes or so. (If
this doesn't happen, that's an interesting fact in itself, so let us know!)
2) Run wuauclt /detectnow
3) Repeat step 1
4) Post the contents of the log starting from step 2 and going all the way to
the end.
Harry.
The problem is on the WSUS server itself, and never the computer appear in
the WSUS console, it seem that the proxy settings (proxy:8080) block the
communication to itself!
This server is brand new (VMWare virtual machine), 1 month old only, it is
running Windows Server 2003 Enterprise 64-bit SP2, and all the Windows
updates have been applied. The Automatic Updates client never function
properly... the reason why I'm actually working on it.
Here the content of the WindowsUpdate.log just after the Automatic Updates
client have been updated (Microsoft Windows Update web site) and the command
wuauclt /detectnow have been issued:
2009-05-12 11:00:35:562 784 778 Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0400) ===========
2009-05-12 11:00:35:562 784 778 Misc = Process:
C:\WINDOWS\System32\svchost.exe
2009-05-12 11:00:35:562 784 778 Misc = Module:
C:\WINDOWS\system32\wuaueng.dll
2009-05-12 11:00:35:562 784 778 Service *************
2009-05-12 11:00:35:812 784 778 Service ** START ** Service: Service startup
2009-05-12 11:00:35:812 784 778 Service *********
2009-05-12 11:00:36:203 784 778 Misc Registering binary:
C:\WINDOWS\system32\regsvr32.exe /s "C:\WINDOWS\system32\wups.dll"
2009-05-12 11:00:36:625 784 778 Misc Registering binary:
C:\WINDOWS\system32\regsvr32.exe /s "C:\WINDOWS\system32\wups2.dll"
2009-05-12 11:00:37:125 784 778 Misc Registering binary:
C:\WINDOWS\SysWOW64\regsvr32.exe /s "C:\WINDOWS\SysWow64\wuapi.dll"
2009-05-12 11:00:37:968 784 778 Misc Registering binary:
C:\WINDOWS\SysWOW64\regsvr32.exe /s "C:\WINDOWS\SysWow64\wups.dll"
2009-05-12 11:00:38:375 784 778 Misc Registering binary:
C:\WINDOWS\SysWOW64\regsvr32.exe /s "C:\WINDOWS\SysWow64\wups2.dll"
2009-05-12 11:00:39:171 784 778 Agent * WU client version 7.2.6001.788
2009-05-12 11:00:39:171 784 778 Agent * Base directory:
C:\WINDOWS\SoftwareDistribution
2009-05-12 11:00:39:171 784 778 Agent * Access type: No proxy
2009-05-12 11:00:39:203 784 778 Agent * Network state: Connected
2009-05-12 11:01:24:750 784 778 Agent *********** Agent: Initializing
Windows Update Agent ***********
2009-05-12 11:01:24:750 784 778 Agent *********** Agent: Initializing
global settings cache ***********
2009-05-12 11:01:24:750 784 778 Agent * WSUS server:
http://wsus01.domain.com
2009-05-12 11:01:24:750 784 778 Agent * WSUS status server:
http://wsus01.domain.com
2009-05-12 11:01:24:750 784 778 Agent * Target group: (Unassigned
Computers)
2009-05-12 11:01:24:750 784 778 Agent * Windows Update access disabled: No
2009-05-12 11:01:25:671 784 778 DnldMgr Download manager restoring 0
downloads
2009-05-12 11:01:25:671 784 778 AU ########### AU: Initializing Automatic
Updates ###########
2009-05-12 11:01:25:671 784 778 AU # WSUS server: http://wsus01.domain.com
2009-05-12 11:01:25:671 784 778 AU # Detection frequency: 22
2009-05-12 11:01:25:671 784 778 AU # Approval type: Pre-install notify
(Policy)
2009-05-12 11:01:25:671 784 778 AU # Auto-install minor updates: No (User
preference)
2009-05-12 11:01:25:718 784 778 Report *********** Report: Initializing
static reporting data ***********
2009-05-12 11:01:25:718 784 778 Report * OS Version = 5.2.3790.2.0.196882
2009-05-12 11:01:26:703 784 778 Report * Computer Brand = VMware, Inc.
2009-05-12 11:01:26:703 784 778 Report * Computer Model = VMware Virtual
Platform
2009-05-12 11:01:26:703 784 778 Report * Bios Revision = 6.00
2009-05-12 11:01:26:703 784 778 Report * Bios Name = Default System BIOS
2009-05-12 11:01:26:703 784 778 Report * Bios Release Date =
2007-09-06T00:00:00
2009-05-12 11:01:26:703 784 778 Report * Locale ID = 1033
2009-05-12 11:01:27:296 784 778 AU AU finished delayed initialization
2009-05-12 11:01:27:296 784 778 AU #############
2009-05-12 11:01:27:296 784 778 AU ## START ## AU: Search for updates
2009-05-12 11:01:27:296 784 778 AU #########
2009-05-12 11:01:27:343 784 778 AU <<## SUBMITTED ## AU: Search for updates
[CallId = {91F41888-93C6-4199-B270-BF1EC31E884D}]
2009-05-12 11:01:28:343 784 1fc Agent *************
2009-05-12 11:01:28:343 784 1fc Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2009-05-12 11:01:28:343 784 1fc Agent *********
2009-05-12 11:01:28:343 784 1fc Agent * Online = No; Ignore download
priority = No
2009-05-12 11:01:28:343 784 1fc Agent * Criteria = "IsHidden=0 and
IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or
IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and
IsAssigned=1 or IsHidden=0 and IsInstalled=1 and
DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or
IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and
IsAssigned=1 and RebootRequired=1"
2009-05-12 11:01:28:343 784 1fc Agent * ServiceID =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2009-05-12 11:01:28:343 784 1fc Agent * Search Scope = {Machine}
2009-05-12 11:01:28:546 784 1fc EEHndlr WARNING: Failed to populate
ServiceStartup entries in Cache: error 0x80070002
2009-05-12 11:01:28:562 784 1fc EEHndlr WARNING: Failed to populate
ServiceStartup entries in Cache: error 0x80070002
2009-05-12 11:01:28:593 784 1fc Agent * Found 0 updates and 0 categories
in search; evaluated appl. rules of 0 out of 0 deployed entities
2009-05-12 11:01:28:593 784 1fc Agent *********
2009-05-12 11:01:28:593 784 1fc Agent ** END ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2009-05-12 11:01:28:593 784 1fc Agent *************
2009-05-12 11:01:28:593 784 8b4 AU >>## RESUMED ## AU: Search for updates
[CallId = {91F41888-93C6-4199-B270-BF1EC31E884D}]
2009-05-12 11:01:28:593 784 8b4 AU # 0 updates detected
2009-05-12 11:01:28:593 784 8b4 AU #########
2009-05-12 11:01:28:593 784 8b4 AU ## END ## AU: Search for updates
[CallId = {91F41888-93C6-4199-B270-BF1EC31E884D}]
2009-05-12 11:01:28:593 784 8b4 AU #############
2009-05-12 11:01:32:281 784 1fc Report REPORT EVENT:
{BDF63CFB-C4F2-44F7-8298-0402DAD976B3} 2009-05-12
11:01:25:718-0400 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed.
2009-05-12 11:16:32:250 784 1fc Misc WARNING: SendRequest failed with hr =
80072efd. Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth
Schemes used : <>
2009-05-12 11:16:32:250 784 1fc PT + Last proxy send request failed with
hr = 0x80072EFD, HTTP status code = 0
2009-05-12 11:16:32:250 784 1fc PT + Caller provided proxy = No
2009-05-12 11:16:32:250 784 1fc PT + Proxy list used = proxy:8080
2009-05-12 11:16:32:250 784 1fc PT + Bypass list used = <NULL>
2009-05-12 11:16:32:250 784 1fc PT + Caller provided credentials = No
2009-05-12 11:16:32:250 784 1fc PT + Impersonate flags = 0
2009-05-12 11:16:32:250 784 1fc PT + Possible authorization schemes used =
2009-05-12 11:16:32:250 784 1fc PT WARNING: GetConfig failure, error =
0x80072EFD, soap client error = 5, soap error code = 0, HTTP status code = 200
2009-05-12 11:16:32:250 784 1fc PT WARNING: PTError: 0x80072efd
2009-05-12 11:16:32:250 784 1fc PT WARNING: GetConfig_WithRecovery failed:
0x80072efd
2009-05-12 11:16:32:250 784 1fc PT WARNING: RefreshConfig failed: 0x80072efd
2009-05-12 11:16:32:250 784 1fc PT WARNING: RefreshPTState failed: 0x80072efd
2009-05-12 11:16:32:250 784 1fc PT WARNING: PTError: 0x80072efd
2009-05-12 11:16:32:250 784 1fc Report WARNING: Reporter failed to upload
events with hr = 80072efd.
2009-05-12 11:37:44:095 784 354 AU Triggering AU detection through
DetectNow API
2009-05-12 11:37:44:111 784 354 AU Triggering Online detection
(non-interactive)
2009-05-12 11:37:44:111 784 778 AU #############
2009-05-12 11:37:44:111 784 778 AU ## START ## AU: Search for updates
2009-05-12 11:37:44:111 784 778 AU #########
2009-05-12 11:37:44:111 784 778 AU <<## SUBMITTED ## AU: Search for updates
[CallId = {C82651FD-2A43-43B9-B8E8-C2DE12AAFE09}]
2009-05-12 11:37:44:111 784 690 Agent *************
2009-05-12 11:37:44:111 784 690 Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2009-05-12 11:37:44:111 784 690 Agent *********
2009-05-12 11:37:44:111 784 690 Agent * Online = Yes; Ignore download
priority = No
2009-05-12 11:37:44:111 784 690 Agent * Criteria = "IsHidden=0 and
IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or
IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and
IsAssigned=1 or IsHidden=0 and IsInstalled=1 and
DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or
IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and
IsAssigned=1 and RebootRequired=1"
2009-05-12 11:37:44:111 784 690 Agent * ServiceID =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2009-05-12 11:37:44:111 784 690 Agent * Search Scope = {Machine}
2009-05-12 11:38:05:424 784 690 Misc WARNING: SendRequest failed with hr =
80072efd. Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth
Schemes used : <>
2009-05-12 11:38:05:424 784 690 Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://wsus01.domain.com/selfupdate/wuident.cab>. error 0x80072efd
2009-05-12 11:38:05:424 784 690 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2009-05-12 11:38:05:424 784 690 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2009-05-12 11:38:05:424 784 690 Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072efd
2009-05-12 11:38:26:424 784 690 Misc WARNING: SendRequest failed with hr =
80072efd. Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth
Schemes used : <>
2009-05-12 11:38:26:424 784 690 Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://wsus01.domain.com/selfupdate/wuident.cab>. error 0x80072efd
2009-05-12 11:38:26:424 784 690 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2009-05-12 11:38:26:424 784 690 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2009-05-12 11:38:26:424 784 690 Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072efd
2009-05-12 11:38:47:424 784 690 Misc WARNING: SendRequest failed with hr =
80072efd. Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth
Schemes used : <>
2009-05-12 11:38:47:424 784 690 Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://wsus01.domain.com/selfupdate/wuident.cab>. error 0x80072efd
2009-05-12 11:38:47:424 784 690 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2009-05-12 11:38:47:424 784 690 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2009-05-12 11:38:47:424 784 690 Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072efd
I still have the problem, even if I went to the Microsoft Windows Update
site, and the Automatic Update client have been updated (it seem to have been
reinstalled completely).
+ Proxy list used: proxy:8080
This server already existed in the company, but it is not used anymore (it
have been decomissionned).
Here my "new" WindowsUpdate.log content:
2009-05-12 11:16:32:250 784 1fc Misc WARNING: SendRequest failed with hr =
80072efd. Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth
Schemes used : <>
2009-05-12 11:16:32:250 784 1fc PT + Last proxy send request failed with
hr = 0x80072EFD, HTTP status code = 0
2009-05-12 11:16:32:250 784 1fc PT + Caller provided proxy = No
2009-05-12 11:16:32:250 784 1fc PT + Proxy list used = proxy:8080
2009-05-12 11:16:32:250 784 1fc PT + Bypass list used = <NULL>
2009-05-12 11:16:32:250 784 1fc PT + Caller provided credentials = No
2009-05-12 11:16:32:250 784 1fc PT + Impersonate flags = 0
2009-05-12 11:16:32:250 784 1fc PT + Possible authorization schemes used =
2009-05-12 11:16:32:250 784 1fc PT WARNING: GetConfig failure, error =
0x80072EFD, soap client error = 5, soap error code = 0, HTTP status code = 200
2009-05-12 11:16:32:250 784 1fc PT WARNING: PTError: 0x80072efd
2009-05-12 11:16:32:250 784 1fc PT WARNING: GetConfig_WithRecovery failed:
0x80072efd
2009-05-12 11:16:32:250 784 1fc PT WARNING: RefreshConfig failed: 0x80072efd
2009-05-12 11:16:32:250 784 1fc PT WARNING: RefreshPTState failed: 0x80072efd
2009-05-12 11:16:32:250 784 1fc PT WARNING: PTError: 0x80072efd
2009-05-12 11:16:32:250 784 1fc Report WARNING: Reporter failed to upload
events with hr = 80072efd.
And this morning I resetted the SoftwareDistribution directory again, and
removed the WindowsUpdate registry key...
Where in the hell it is getting this settings from???
Thanks.
> This server is brand new (VMWare virtual machine), 1 month old only, it is
> running Windows Server 2003 Enterprise 64-bit SP2, and all the Windows
> updates have been applied. The Automatic Updates client never function
> properly... the reason why I'm actually working on it.
Your symptom has changed. ProcMon could still be useful
to supplement your diagnostics but since the new symptom
indicates a probably connectivity issue you could try diagnosis
from that angle, e.g. use netcap to see if any requests are
going out and what response they are getting. Or, if you have
any better diagnostics for assessing connectivity in your virtual
environment, use those.
Good luck
Robert
---
> I've noticed that the error messages in the log are coming from a
> different process than the Automatic Updates service process. I don't
> think the AU service normally spawns a subprocess in this situation, [...]
I was wrong about this, for the record. I've just observed the same behaviour
on my own machine.
Harry.
Check this registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections
there should be a value WinHttpSettings with this binary data:
18 00 00 00 00 00 00 00
01 00 00 00 00 00 00 00
00 00 00 00
is that correct?
Next, search the following two registry keys for any instances of the text
proxy:8080 and let us know if (and where) you find any:
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_USERS
Harry.
28 00 00 00 00 00 00 00
01 00 00 00 00 00 00 00
00 00 00 00
And when I search for the server name I found nothing in the registry!
Incredible, but true.
I'm actually running procmon.exe and when I filter on svchost and PID
corresponding to Automatic Updates service process, I got just before the
process try to connect to the proxy server:
9:04:42.8422654
AM svchost.exe 800 RegOpenKey HKLM\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections SUCCESS
9:04:42.8422871
AM svchost.exe 800 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\WinHttpSettings SUCCESS Type: REG_BINARY, Length: 20,
Data: 28 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
9:04:42.8423018
AM svchost.exe 800 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\WinHttpSettings SUCCESS Type: REG_BINARY, Length: 20,
Data: 28 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
9:04:42.8423131
AM svchost.exe 800 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections SUCCESS
9:04:45.7881667 AM svchost.exe 800 TCP Reconnect wsus01.domain.com:2095 ->
proxy.domain.com:8080 SUCCESS Length: 0, connid: 4294965983, seqnum: 20
And when I look at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections registry key, nothing.
Still searching...
and did everything suggested with no result, except for replacing the WSUS
DNS name with the IP adress, and now I get the following into the
WindowsUpdate.log
2009-05-13 09:55:51:671 784 d58 Misc =========== Logging initialized
(build: 7.2.6001.788, tz: -0400) ===========
2009-05-13 09:55:51:671 784 d58 Misc = Process:
C:\WINDOWS\System32\svchost.exe
2009-05-13 09:55:51:671 784 d58 Misc = Module:
C:\WINDOWS\system32\wuaueng.dll
2009-05-13 09:55:51:671 784 d58 Service *************
2009-05-13 09:55:51:671 784 d58 Service ** START ** Service: Service startup
2009-05-13 09:55:51:671 784 d58 Service *********
2009-05-13 09:55:51:671 784 d58 Agent * WU client version 7.2.6001.788
2009-05-13 09:55:51:671 784 d58 Agent * Base directory:
C:\WINDOWS\SoftwareDistribution
2009-05-13 09:55:51:671 784 d58 Agent * Access type: No proxy
2009-05-13 09:55:51:671 784 d58 Agent * Network state: Connected
2009-05-13 09:56:37:125 784 d58 Agent *********** Agent: Initializing
Windows Update Agent ***********
2009-05-13 09:56:37:125 784 d58 Agent *********** Agent: Initializing
global settings cache ***********
2009-05-13 09:56:37:125 784 d58 Agent * WSUS server: 192.168.46.34
2009-05-13 09:56:37:125 784 d58 Agent * WSUS status server: 192.168.46.34
2009-05-13 09:56:37:125 784 d58 Agent * Target group: (Unassigned
Computers)
2009-05-13 09:56:37:125 784 d58 Agent * Windows Update access disabled: No
2009-05-13 09:56:37:125 784 d58 DnldMgr Download manager restoring 0
downloads
2009-05-13 09:56:37:125 784 d58 AU ########### AU: Initializing Automatic
Updates ###########
2009-05-13 09:56:37:140 784 d58 AU # WSUS server: 192.168.46.34
2009-05-13 09:56:37:140 784 d58 AU # Detection frequency: 22
2009-05-13 09:56:37:140 784 d58 AU # Approval type: Pre-install notify
(Policy)
2009-05-13 09:56:37:140 784 d58 AU # Auto-install minor updates: No (User
preference)
2009-05-13 09:56:37:156 784 d58 AU AU finished delayed initialization
2009-05-13 09:56:37:156 784 d58 Report *********** Report: Initializing
static reporting data ***********
2009-05-13 09:56:37:156 784 d58 Report * OS Version = 5.2.3790.2.0.196882
2009-05-13 09:56:37:203 784 d58 Report * Computer Brand = VMware, Inc.
2009-05-13 09:56:37:203 784 d58 Report * Computer Model = VMware Virtual
Platform
2009-05-13 09:56:37:203 784 d58 Report * Bios Revision = 6.00
2009-05-13 09:56:37:203 784 d58 Report * Bios Name = Default System BIOS
2009-05-13 09:56:37:203 784 d58 Report * Bios Release Date =
2007-09-06T00:00:00
2009-05-13 09:56:37:203 784 d58 Report * Locale ID = 1033
2009-05-13 09:56:38:718 784 dc8 PT WARNING: PTError: 0x80072ee6
2009-05-13 09:56:38:718 784 dc8 PT WARNING: Initialization failed for
Protocol Talker Context: 0x80072ee6
2009-05-13 09:56:38:718 784 dc8 Report WARNING: Reporter failed to upload
events with hr = 80072ee6.
2009-05-13 09:56:38:718 784 dc8 PT WARNING: PTError: 0x80072ee6
2009-05-13 09:56:38:718 784 dc8 PT WARNING: Initialization failed for
Protocol Talker Context: 0x80072ee6
2009-05-13 09:56:38:718 784 dc8 Report WARNING: Reporter failed to upload
events with hr = 80072ee6.
2009-05-13 10:09:26:089 784 dc8 PT WARNING: PTError: 0x80072ee6
2009-05-13 10:09:26:089 784 dc8 PT WARNING: Initialization failed for
Protocol Talker Context: 0x80072ee6
2009-05-13 10:09:26:089 784 dc8 Report WARNING: Reporter failed to upload
events with hr = 80072ee6.
2009-05-13 10:36:58:224 784 fd4 PT WARNING: PTError: 0x80072ee6
2009-05-13 10:36:58:224 784 fd4 PT WARNING: Initialization failed for
Protocol Talker Context: 0x80072ee6
2009-05-13 10:36:58:224 784 fd4 Report WARNING: Reporter failed to upload
events with hr = 80072ee6.
Now I'm searching
>I visited: http://msmvps.com/blogs/Athif/articles/43174.aspx
>
> and did everything suggested with no result, except for replacing the WSUS
> DNS name with the IP adress, and now I get the following into the
> WindowsUpdate.log
You got this error, because the "URL" is not a valid format:
> 2009-05-13 09:56:37:125 784 d58 Agent * WSUS server: 192.168.46.34
> 2009-05-13 09:56:37:125 784 d58 Agent * WSUS status server:
> 192.168.46.34
> 2009-05-13 09:56:38:718 784 dc8 PT WARNING: PTError: 0x80072ee6
0x80072ee6 - ERROR INTERNET UNRECOGNIZED SCHEME
WindowsUpdate.log
2009-05-13 13:48:34:207 784 830 Agent *************
2009-05-13 13:48:34:207 784 830 Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2009-05-13 13:48:34:207 784 830 Agent *********
2009-05-13 13:48:34:207 784 830 Agent * Online = Yes; Ignore download
priority = No
2009-05-13 13:48:34:207 784 830 Agent * Criteria = "IsHidden=0 and
IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or
IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and
IsAssigned=1 or IsHidden=0 and IsInstalled=1 and
DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or
IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and
IsAssigned=1 and RebootRequired=1"
2009-05-13 13:48:34:207 784 830 Agent * ServiceID =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2009-05-13 13:48:34:207 784 830 Agent * Search Scope = {Machine}
2009-05-13 13:48:55:146 784 830 Misc WARNING: SendRequest failed with hr =
80072efd. Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth
Schemes used : <>
2009-05-13 13:48:55:146 784 830 Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://192.168.46.34/selfupdate/wuident.cab>. error 0x80072efd
2009-05-13 13:48:55:146 784 830 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2009-05-13 13:48:55:146 784 830 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2009-05-13 13:48:55:146 784 830 Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072efd
2009-05-13 13:49:16:146 784 830 Misc WARNING: SendRequest failed with hr =
80072efd. Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth
Schemes used : <>
2009-05-13 13:49:16:146 784 830 Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://192.168.46.34/selfupdate/wuident.cab>. error 0x80072efd
2009-05-13 13:49:16:146 784 830 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2009-05-13 13:49:16:146 784 830 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2009-05-13 13:49:16:146 784 830 Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072efd
Now I'm thinking REBUILDING the server completely from scratch!!!
Any other idea?
> With http://192.168.46.34, same problem as before!
> 2009-05-13 13:48:55:146 784 830 Misc WARNING: WinHttp:
> SendRequestUsingProxy failed for
> <http://192.168.46.34/selfupdate/wuident.cab>. error 0x80072efd
This is a different version of the same fundamental problem.
The client does not have a valid network pathway to the specified IP
Address.
This is a =Network Infrastructure= problem.
> Now I'm thinking REBUILDING the server completely from scratch!!!
Rebuilding the server won't fix an existing =network= problem, and it
certainly won't get traffic from a client there that can't get there now.
That's like repaving a parking lot in Manhattan because the Brooklyn Bridge
is closed -- thinking cars from Brooklyn will now be able to park in
Manhattan. :-)
> Any other idea?
Find and repair the network infrastructure fault that's impeding data
communications from the client to the server. (a la -- reopen the Brooklyn
Bridge).
WARNING: SendRequest failed with hr = 80072efd. Proxy List used:
<proxy:8080> Bypass List used : <(null)> Auth Schemes used : <>
--------------> Proxy List used: <proxy:8080>
This is the closed bridge, since this server DOES NOT EXIST!
;-)
What I'm trying to find, it is WHERE Automatic Update is getting this
settings?
Thanks.
Incredible but true, here the NEW log:
2009-05-13 17:09:20-0400 808 130 WU client with version 5.7.3790.3959
successfully initialized
2009-05-13 17:09:20-0400 808 130 Service status is now SERVICE_RUNNING
2009-05-13 17:10:05-0400 808 130 start delayed initialization of WU client
2009-05-13 17:10:05-0400 808 130 BatchFlushAge = 12636.
2009-05-13 17:10:05-0400 808 130 SamplingValue = 575, sampling required = Yes
2009-05-13 17:10:05-0400 808 130 Client Call Recorder finished delayed
initialization
2009-05-13 17:10:05-0400 808 130 Setting next AU detection timeout to
2009-05-13 21:10:05
2009-05-13 17:10:05-0400 808 130 AU finished delayed initialization
2009-05-13 17:10:05-0400 808 130 AU received event of type: 1
2009-05-13 17:10:05-0400 808 130 WU client succeeds
CClientCallRecorder::BeginFindUpdatesEx from AutomaticUpdates with call id
{DE11318B-BA3E-4E3B-A85E-9985297CA773}
2009-05-13 17:10:05-0400 808 350 WU client executing call
{DE11318B-BA3E-4E3B-A85E-9985297CA773} of type Search Call
2009-05-13 17:10:19-0400 808 350 SendRequest failed with hr = 80072efd.
Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth Schemes used :
<>
2009-05-13 17:10:19-0400 808 350 WinHttp: SendRequestUsingProxy failed for
<http://wsus01.domain.com/SelfUpdate/wuident.cab>. error 0x80072efd
2009-05-13 17:10:19-0400 808 350 WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2009-05-13 17:10:19-0400 808 350 WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2009-05-13 17:10:19-0400 808 350 WinHttp: ShouldFileBeDownloaded failed
with 0x80072efd
2009-05-13 17:10:28-0400 1684 698 CreateObject for
Microsoft.Update.AgentInfo failed: error 0x800401f3
2009-05-13 17:10:28-0400 808 3ac WU client succeeds
CClientCallRecorder::EnumerateService
Wow... now I'll try changing network settings (new VMWare network - another
VLAN where other servers are functionning properly). I will let you know!
Thanks.
No, I didn't miss anything at all. the 0x80072efd error is a CANNOT CONNECT
error,
and the reason why hasn't changed a bit -- the network pathway is blocked.
> Proxy List used: <proxy:8080> Bypass List used : <(null)> Auth Schemes
> used : <>
>
> --------------> Proxy List used: <proxy:8080>
But, previously, we were focusing on the "Proxy" entry itself, and the
0x80070002 error in the CDT. Those may or may not be misleading items of
information. What's significant is that the client can't talk to the server,
and that spells N E T W O R K F A U L T -- whereever it happens to be.
Until you find out WHY that machine cannot communicate with the WSUS Server
(or even if it can communicate with *anything* outside of the VMWare Host
machine), building a new server isn't likely to do anything except waste
time -- the most significant risk is your "new" server will get this same
configuration data from wherever this server is getting it now, and you will
have accomplished nothing of significance.
The CORRECT procedure is to identify the CAUSE of the issue, and then repair
the CAUSE.
> This is the closed bridge, since this server DOES NOT EXIST!
Yes.. we all understand there's no physical proxy server installed. That's
not the problem. The problem is that *something* is feeding *configuration
data* to your virtual machine - you need to find out what that is. Actually,
you should already know what that is. In a message dated yesterday morning
you stated, in regards to the alleged proxy server -- "This server already
existed in the company, but it is not used any more (it have been
decomissionned)" -- so you already have the answer to that question. What
was done when that server existed to tell the clients to use that server.
I'll bet dollars-to-donuts that decommissioning the server isn't enough, and
something else still needs to be "unconfigured".
> What I'm trying to find, it is WHERE Automatic Update is getting this
> settings?
Exactly -- that's what you need to do -- but we're not going to be able to
give you that answer in this forum. It's *NOT* the WSUS Server providing
that information. You used to have a proxy server; now, apparently, you do
not, but this machine thinks it's still there -- that's because *something*
is telling this machine to use the proxy server. You need to find out what
that is. Once you do, your problem will be solved. Until you do -- it's
highly unlikely any machine is going to be able to successfully
detect/install updates from the WSUS Server.
> Brand new server installation (new VMWare virtual machine with the same name,
> new Windows Server 2003 R2 Enterprise 64 bit), SP2 + all Windows update =
> SAME PROBLEM!
My best guess at this point is that this is proxy autodetection. Is there an
entry for wpad in your DNS?
Could you check the contents of the Connections key again? Is the first byte
still 28 instead of 18? If so, I'm guessing autodetection is being enabled by
group policy. You may or may not want to turn this policy setting off, but
you'll definitely want to remove the wpad DNS entry if it is indeed present.
Harry.
Imagine that! :-)
As soon as I changed the network VLAN, the problem goes away.
Now since this setting is not coming from of the DHCP server, I transferred
this case to the network team.
NOTE: This is solving another problem at the same time, a lot of
workstations were having difficulties to connect to the Internet -- IE is
configured by default to "Autodetect" network settings...
Thanks, your help was very appreciated!!!
Now I have to find out which device is providing wrong WPAD configuration.
This is not the DNS neither the DHCP. Now, how I could query and find which
device which is giving this information? Next step...
Thanks a lot for your help!
> Finally that was related to the "Automatically detect settings" of Internet
> Explorer, since when I change the server VLAN to another, it is working
> correctly.
>
> Now I have to find out which device is providing wrong WPAD configuration.
> This is not the DNS neither the DHCP.
Beats the heck out of me then. I thought DNS was the only way this could happen.
> Now, how I could query and find which
> device which is giving this information? Next step...
I'd suggest you start by seeing if you can reproduce the same issue in IE. That
is, on a machine on the affected VLAN, configure IE to autodetect proxy settings
and see if it tries to use the old proxy.
If this does happen, then the IE newsgroup is probably your best next stop.
> Thanks a lot for your help!
You're most welcome.
Harry.