Hi all,

Not sure if this is the right forum but I couldn't see one for Endpoint Protection

I've been having some troubles updating EP on 2 of my 40 of so machines for a while and I can't work it out.  Basically they aren't seeing that EP updates are available to install for them.

I've uninstalled EP and the CM client.  They re-installed fine.  The 2 machines are getting the same policies as the others.  I've deleted the Software Distribution directory, reset BITS, deleted the qr*.dat files.

When I initiate a Software Updates scan from the Configuration Mgr client this is what appears in my WindowsUpdate.log

******************************************************************************************************

2013-05-13 09:18:15:205 5704 19b8 COMAPI -------------
2013-05-13 09:18:15:205 5704 19b8 COMAPI -- START --  COMAPI: Search [ClientId = CcmExec]
2013-05-13 09:18:15:205 5704 19b8 COMAPI ---------
2013-05-13 09:18:15:210  948 a04 Agent *************
2013-05-13 09:18:15:210 5704 19b8 COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec]
2013-05-13 09:18:15:210  948 a04 Agent ** START **  Agent: Finding updates [CallerId = CcmExec]
2013-05-13 09:18:15:210  948 a04 Agent *********
2013-05-13 09:18:15:210  948 a04 Agent   * Include potentially superseded updates
2013-05-13 09:18:15:210  948 a04 Agent   * Online = Yes; Ignore download priority = Yes
2013-05-13 09:18:15:210  948 a04 Agent   * Criteria = "(DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')"
2013-05-13 09:18:15:210  948 a04 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2013-05-13 09:18:15:210  948 a04 Agent   * Search Scope = {Machine}
2013-05-13 09:18:15:538  948 a04 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-05-13 09:18:15:538  948 a04 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://%FQDN%8530/ClientWebService/client.asmx
2013-05-13 09:19:16:523  948 a04 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <%PROXYIP%> Bypass List used : <(null)> Auth Schemes used : <>
2013-05-13 09:19:16:523  948 a04 PT   + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
2013-05-13 09:19:16:523  948 a04 PT   + Caller provided proxy = No
2013-05-13 09:19:16:523  948 a04 PT   + Proxy list used = %PROXYIP%
2013-05-13 09:19:16:523  948 a04 PT   + Bypass list used = <NULL>
2013-05-13 09:19:16:523  948 a04 PT   + Caller provided credentials = No
2013-05-13 09:19:16:523  948 a04 PT   + Impersonate flags = 0
2013-05-13 09:19:16:523  948 a04 PT   + Possible authorization schemes used =
2013-05-13 09:19:16:523  948 a04 PT WARNING: GetConfig failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
2013-05-13 09:19:16:524  948 a04 PT WARNING: PTError: 0x80072ee2
2013-05-13 09:19:16:524  948 a04 PT WARNING: GetConfig_WithRecovery failed: 0x80072ee2
2013-05-13 09:19:16:524  948 a04 PT WARNING: RefreshConfig failed: 0x80072ee2
2013-05-13 09:19:16:524  948 a04 PT WARNING: RefreshPTState failed: 0x80072ee2
2013-05-13 09:19:16:524  948 a04 PT WARNING: Sync of Updates: 0x80072ee2
2013-05-13 09:19:16:524  948 a04 PT WARNING: SyncServerUpdatesInternal failed: 0x80072ee2
2013-05-13 09:19:16:524  948 a04 Agent   * WARNING: Failed to synchronize, error = 0x80072EE2
2013-05-13 09:19:16:525  948 a04 Agent   * WARNING: Exit code = 0x80072EE2
2013-05-13 09:19:16:525  948 a04 Agent *********
2013-05-13 09:19:16:525  948 a04 Agent **  END  **  Agent: Finding updates [CallerId = CcmExec]
2013-05-13 09:19:16:525  948 a04 Agent *************
2013-05-13 09:19:16:525  948 a04 Agent WARNING: WU client failed Searching for update with error 0x80072ee2
2013-05-13 09:19:16:526 5704 19b8 COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = CcmExec]
2013-05-13 09:19:16:527 5704 19b8 COMAPI   - Updates found = 0
2013-05-13 09:19:16:527 5704 19b8 COMAPI   - WARNING: Exit code = 0x00000000, Result code = 0x80072EE2
2013-05-13 09:19:16:527 5704 19b8 COMAPI ---------
2013-05-13 09:19:16:527 5704 19b8 COMAPI --  END  --  COMAPI: Search [ClientId = CcmExec]
2013-05-13 09:19:16:527 5704 19b8 COMAPI -------------
2013-05-13 09:19:16:527 5704 19b8 COMAPI WARNING: Operation failed due to earlier error, hr=80072EE2
2013-05-13 09:19:16:527 5704 19b8 COMAPI FATAL: Unable to complete asynchronous search. (hr=80072EE2)
2013-05-13 09:19:21:526  948 a04 Report REPORT EVENT: {4F1FD932-6FB2-4909-BB14-B58ECB839A4B} 2013-05-13 09:19:16:524+1000 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 CcmExec Failure Software Synchronization Windows Update Client failed to detect with error 0x80072ee2.
2013-05-13 09:19:21:543  948 a04 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-05-13 09:19:21:543  948 a04 Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000 Scan 101 Managed
2013-05-13 09:19:21:543  948 a04 Report CWERReporter finishing event handling. (00000000)

*************************************************************************************************

From my research this indicates to me that these computers are trying to access the internet to perform their updates.  They should be going to Config Mgr as specified in the policy and then WSUS (MS Updates is not selected in my policy).  These machines do not have internet access.  The machines that are updating correctly also don't have internet access

Below is the WUAHandler.log

*********************************************************************************************************

Its a WSUS Update Source type ({E6405AF2-4712-4848-8E46-A6AFF1872B0A}), adding it. WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Existing WUA Managed server was already set (%FQDN%:8530), skipping Group Policy registration. WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Added Update Source ({E6405AF2-4712-4848-8E46-A6AFF1872B0A}) of content type: 2 WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Scan results will include superseded updates only when they are superseded by service packs and definition updates. WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver') WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Async searching of updates using WUAgent started. WUAHandler 13/05/2013 9:18:15 AM 6584 (0x19B8)
Async searching completed. WUAHandler 13/05/2013 9:19:16 AM 5152 (0x1420)
OnSearchComplete - Failed to end search job. Error = 0x80072ee2. WUAHandler 13/05/2013 9:19:16 AM 6584 (0x19B8)
Scan failed with error = 0x80072ee2. WUAHandler 13/05/2013 9:19:16 AM 6584 (0x19B8)

*****************************************************************************************************

Any help would be awesome

Thanks

• Edited by Chris2352 Sunday, May 12, 2013 11:34 PM

Hey,

could it be a proxy issue? Looks like the Client is trying to connect to the SUP via Proxy. Maybe you have to add it to the bypass list? Do you see any errors in the other Update related logs? (scanagent.log, update....log)

best regards

Philipp

Thanks for the reply.

It shouldn't be a proxy issue as the computers aren't configured to use a proxy.  Nothing is ticked in IE settings about connecting to the Internet and the netsh winhttp show proxy gives me a direct connection

Nothing in bypass list as well

I check these settings on a machine that is working and the settings are the same

I looked in the scanagent.log and got this

******************************************************************************

- -Processing Scan Job TTL invalidity request ScanAgent 16/05/2013 3:02:17 PM 4376 (0x1118)
Message received: '<?xml version='1.0' ?> <UpdateSourceMessage MessageType='ScanByUpdateSource'>
  <ForceScan>TRUE</ForceScan>
  <UpdateSourceIDs>
   <ID>{E6405AF2-4712-4848-8E46-A6AFF1872B0A}   </ID>
  </UpdateSourceIDs>
 </UpdateSourceMessage>'
 ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
*****ScanByUpdateSource request received with ForceReScan=2, ScanOptions=0x0000000a,  WSUSLocationTimeout = 604800 ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
Sources are not current ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): - - - - - -Locations requested for ScanJobID={9B789A83-3229-4658-99E4-0FD797B48AB0} (LocationRequestID={5D090B44-18AC-4153-AEB4-55CE285A7CD1}), will process the scan request once locations are available. ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
*****WSUSLocationUpdate received for location request guid={5D090B44-18AC-4153-AEB4-55CE285A7CD1} ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
Sources are not current ScanAgent 16/05/2013 3:02:19 PM 3680 (0x0E60)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): CScanJob::OnScanComplete -Scan Failed with Error=0x80244019 ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): CScanJob::ScheduleScanRetry- ScanRetry Timer task successfully scheduled. Will wake up in next 1800 seconds ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): CScanJob::OnScanComplete - Scan Retry successfully scheduled ScanAgent 16/05/2013 3:02:19 PM 5348 (0x14E4)
ScanJob({9B789A83-3229-4658-99E4-0FD797B48AB0}): CScanJobManager::OnScanComplete- Scan has failed, scan request will be pending for scan retry cycle. ScanAgent 16/05/2013 3:02:20 PM 5348 (0x14E4)
CScanAgent::ScanCompleteCallback - failed at OnScanComplete with error=0x87d00631 ScanAgent 16/05/2013 3:02:20 PM 5348 (0x14E4)

**********************************************************************

Doesn't make any sense to me

I can use IE to hit the wsus/sccm server (roles installed on same machine).  It will prompt me to download or save the *.cab files as well.

really strange but i think it must be a connectivity issue to your WSUS. Client FW is off? Are you using Mutliple NICs like described here: http://www.kuskaya.info/2012/02/26/how-to-troubleshoot-windows-update-failed-to-check-for-updates-with-error-0x80072ee2-error-message/ ?

You could check the IIS Logs on the WSUS to see if the client reaches it..

best regards

Philipp

really strange but i think it must be a connectivity issue to your WSUS. Client FW is off? Are you using Mutliple NICs like described here: http://www.kuskaya.info/2012/02/26/how-to-troubleshoot-windows-update-failed-to-check-for-updates-with-error-0x80072ee2-error-message/ ?

You could check the IIS Logs on the WSUS to see if the client reaches it..

best regards

Philipp

Good points - They are VM machines.  I ran the command to show the hidden devices and removed the extra NIC.  Rebooted but same problem.

I then check the IIS logs and don't see an attempt from my problem machine to the config mgr box.  Tried from a working machine and I see the requests in the log.

I can PING and TELNET to port 8530 from both the broken machine and working one.  There is no FW on any machines.  The are connected to the same Virtual Network

• Edited by Chris2352 Wednesday, May 22, 2013 2:12 AM

This is the WUAHandler.log

*****************************************

OnSearchComplete - Failed to end search job. Error = 0x80072ee2. WUAHandler 22/05/2013 12:03:56 PM 6080 (0x17C0)
Scan failed with error = 0x80072ee2. WUAHandler 22/05/2013 12:03:56 PM 6080 (0x17C0)
Its a WSUS Update Source type ({E6405AF2-4712-4848-8E46-A6AFF1872B0A}), adding it. WUAHandler 22/05/2013 12:03:56 PM 2120 (0x0848)
Existing WUA Managed server was already set (HTTP://FQDN:8530), skipping Group Policy registration. WUAHandler 22/05/2013 12:03:56 PM 2120 (0x0848)
Added Update Source ({E6405AF2-4712-4848-8E46-A6AFF1872B0A}) of content type: 2 WUAHandler 22/05/2013 12:03:56 PM 2120 (0x0848)
Scan results will include superseded updates only when they are superseded by service packs and definition updates. WUAHandler 22/05/2013 12:03:56 PM 2120 (0x0848)
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver') WUAHandler 22/05/2013 12:03:56 PM 2120 (0x0848)
Async searching of updates using WUAgent started. WUAHandler 22/05/2013 12:03:56 PM 2120 (0x0848)
Async searching completed. WUAHandler 22/05/2013 12:04:55 PM 5008 (0x1390)
OnSearchComplete - Failed to end search job. Error = 0x80072ee2. WUAHandler 22/05/2013 12:04:55 PM 6080 (0x17C0)
Scan failed with error = 0x80072ee2. WUAHandler 22/05/2013 12:04:55 PM 6080 (0x17C0)

*******************************************

What does your WUAHandler.log tell you?  Are these clients successfully performing a scan and against the Conf

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

Since no one has answer this post, I recommend opening  a support case with Microsoft Customer Support Services (CSS) as they can work with you to solve this problem.