Situation: The client can’t install Windows update with this Error 80072EFE on their DMZ web server.
Troubleshooting: 1. research online and it could be firewall issue.
2. The company LAN servers and workstations don’t have issue. Only the DMZ servers have this problem.
3. The client just migrated their Cisco ASA firewall to Paloalto firewall.
4. Review the Paloalto firewall settings, we find it misses s DMZ policy to allow accessing Microsoft download website. Creating a firewall policy fixes the problem.
5. Download and install Windows Update Assistant from Microsoft. This step by step video may help:
Step 1: Check background programs.
=======================
Disable firewalls or other Internet browser programs that can affect the Internet connection. The following programs can affect the connection to the Windows Update site and I suggest you remove or disable them:
McAfee firewall
Norton Internet Security
Zone Alarm Firewall
Panda firewall
Step 2: Delete the CatRoot2 folder
=======================
A: Stop Cryptographic Services:
1. Click Start, click Run, type in “SERVICES.MSC” and press Enter.
2. Double click Cryptographic Services, and then click Stop (if it has been started).
B: After stopping Cryptographic Service, please delete the “Catroot2” folder:
1. Locate the “C:\Windows\System32\” folder.
2. Delete the Catroot2 subfolder in System32.
Note: I am assuming your Windows Vista is installed in C:\Windows.
C: Re-start Cryptographic Services:
1. Click Start, click Run, type in “SERVICES.MSC” and press Enter.
2. Double click Cryptographic Services, and then click Start.
After performing the above steps, please visit the Windows Update website and check the available update.