Windows Update 80072EFD after DCPROMO

Can anyone help please. I am completely stuck with this one.

I have a windows 2003 domain with two domain controllers. (Both with service
pack 2 installed).

I have a Dell PowerEdge 1750 with which I have installed Windows Server 2008
sp2 freshly installed with latest drivers etc.

Windows Update works fine while the server is in member mode, but after
DCPROMO (yes I have adpreped) I get 80072EFD error. I have checked all
knowledge base articles and NONE seem to relate to my problem. Please note I
have tried all suggested solutions with no joy.

If I uninstall AD services etc all is working fine again. This is driving me
nuts. I have even reinstalled the O/S.

I am justing trying to install a pretty standard windows server 2008 domain
controller with dns etc.

If anyone can spread a little light on my problem I would much appreciate it.

Paul.
P.S. I have been asked to post here from another forum. Please read
http://social.technet.microsoft.com/...1-f8147b27063c
before replying. Any heros want to beat the MVPs on the other forum!!!
Thanks Again, Paul.

"Paul" <> wrote in message
news:FE627D19-6213-45DF-8AF9-...

> Windows Update works fine while the server is in member mode, but after
> DCPROMO (yes I have adpreped) I get 80072EFD error.

> P.S. I have been asked to post here from another forum.

And incorrectly so. The *correct* forum to have asked this question is the
*WindowsUpdate* forum, although I confess they probably would have
cross-posted you over here as well, even though, ultimately, this is a Group
Policy defect.

> Please read
> http://social.technet.microsoft.com/...1-f8147b27063c
> before replying. Any heros want to beat the MVPs on the other forum!!!

Quoting from that thread...

> I do not have WSUS installed (on any server).

> 2009-08-03 23:12:50:392 1024 f80 Misc WARNING: WinHttp:
> SendRequestUsingProxy failed
> for <http://CSL-DC:8530/selfupdate/wuident.cab>. error 0x80072efd

And yet... this machine *IS* configured to use a "WSUS Server" -- not
Windows Update.

So... since this is Win2008:

1. When using the WUApp, you should note the fine print hyperlink that
invites you to scan against the alternate resource. If a machine is
configured to use WSUS, as this one appears to be, clicking on "Check for
updates" will attempt to scan against a WSUS server. In this case, one does
not actually exist, thus the 0x80072efd error. If you click on the link
"Check online for updates from Microsoft Update", the WUApp will actually
connect to MU to scan for updates.

2. You should also note this phrase: "You receive updates: Managed by your
system administrator" which is the key phrase that the machine is configured
to use a WSUS Server.

3. The ultimate question is to determine where this machine is getting a
policy that's configuring it to use itself as a WSUS Server the moment it's
joined to the domain. Logically one would suspect the Default Domain Policy
(except this problem would have long-ago affected dozens of other machines),
or the Default Domain Controllers Policy (but even then, why would a policy
pointing to a non-existent WSUS server exist at all?)...

Unless, of course, this machine CSL-DC previously existed, and previously
did host a WSUS Server -- in which case a whole lotta machines are in a
world of hurt about right now.

--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

Problem Solved. Thank you Lawrence.

Unbeknown to me CSL-DC was previously (many moons ago by a previous admin
bod) installed as a WSUS server. There was a remanant setting in the Default
Domain Controller policy pointing which pointed all domain controllers to
this no exsitent WSUS server.

But, I am puzzled why the Windows Server 2003 DCs where OK? No Machines
where hurt as they are all using windows update and were unaffected by
this issue.

Many thanks again, Paul.


"Lawrence Garvin [MVP]" wrote:

> "Paul" <> wrote in message
> news:FE627D19-6213-45DF-8AF9-...
>
> > Windows Update works fine while the server is in member mode, but after
> > DCPROMO (yes I have adpreped) I get 80072EFD error.
>
> > P.S. I have been asked to post here from another forum.
>
> And incorrectly so. The *correct* forum to have asked this question is the
> *WindowsUpdate* forum, although I confess they probably would have
> cross-posted you over here as well, even though, ultimately, this is a Group
> Policy defect.
>
> > Please read
> > http://social.technet.microsoft.com/...1-f8147b27063c
> > before replying. Any heros want to beat the MVPs on the other forum!!!
>
> Quoting from that thread...
>
> > I do not have WSUS installed (on any server).
>
> > 2009-08-03 23:12:50:392 1024 f80 Misc WARNING: WinHttp:
> > SendRequestUsingProxy failed
> > for <http://CSL-DC:8530/selfupdate/wuident.cab>. error 0x80072efd
>
> And yet... this machine *IS* configured to use a "WSUS Server" -- not
> Windows Update.
>
> So... since this is Win2008:
>
> 1. When using the WUApp, you should note the fine print hyperlink that
> invites you to scan against the alternate resource. If a machine is
> configured to use WSUS, as this one appears to be, clicking on "Check for
> updates" will attempt to scan against a WSUS server. In this case, one does
> not actually exist, thus the 0x80072efd error. If you click on the link
> "Check online for updates from Microsoft Update", the WUApp will actually
> connect to MU to scan for updates.
>
> 2. You should also note this phrase: "You receive updates: Managed by your
> system administrator" which is the key phrase that the machine is configured
> to use a WSUS Server.
>
> 3. The ultimate question is to determine where this machine is getting a
> policy that's configuring it to use itself as a WSUS Server the moment it's
> joined to the domain. Logically one would suspect the Default Domain Policy
> (except this problem would have long-ago affected dozens of other machines),
> or the Default Domain Controllers Policy (but even then, why would a policy
> pointing to a non-existent WSUS server exist at all?)...
>
> Unless, of course, this machine CSL-DC previously existed, and previously
> did host a WSUS Server -- in which case a whole lotta machines are in a
> world of hurt about right now.
>
> --
> Lawrence Garvin, M.S., MCITP:EA, MCDBA
> Principal/CTO, Onsite Technology Solutions, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2009)
>
> MS WSUS Website: http://www.microsoft.com/wsus
> My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
>
>

"Paul" <> wrote in message
news:3C551834-BE45-4D64-AFAE-...
> Problem Solved. Thank you Lawrence.
>
> Unbeknown to me CSL-DC was previously (many moons ago by a previous admin
> bod) installed as a WSUS server. There was a remanant setting in the
> Default
> Domain Controller policy pointing which pointed all domain controllers to
> this no exsitent WSUS server.
>
> But, I am puzzled why the Windows Server 2003 DCs where OK? No Machines
> where hurt as they are all using windows update and were unaffected by
> this issue.

Perhaps those domain controllers are not currently assigned to the "Domain
Controllers" OU, where the DDC policy would be exclusively linked. It's also
possible that the DDC policy is being blocked to those domain controllers
and an alternate domain controller policy is being applied, or possibly no
policy at all.

btw... this is one of the reasons why it's "best practice" not to modify the
Default Domain Policy or the Default Domain Controllers Policy. A bit of
turnover, some weak or missing documentation, and all of a sudden nobody
knows why something weird is happening a few years later.


> Any heros want to beat the MVPs on the other forum!!!

btw.. I did post this same information on the forums thread... so maybe a
whole bunch of people will become more enlightened as a result. :-)

Glad this was the correct answer.. cuz it's the only ball I had in the game!
:-)

I'd appreciate it if you'd go back to that forums thread and mark my
response as the correct resolution.


--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin