Running Windows Update on a TMG Firewall Fails with Result Code 80072EE2
Recently I have encountered a few instances in which the Windows Update client on a system with Forefront Threat Management Gateway (TMG) 2010 installed is unable to retrieve updates and fails with an error code of 80072EE2.
When this occurs, Malware Inspection and Network Inspection Systems signature updates are received without issue.
To resolve this issue, open an elevated command prompt and enter the following command:
netsh winhttp set proxy localhost:8080
If it is necessary to access HTTP and/or HTTPS web sites or services on your Internal network from the TMG firewall, you will need to configure the proxy bypass list. To learn how, enter the following command:
netsh winhttp set proxy ?
If you need to configure Windows Update on the TMG firewall to work with WSUS, read this blog post on the Forefront TMG product team blog.
Connect
Richard Hicks' Forefront TMG Blog 
Nice one Richard, saved me some head scratching
You absolute gun, I could not figure out what the issue was!
Thanks mate.
Great fix. Thank you for helping us slower lead paint fans.
My pleasure! : )
I have a similar issue but the error is 80072F7C, the above solution did not help, any ideas?
There are a few error codes that are similar that this fix resolves…not sure if that includes yours though. If it does not resolve the issue, you’ll have to continue troubleshooting. Perhaps looking at a network trace will yield some clues?
Thanks!! Fixed my problem!
You da man Richard !
Many Thanks
Thanks…glad you found the post useful! 🙂
Tnx Dude, cost me whole day to find this was my problem, and your string solved my problems. SO TNX 🙂
Glad I could help you out! 🙂
pingback from
http://blog.chrislehr.com/2011/08/super-quick-way-to-windows-update-on.html
Thanks! Save my night!
Here’s a weird one – setting proxy to 8080 allowed the detection of the updates, but downloading them failed with the same error.
Setting proxy back to direct (netsh winhttp reset proxy) then lets the downloads through.
Very confusing, especially as this is an identical build to another server which updates fine. TMG is a bit flakey isn’t it?
Glad you found the post helpful! 🙂
This is a very odd issue with Forefront TMG 2010 firewalls, that’s for sure. I have systems that work without issue, and others that have this problem. I’d be interested in knowing if installing SP2 for TMG resolves this issue.
Thanks very much for that, tried all sorts before I came across this post!
I’m happy you found the post helpful! 🙂
brilliant, thanx for sharing, 1 min to fix a problem that would have taken hours to figure out
thanks again
Installing SP2 first did NOT resolve the issue. I had to apply the fix above..thanks have not been able to update this server for 3 months!
Thanks!
sadly, this hasn’t worked for me. anyone have any more ideas?
Have you confirmed that name resolution is working correctly and that you in fact have outbound network connectivity? Also, you can find more details in the windowsupdate.log file located in the Windows directory.
Great post! many thanks Richard!
Live saver 🙂 This had been doing my head in for a while.
Hi,
We are running 4 similar firewalls (TMG 2010) , all with the same settings when it comes to proxy (port 8080). But one of them fails with a Code 80244019 when trying to update Windows. If we reset the proxy it falls “back” to the 80072ee2 error and returns if we run the netsh-command mentioned above.
The server is virus/mal-ware free and we are getting frustrated searching for more solutions.
Any sharp brains out there with a suggestion?
Hi John,
What does the Windows Update log tell you? Any clues there?
Thanks for the solution Richard!
Certainly! Always happy to help! 😀
Worked for me! Thank you!
OMG, something must have changed on an update because this “was” working.. But thanks for the FIX!!
Big Thanks to you, shame on MSFT! Once again, so ridiculous…
Why are they unable to provide sane error messages?
It gives people like me something to do I guess. 😉
Thank you Richard it works like a charm!!! One more question can I do the same steps on the Windows 2008 server r2 active directory server? Thank you!
I would expect. I’ve used this configuration to resolve a number of related issues.
Thank you!!! Totally could not figure out why updates would not install.
I’d like to personally thank you for posting this. I have no idea how you could have possibly come to the conclusion that this would resolve this problem, but it did. I had no chance of ever resolving this – thanks for your help. – Greg
You would imagine that this would be fixed … but, alas, appears not. Regards,
Glad you found the article helpful!
Thank You! How easy…
As soon as I searched for this error I was hoping there would be Hicks Ficks. Thanks.
“Hicks Ficks”. Good one! I should trademark that. 😉
Bless you, Sir!
Thanks a lot you saved my time
Thank you Richard, at elevated CMD, I typed: netsh winhttp set proxy localhost:8080 and my updates started working. Saved me lots of time.
Thanks Mr Hicks!
hey richard…em facing a problem related to URL categorization service unavailable..i have run the above mention command of “netsh” also i have checked MRS, it is also working.but still facing this problem.what dhould i do then..?? help me out…
Is your subscription still valid? This is symptomatic of an expired Web Protection Service subscription…
Absolutely Incredible, this saves me a lots of time and keep my server up-to-date, THANK YOU SO MUCH
Windows update was working perfect on Windows Server 2012R2 behind TMG till a few weeks ago. The error code 80072F8F appeared on the screen 😦
Nothing was changed on the TMG configuration or the Windows servers.
Searched for days and then I found your post. I thought what the heck lets try “netsh winhttp set proxy xxxxxxx:8080” on the Windows 2012 server. It worked, Windows is now updating 🙂
Thank you!