Windows Update Failing on all Win8/2012 Machines

This is driving me crazy. I have a situation where ANY Windows 8 or 2012R2 Server on my network will fail to get Windows Updates with error code 0x80072EFE. I have tons of Windows 7 and 2008R2 Servers that all upgrade without a hitch.

If I bring in a laptop that updates fine at home, it fails on my network.

The only thing I can even remotely think of is an issue with my SonicWall, but I've been though that 100 times and previous operating systems work fine.

Can anyone throw me a bone here? Attached is the Windows Update log for prosperity

WindowUpdate.txt
LVL 4
jschwegAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Based on what you said, see if you can route around the network routers directly to the ISP modem and try updates from there. It is unlikely to be an ISP problem, so if the direct route works, then you know the issue is in the network routers.

How many routers?  Just the Sonic Wall?  If the latter, you may need to save the configuration, reset it and try again.
jschwegAuthor Commented:
I found this article, which is exactly the problem I'm having:

https://social.technet.microsoft.com/Forums/windows/en-US/1f97ff82-fe96-4296-8adc-04fede7c7cc7/windows-update-fails-with-80072efe-on-windows-81?forum=w8itproinstall

It references having a problem with a KB update at the very end. I uninstalled this, and actually got further (it is at least making the connection to WU now, but fails with error code 8024A000)
JohnBusiness Consultant (Owner)Commented:
I have all the updates mentioned in place on my own Windows 8 Laptop that goes from client to client. My machine, client machines, and client servers are not failing to update through Juniper gear.

I think the issue is in your network (Too many machines not updating for it to be a corruption issue).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

jschwegAuthor Commented:
After uninstalling that patch, I reset all the Windows Update Components (SoftwareDistribution/Caroot2) and Windows update worked just fine. I successfully installed all the other updates except for this one, rebooted, and successfully did another detection which obviously is only showing this single update again.

I'm going to reapply this update again now, reboot and see if it breaks again.
JohnBusiness Consultant (Owner)Commented:
The update may be conflicting with Sonic Wall or may be due to your machine make (BIOS and Chipset differences).

In general and for Lenovo and for Non-Sonic Wall gear I am not having issues.
jschwegAuthor Commented:
After re-applying KB2919355 Windows Update is broken again.

So it's related to this KB, but this thing is the April 2014 rollup, it's ancient. This image 2012 ISO was the one posted in the MS VLC site which is why I'm patching everything up,

This update had a ton of problems when it was released failing to connect to WSUS servers, however I'm connecting to the normal MS Update site, so not sure why this applies. At least I have something to go on now.
JohnBusiness Consultant (Owner)Commented:
That year old update was superseded and fixed April or May of 2014. It is not preventing updates on any of my own or client machines.

Go to Manual Updates and see if you are missing recommended updates. Microsoft did stick some (in hindsight) critical updates under recommended. I thought they fixed this as well. But do check in Recommended and see if you find anything.
jschwegAuthor Commented:
Okay, finally figured it out. The root problem was of course the SonicWall. That particular Windows update changed the protocol that Windows Update uses (TLS 1.2), which then started falsely matching one of the application policies I had that blocks P2P traffic going out of my network. All the other operating systems still worked fine because they continued to use the older protocol which wasn't causing a problem.
JohnBusiness Consultant (Owner)Commented:
Thanks for the update and I was happy to help. Good luck going forward. I am also very glad it was network instead of all those machines. That would have been ugly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.