windows 2008 r2 sp1 update issue 80072f8f error


I am getting a windows server 2008 r2 sp1 update issue with error message of 80072f8f.  Most of which points to issues with root certificates.  Being that I can't run updates on the server, I won't be able to download the updates to the root certificates.  I am stuck and have tried quite a few things including renaming the softwaredistribution folder.  What next?   This is a fairly new server installation which has Exchange 2010 on it.  Can anyone shed some light?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

*** Hopeleonie ***IT ManagerCommented:
Have you tried System Update Readiness Tool for Windows Server 2008 R2?
SloanITAuthor Commented:
no, I'll try it now.
SloanITAuthor Commented:
I am getting the same error, even after rebooting.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

*** Hopeleonie ***IT ManagerCommented:
Can you please upload the CheckSUR.log from %SYSTEMROOT%\Logs\CBS\CheckSUR.log?
SloanITAuthor Commented:
here is the checksur.log.

Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 14.0
2012-03-20 02:24
Checking Windows Servicing Packages

Checking Package Manifests and Catalogs

Checking Package Watchlist

Checking Component Watchlist

Checking Packages

Checking Component Store

Seconds executed: 191
 No errors detected
*** Hopeleonie ***IT ManagerCommented:
Can you check this? (Vista) (same as Server 2008 and please don't run the FixIt)

Is your date and time correct?
SloanITAuthor Commented:
I have checked on the time on the server and all is correct.  It's up to date and time zone is correct.  I have reviewed quite q few different articles so far, but nothing yet.  The two that you mentioned are amongst the most popular posts out there related to this error.

I believe the issue is related to Windows updates and root certificates.  When Windows updates connect to obtain updates, it doesn't connect due to certificates error.  In fact, I go to some https sites, such as, I get a certificate error indicating that untrusted certificate.  The certificate is issued by Microsoft Secure Server Authority.
*** Hopeleonie ***IT ManagerCommented:
Can you please zip the System and Application Eventlogs and send it to me? You will find my email address here:
(under About me)

After give me some time for the analyse...
SloanITAuthor Commented:
OK, I have sent it to you. Please let me know your findings.  Thank you.
*** Hopeleonie ***IT ManagerCommented:
Thanks for the Logs. We will find a solution together, but as told, I need time (Note this can take some days to identify the problem). This is also interesting for me, because this issue is also new for me. Hope you are not in a hurry. If you have the time and willing to continue please let me know.
The reason I’m asking you this is, because some askers are not replaying after a time. Then we both will lose lot of time.

Thanks for understanding.
SloanITAuthor Commented:
Unfortunately, I am look to get this done rather quickly because this issue branches out to other issues and is also a server that is now in production.  I appreciate you taking your time in researching this.  I'll respond asap whenever I can or if I also find a solution and will share the solution with you.   Meanwhile, the sooner that one of us find the solution, the better.  If not, I'll have to open a ticket with MS.  Thank you again.
SloanITAuthor Commented:
I got it!  The issue was that I wasn't able to perform Windows Updates, which was caused by a Root CA certificate not being there.  I exported the GTE Cyber Trust Global Root Certificate from another server as a .P7B file and transferred it to the server.  Then I imported it to trusted root certification authority.  Then I tested it by going to and the certificate warning was gone.  Then, I ran Windows Updates and sure enough, it started to download 68 updates that need to be applied.

Anyway, I hope the above information to whoever that comes along this thread.  Thank you again Hopeleonie forall your help thus far.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
*** Hopeleonie ***IT ManagerCommented:

Good news and thanks for letting me know. I joy with you...!
It was a pleasure to troubleshoot it with you.

Have a nice day.
Turns out you need to update the root certificate for the machine first!   You can download the update for this from the following Microsoft URL:
Once downloaded, double click on the file to install
Please try installing the Hotfix from the link below:
SloanITAuthor Commented:
worked out
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.