Windows Updates Failing

The latest Windows updates were failing on several Windows machines I manage with the following error.

Windows Update Error
Your computer’s date and time appear to be out of sync with an update certificate. [Error number: 0x80072F8F]

My clock was spot on, so the error message didn’t make much sense. I turned to Google.

I applied all four methods from this Microsoft Knowledge Base entry without success.

Method 1: Verify and adjust the date and time settings
Method 2: Install the most current Microsoft root certificate update
Method 3: Click to clear the “Check for server certificate revocation” check box
Method 4: Register Windows .dll files that may be causing the issue

Ben Harrell found that his BIOS clock was the problem so I rebooted and checked mine. The BIOS clock was correct too. In the comments someone found Kaspersky Internet Security was the culprit and disabling “Check all encrypted connections” fixed it. Temporarily disabling my antivirus software had no affect.

Another fix that’s probably the same as Method 2 above is to enable Update Root Certificates in Add/Remove programs in Windows Components. It was already enabled.

The freeware forum had lots of suggestions but most were duplicates. Of the new ones (clearing out temporary files and SSL cache), none helped. The guy’s problem was his BIOS clock was off by 12 months.

Firewall settings were an issue for some folks, but disabling the firewall had no affect in my case.

I decided to compare the output in WindowsUpdate.log located in %WINDIR% (typically C:\Windows) on a working machine with a non-working machine. Eureka! The proxy servers were different. Changing the proxy server and restarting IE did the trick.

I did one more search and found the WindowsBBS forum with an account of a proxy/firewall issue causing problems back in 2004. It may or not be the same issue, but the proxy is something else to check.

Isn’t the solution always in the last place you look :)