0x80072F78 Error using Windows Update

Posted on 2007-12-06
Medium Priority
Last Modified: 2012-06-21
I've spent the whole day on this - and finally narrowed it down to a bizarre behaviour that I don't understand - need help!

I've got a mix of 35 W2K and WinXP PCs on a network - all connected to a common gateway (We're on a domain, but internet traffic doesn't route through the servers).

Whenever I attempt to download and install any updates (on any PC) the browser takes me to the windows update site and tries to check for an update to the windows update software - after about 4 minutes it times out with error 0x80072F78.

Checking the WindowsUpdate.log file I see that the system is trying to download a file called wuredir.cab from (1st) download.windowsupdate.com and then (2) download.microsoft.com - on both occasions this fails.

Here's where it gets interesting - if I attempt to browse to http://download.microsoft.com on any of these PCs it tries for 30 seconds or so, and then comes back with a message saying that it can't connect - however, if I try to connect to any other site (eg www.microsoft.com) it connects just fine.

It gets better ...

One of the computers has a modem and a dial up account with another ISP - if I connect to the internet via that it connects to the download sites just fine (redirecting me to their downloads website) - and if I check the Windows Update with DUN running it works just fine - kill the dialup and it won't update again.

I've tried connecting to the site via another ISP and from another site - and that works OK too.

So - it looks like either a Router (Cisco 800 series) or ISP (Telstra Clear) problem - I get on the phone to the ISP - they login to a router of theirs using our username and password - and they can browse to the site no problem - which tends to point the finger back at our Cisco ADSL router (perhaps).

Food for thought ...

Updates have always worked just fine through this router - and it hasn't had any configuration changes in the last couple of years - plus - it happily connects up to any other site in the world, so why would this one be any different?

Additionally, I've ...

Searched the Microsoft KB (no, we're not behind a firewall; no, we're not using a proxy server) - and done the usual (restarted everything a few times - started and stopped services - emptied temp files etc etc etc).

ANY IDEAS ANYONE? - Issue is 100% repeatable - occuring on IE6 and 7 - on WinXP and 2K - on workstation, and server - I'm starting to get a little thin on ideas.

PS: We can PING download.microsoft.com - just not connect to it.
Question by:The_Maverick
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 77

Expert Comment

by:Rob Williams
ID: 20427991
Since you have narrowed it down to the router, two thoughts: - Might port 443 be blocked, and have you tried lowering the MTU on the router? Both of these have been known to be related to Windows Updates, and 443 would not be blocked on the DUN, and MTU would be much lower.

Author Comment

ID: 20430588
Hi Rob,

Thanks for that.

I did come across these suggestions - and did infact spend quite some time looking at the router setup.

I didn't give too much weight to the possibility of port 443 being blocked as (a) the firewall on the router is currently disabled, and (b) the updates have always worked in the past. It's a Cisco 800 series router (ADSL) and to be honest I do struggle with it a bit. Do you know of a way I could test port 443?

With regards to the MTU size - I had a good look for something in the router setup that pertained to this, but couldn't find anything - any ideas? Could it be something that needs to be changed in the client PC? (or both?).

Many thanks,

LVL 77

Expert Comment

by:Rob Williams
ID: 20431633
I agree it is not likely the port problem. That should be open by default and would have to been intentionally blocked...unlikly. Try going to a secured bank site, if that works it's not likely 443/ssh/ssl

The MTU can be set on the router. I'm not a "Cisco guy" and the commands vary with different units. you could post a link or question in the Cisco forum for specifics.

You can also set on the PC, though I wouldn't think that would be necessary, but easy to do on a test machine. You can create/change a registry key but the easiest way is using the DrTCP tool. The default is 1500. Try lowering to 1400 or even 1300 as a test.

Is it possible to swap the router as a quick test?
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.


Author Comment

ID: 20431811
Thanks Rob,

I had a play with the router and have now got the MTU set at 1492 and MSS set to 1452 - but still no go (since I merged it with the running configuration I'm assuming that I don't need to restart the router).

Next step is probably to (as you suggest) swap-out the router (not too difficult). The other possibility is that the ISP is doing something screwy? (The DUN ws with another ISP).

Thanks for your help so far :)
LVL 77

Accepted Solution

Rob Williams earned 2000 total points
ID: 20431884
Sorry, I really haven't been much help.

Not to a lot the ISP would likely do to cause problems, but it's possible changes on their end could require lowering the MTU, which is why I was suggesting it.

Swapping the router should at least confirm if it's the ISP or the router.

Author Closing Comment

ID: 31415975
Thanks Rob - At this stage it's "narrowed down" to the ISP. As predicted the ISP says "all looks good from their end" - and a few days later it started working again. Only thought from ISP was that our IP address might have been being blocked somewhere along the way. Thanks again for your help - if nothing else it's reassuring to have a sounding board to re-affirm to myself that I'm not going insane! Cheers,


Author Comment

ID: 20497536
Folks, this one was a real nightmare. If you ever get this error code, try a couple of things:

(1) Take a look at the windowsupdate.log file to see how far it's getting, and (2) Try browsing to download.microsoft.com - if you can't connect to the website then that's a good place to start - if that website re-directs you to the Microsoft Downloads Centre then that's not your problem. If in doubt, try another ISP if you can. At the end of the day I suspect the issue was caused either by:

* an ISP DNS issue (we did see that download.microsoft.com resolved to two completely different IP addresses through different ISPs) (and even with the SAME ISP)

* an ISP Routing issue (even though we could ping the address, it soesn't mean to say it was the correct target machine), or

* A silent proxy sitting somewhere between us and them (definately not on my side of the gateway, but ISP was somewhat vague about it).

Good luck!
LVL 77

Expert Comment

by:Rob Williams
ID: 20497552
Thanks The_Maverick  for points, and posting your findings.
Cheers !

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question