Home > Uncategorized > Running Windows Update on a TMG Firewall Fails with Result Code 80072EE2

Running Windows Update on a TMG Firewall Fails with Result Code 80072EE2

August 7, 2010

Recently I have encountered a few instances in which the Windows Update client on a system with Forefront Threat Management Gateway (TMG) 2010 installed is unable to retrieve updates and fails with an error code of 80072EE2.

When this occurs, Malware Inspection and Network Inspection Systems signature updates are received without issue.

To resolve this issue, open an elevated command prompt and enter the following command:

netsh winhttp set proxy localhost:8080

If it is necessary to access HTTP and/or HTTPS web sites or services on your Internal network from the TMG firewall, you will need to configure the proxy bypass list. To learn how, enter the following command:

netsh winhttp set proxy ?

If you need to configure Windows Update on the TMG firewall to work with WSUS, read this blog post on the Forefront TMG product team blog.

Categories: Uncategorized
  1. Adam
    October 17, 2010 at 11:12 am

    Nice one Richard, saved me some head scratching

  2. Mathew
    November 14, 2010 at 5:35 am

    You absolute gun, I could not figure out what the issue was!

    Thanks mate.

  3. Joe
    March 19, 2011 at 4:45 am

    Great fix. Thank you for helping us slower lead paint fans.

  4. March 29, 2011 at 1:28 pm

    My pleasure! : )

  5. Tom
    April 14, 2011 at 5:47 am

    I have a similar issue but the error is 80072F7C, the above solution did not help, any ideas?

  6. April 14, 2011 at 1:41 pm

    There are a few error codes that are similar that this fix resolves…not sure if that includes yours though. If it does not resolve the issue, you’ll have to continue troubleshooting. Perhaps looking at a network trace will yield some clues?

  7. ZBoT
    April 29, 2011 at 7:01 pm

    Thanks!! Fixed my problem!

  8. Steve
    June 23, 2011 at 2:46 am

    You da man Richard !
    Many Thanks

  9. June 24, 2011 at 7:45 am

    Thanks…glad you found the post useful! ๐Ÿ™‚

  10. quirijn
    August 21, 2011 at 11:20 pm

    Tnx Dude, cost me whole day to find this was my problem, and your string solved my problems. SO TNX ๐Ÿ™‚

  11. August 24, 2011 at 12:00 am

    Glad I could help you out! ๐Ÿ™‚

  12. Esteban Pรฉrez
    October 19, 2011 at 9:07 pm

    Thanks! Save my night!

  13. October 21, 2011 at 2:33 am

    Here’s a weird one – setting proxy to 8080 allowed the detection of the updates, but downloading them failed with the same error.

    Setting proxy back to direct (netsh winhttp reset proxy) then lets the downloads through.

    Very confusing, especially as this is an identical build to another server which updates fine. TMG is a bit flakey isn’t it?

  14. October 21, 2011 at 12:49 pm

    Glad you found the post helpful! ๐Ÿ™‚

  15. October 21, 2011 at 12:56 pm

    This is a very odd issue with Forefront TMG 2010 firewalls, that’s for sure. I have systems that work without issue, and others that have this problem. I’d be interested in knowing if installing SP2 for TMG resolves this issue.

  16. Steve King
    October 22, 2011 at 3:25 am

    Thanks very much for that, tried all sorts before I came across this post!

  17. October 23, 2011 at 7:40 am

    I’m happy you found the post helpful! ๐Ÿ™‚

  18. Nick Velev
    December 29, 2011 at 9:10 am

    brilliant, thanx for sharing, 1 min to fix a problem that would have taken hours to figure out

    thanks again

  19. Singularety
    January 30, 2012 at 11:12 am

    Installing SP2 first did NOT resolve the issue. I had to apply the fix above..thanks have not been able to update this server for 3 months!

  20. February 4, 2012 at 6:14 am


  21. xyyz
    February 17, 2012 at 5:53 pm

    sadly, this hasn’t worked for me. anyone have any more ideas?

  22. February 17, 2012 at 7:05 pm

    Have you confirmed that name resolution is working correctly and that you in fact have outbound network connectivity? Also, you can find more details in the windowsupdate.log file located in the Windows directory.

  23. Gian Luca
    April 2, 2012 at 11:52 pm

    Great post! many thanks Richard!

  24. scrantic
    May 23, 2012 at 4:08 pm

    Live saver ๐Ÿ™‚ This had been doing my head in for a while.

  25. John
    June 14, 2012 at 4:30 am


    We are running 4 similar firewalls (TMG 2010) , all with the same settings when it comes to proxy (port 8080). But one of them fails with a Code 80244019 when trying to update Windows. If we reset the proxy it falls “back” to the 80072ee2 error and returns if we run the netsh-command mentioned above.
    The server is virus/mal-ware free and we are getting frustrated searching for more solutions.
    Any sharp brains out there with a suggestion?

  26. June 15, 2012 at 1:57 pm

    Hi John,

    What does the Windows Update log tell you? Any clues there?

  27. Ronald
    July 12, 2012 at 5:58 am

    Thanks for the solution Richard!

  28. July 12, 2012 at 12:22 pm

    Certainly! Always happy to help! ๐Ÿ˜€

  29. July 27, 2012 at 10:22 am

    Worked for me! Thank you!

  30. Lee
    August 31, 2012 at 8:54 am

    OMG, something must have changed on an update because this “was” working.. But thanks for the FIX!!

  31. Christoph
    September 6, 2012 at 4:06 am

    Big Thanks to you, shame on MSFT! Once again, so ridiculous…

    Why are they unable to provide sane error messages?

  32. September 7, 2012 at 8:46 pm

    It gives people like me something to do I guess. ๐Ÿ˜‰

  33. marvin
    November 17, 2012 at 6:36 am

    Thank you Richard it works like a charm!!! One more question can I do the same steps on the Windows 2008 server r2 active directory server? Thank you!

  34. November 27, 2012 at 6:16 pm

    I would expect. I’ve used this configuration to resolve a number of related issues.

  35. Amy
    January 18, 2013 at 11:30 am

    Thank you!!! Totally could not figure out why updates would not install.

  36. January 22, 2013 at 1:27 pm

    I’d like to personally thank you for posting this. I have no idea how you could have possibly come to the conclusion that this would resolve this problem, but it did. I had no chance of ever resolving this – thanks for your help. – Greg

    You would imagine that this would be fixed … but, alas, appears not. Regards,

  37. January 23, 2013 at 5:16 pm

    Glad you found the article helpful!

  38. February 4, 2013 at 7:30 am

    Thank You! How easy…

  39. OPsAdmin
    February 27, 2013 at 11:37 am

    As soon as I searched for this error I was hoping there would be Hicks Ficks. Thanks.

  40. February 27, 2013 at 2:14 pm

    “Hicks Ficks”. Good one! I should trademark that. ๐Ÿ˜‰

  41. Wes
    March 21, 2013 at 5:09 am

    Bless you, Sir!

  42. Ahmad Hammadeh
    July 9, 2013 at 10:56 pm

    Thanks a lot you saved my time

  43. TSomm
    July 19, 2013 at 5:50 am

    Thank you Richard, at elevated CMD, I typed: netsh winhttp set proxy localhost:8080 and my updates started working. Saved me lots of time.

  44. rvt
    September 4, 2013 at 6:25 am

    Thanks Mr Hicks!

  45. Mashhood Nasir
    December 5, 2013 at 2:51 am

    hey richard…em facing a problem related to URL categorization service unavailable..i have run the above mention command of “netsh” also i have checked MRS, it is also working.but still facing this problem.what dhould i do then..?? help me out…

  46. December 6, 2013 at 7:30 pm

    Is your subscription still valid? This is symptomatic of an expired Web Protection Service subscription…

  47. June 7, 2015 at 11:15 am

    Absolutely Incredible, this saves me a lots of time and keep my server up-to-date, THANK YOU SO MUCH

  48. Michel--NL
    July 24, 2015 at 4:48 am

    Windows update was working perfect on Windows Server 2012R2 behind TMG till a few weeks ago. The error code 80072F8F appeared on the screen ๐Ÿ˜ฆ
    Nothing was changed on the TMG configuration or the Windows servers.
    Searched for days and then I found your post. I thought what the heck lets try “netsh winhttp set proxy xxxxxxx:8080” on the Windows 2012 server. It worked, Windows is now updating ๐Ÿ™‚
    Thank you!

  1. August 11, 2010 at 5:09 am
  2. July 27, 2012 at 10:22 am
  3. November 3, 2015 at 5:51 am
Comments are closed.