Solved

0x80072F78 Error using Windows Update

Posted on 2007-12-06
8
1,852 Views
Last Modified: 2012-06-21
I've spent the whole day on this - and finally narrowed it down to a bizarre behaviour that I don't understand - need help!

I've got a mix of 35 W2K and WinXP PCs on a network - all connected to a common gateway (We're on a domain, but internet traffic doesn't route through the servers).

Whenever I attempt to download and install any updates (on any PC) the browser takes me to the windows update site and tries to check for an update to the windows update software - after about 4 minutes it times out with error 0x80072F78.

Checking the WindowsUpdate.log file I see that the system is trying to download a file called wuredir.cab from (1st) download.windowsupdate.com and then (2) download.microsoft.com - on both occasions this fails.

Here's where it gets interesting - if I attempt to browse to http://download.microsoft.com on any of these PCs it tries for 30 seconds or so, and then comes back with a message saying that it can't connect - however, if I try to connect to any other site (eg www.microsoft.com) it connects just fine.

It gets better ...

One of the computers has a modem and a dial up account with another ISP - if I connect to the internet via that it connects to the download sites just fine (redirecting me to their downloads website) - and if I check the Windows Update with DUN running it works just fine - kill the dialup and it won't update again.

I've tried connecting to the site via another ISP and from another site - and that works OK too.

So - it looks like either a Router (Cisco 800 series) or ISP (Telstra Clear) problem - I get on the phone to the ISP - they login to a router of theirs using our username and password - and they can browse to the site no problem - which tends to point the finger back at our Cisco ADSL router (perhaps).

Food for thought ...

Updates have always worked just fine through this router - and it hasn't had any configuration changes in the last couple of years - plus - it happily connects up to any other site in the world, so why would this one be any different?

Additionally, I've ...

Searched the Microsoft KB (no, we're not behind a firewall; no, we're not using a proxy server) - and done the usual (restarted everything a few times - started and stopped services - emptied temp files etc etc etc).

ANY IDEAS ANYONE? - Issue is 100% repeatable - occuring on IE6 and 7 - on WinXP and 2K - on workstation, and server - I'm starting to get a little thin on ideas.

PS: We can PING download.microsoft.com - just not connect to it.
0
Comment
Question by:The_Maverick
  • 4
  • 4
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20427991
Since you have narrowed it down to the router, two thoughts: - Might port 443 be blocked, and have you tried lowering the MTU on the router? Both of these have been known to be related to Windows Updates, and 443 would not be blocked on the DUN, and MTU would be much lower.
0
 
LVL 2

Author Comment

by:The_Maverick
ID: 20430588
Hi Rob,

Thanks for that.

I did come across these suggestions - and did infact spend quite some time looking at the router setup.

I didn't give too much weight to the possibility of port 443 being blocked as (a) the firewall on the router is currently disabled, and (b) the updates have always worked in the past. It's a Cisco 800 series router (ADSL) and to be honest I do struggle with it a bit. Do you know of a way I could test port 443?

With regards to the MTU size - I had a good look for something in the router setup that pertained to this, but couldn't find anything - any ideas? Could it be something that needs to be changed in the client PC? (or both?).

Many thanks,

Colin
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20431633
I agree it is not likely the port problem. That should be open by default and would have to been intentionally blocked...unlikly. Try going to a secured bank site, if that works it's not likely 443/ssh/ssl

The MTU can be set on the router. I'm not a "Cisco guy" and the commands vary with different units. you could post a link or question in the Cisco forum for specifics.
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/

You can also set on the PC, though I wouldn't think that would be necessary, but easy to do on a test machine. You can create/change a registry key but the easiest way is using the DrTCP tool. The default is 1500. Try lowering to 1400 or even 1300 as a test.
http://www.dslreports.com/drtcp

Is it possible to swap the router as a quick test?
0
 
LVL 2

Author Comment

by:The_Maverick
ID: 20431811
Thanks Rob,

I had a play with the router and have now got the MTU set at 1492 and MSS set to 1452 - but still no go (since I merged it with the running configuration I'm assuming that I don't need to restart the router).

Next step is probably to (as you suggest) swap-out the router (not too difficult). The other possibility is that the ISP is doing something screwy? (The DUN ws with another ISP).

Thanks for your help so far :)
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 20431884
Sorry, I really haven't been much help.

Not to a lot the ISP would likely do to cause problems, but it's possible changes on their end could require lowering the MTU, which is why I was suggesting it.

Swapping the router should at least confirm if it's the ISP or the router.
0
 
LVL 2

Author Closing Comment

by:The_Maverick
ID: 31415975
Thanks Rob - At this stage it's "narrowed down" to the ISP. As predicted the ISP says "all looks good from their end" - and a few days later it started working again. Only thought from ISP was that our IP address might have been being blocked somewhere along the way. Thanks again for your help - if nothing else it's reassuring to have a sounding board to re-affirm to myself that I'm not going insane! Cheers,

Colin
0
 
LVL 2

Author Comment

by:The_Maverick
ID: 20497536
Folks, this one was a real nightmare. If you ever get this error code, try a couple of things:

(1) Take a look at the windowsupdate.log file to see how far it's getting, and (2) Try browsing to download.microsoft.com - if you can't connect to the website then that's a good place to start - if that website re-directs you to the Microsoft Downloads Centre then that's not your problem. If in doubt, try another ISP if you can. At the end of the day I suspect the issue was caused either by:

* an ISP DNS issue (we did see that download.microsoft.com resolved to two completely different IP addresses through different ISPs) (and even with the SAME ISP)

* an ISP Routing issue (even though we could ping the address, it soesn't mean to say it was the correct target machine), or

* A silent proxy sitting somewhere between us and them (definately not on my side of the gateway, but ISP was somewhat vague about it).

Good luck!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20497552
Thanks The_Maverick  for points, and posting your findings.
Cheers !
--Rob
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now