This is a common problem in (I think) most versions of Windows upon the time that any user decides to install Windows from scratch, that when they try to run Windows Update you get the error code (as shown in the image above) called “Code 80072F8F”. It obviously first states that “Windows could not search for new updates”. I think this is a huge flaw in Windows, and hopefully Windows 8 will fix this in it’s installer. There are some other flaws in the Windows Vista/7 installer that I could mention that I think should be fixed but I will simply cut to the chase and help you fix this problem.
Okay, listen everyone, this is what you need to do, don’t panic!.
1. Go to your Control Panel by clicking on the Start button at the bottom right of the screen. Now go to Date and Time Properties. Make sure your time and date settings are correct, then run Windows Update again by clicking on the Start button again at the bottom left and click on All Programs and then click on Windows Update, it should work now!.
Another thing that I will mention is why this problem is happening, and some more ways to possibly fix it. If you know what an even log is it will say “Event ID 1001 WindowsUpdateFailure”. Looking at your event log entries and the generated text file that goes along with it don’t help out at all so I won’t get into that, it really only shows that this error is happening.
To know how to get to Windows Update in Windows 7, Vista and Windows Server 2008, you just go through the Control Panel after clicking on your Start button. Obviously here in Windows Update your updates can automatically download and install updates right away. The updates are processed through the folder which is in this location:
If your Windows folder is somewhere else, the folder named SoftwareDistribution is where the updates will be, they are all stored prior to Windows Update installing them on your installation of Windows. The update process then connects to Microsoft Windows’s Update website through http://www.update.microsoft.com:443, and this is the location that assists in the process of updates being downloaded, and sometimes the updates don’t download and install through as they are supposed to. Since it is using a secure SSL transaction, it has to trust the certificate that it’s using. To put things in general, there are two main checkpoints to that are made in the validation process of your updates going through.
a) The first validation is making sure the time on your Windows machine is correct and on par with the server (it has to be within at least two minutes at least). This is where I recommended changing your system time in the directions in #1 at the top.
b) The SSL certificates are validated by seeing if they are trusted.
Basically, the error code 80072F8F is included in the following error message in detail: “Your computer’s date and time appear to be out of sync with an update certificate”.
Another possible fix:
2. If your SSL certificate is being used to connect to the Microsoft URL mentioned above and the URL is not trusted, the connection then won’t go through and you will get the 80072F8F error message. You can also check if it’s been a problem by going to this Microsoft website through SSL instead of the regular HTTP connection. If you then get a certificate error when visiting that page, your PC/server won’t trust the certificate that is being used. This also means you are missing the trusted authority certificate for:
GTE CyberTrust Global Root.
And you can install the latest trusted certificate from going to the November 2009 Update for Root Certificates. Do please note that this download has no user interface when you install it, though it will install correctly when you click on it, it will have an icon that looks like a black box with a character on it, like a script looking icon. All the certificates are then installed with this file in the Trusted Root Certification Authorities area of your Local Computer.
Checking your Proxy Server Certificates:
3. This is not a regular thing, though some web proxy servers have their own certificates installed and they can be used with your approval to verify websites with SSL. In one scenario a test environment that someone I know was working in had it’s own Server OS build, which didn’t include the organizational trusted authority certificate. All of the connections through the internet were made through a web proxy server, which was then automatically applied to a proxy server’s own custom certificate. This then meant that the Server OS that was being used did not trust the web proxy certificate, which then invalidated the SSL connection and then displayed the error code explained above in this post.
To fix this problem differently you need to get a Trusted Authority Certificate that the web proxy server SSL certificate is using to then install that within the Trusted Root Certification Authorities certificate list. If was available in my own Windows Certificate Services server itself. This then should resolve the problem in many cases.
There is also a website made by Microsoft dedicated to fixing errors within Windows Update, and most of error codes have workarounds included that are generated by Windows Update. Another older website on the Technet site has a list of Windows Update Error Codes, too.
I hope those additional methods work for all of you.