Over 600 Domain computers won't get windows updates

pjudkins · Sep 25, 2025

garlin said:
If something's breaking that process, asheroto's been writing (for a few years) a background tool to fetch/certuil them.
GitHub - asheroto/UpdateRootCertificates: Downloads and installs updated root and disallowed certificates on Windows. No settings are changed. Windows Update not required.

I downloaded and ran this, restarted, waited about 45 minutes and rechecked the authroot last sync time and it still shows 09/17/2025

pjudkins · Oct 3, 2025

Anyone have any more ideas to try? I can give it a fresh Authroot cert from a working machine, it will start doing updates but in a few days the Authroot cert expires again and you have to give it another new one.

pjudkins · Oct 22, 2025

Below is a current snipped from a non working machines windows update log.

2025/10/22 15:30:01.8742036 1372 1160 DownloadManager Download manager restoring 0 downloads
2025/10/22 15:30:01.8745029 1372 1160 Agent CPersistentTimeoutScheduler | GetTimer, returned hr = 0x00000000
2025/10/22 15:30:01.8754842 1372 1160 IdleTimer IdleTimer::NetworkStateChanged. Network connected? Yes
2025/10/22 15:30:01.8812940 9900 7212 Test AUTest.cab validation: Test keys are not allowed
2025/10/22 15:30:01.8813447 9900 7212 ComApi * START * Federated Search ClientId = Windows Defender (cV: C6ofe7yQk0uBGJWX.1.0)
2025/10/22 15:30:01.8820280 1372 6496 IdleTimer WU operation (SR.Windows Defender ID 1) started; operation # 6; does use network; is not at background priority
2025/10/22 15:30:01.8820291 1372 6496 IdleTimer Activate PDC state for AllNetworks
2025/10/22 15:30:01.8822380 1372 6496 IdleTimer Incremented PDC RefCount for Network to 1
2025/10/22 15:30:01.8823934 1372 2396 Agent Processing auto/pending service registrations and recovery (cV: C6ofe7yQk0uBGJWX.1.0.0.0)
2025/10/22 15:30:01.8860176 1372 11124 DownloadManager Received power state change notification: Old: <unknown>; New: AC.
2025/10/22 15:30:01.8860211 1372 11124 DownloadManager Power state changed from <unknown> to AC.
2025/10/22 15:30:01.9093953 1372 2396 SLS Get response for service 9482F4B4-E343-43B6-B170-9A65BC822C77 - forceExpire[False] asyncRefreshOnExpiry[False]
2025/10/22 15:30:01.9093987 1372 2396 SLS path used for cache lookup: /SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.22631.3007/0?CH=763&L=en-US&P=&PT=0x30&WUA=1023.1020.2192.0&MK=LENOVO&MD=11CES01P00
2025/10/22 15:30:01.9094799 1372 2396 SLS Retrieving SLS response from server...
2025/10/22 15:30:01.9121650 1372 2396 SLS MS-CV header: MS-CV: C6ofe7yQk0uBGJWX.1.0.0.3
2025/10/22 15:30:01.9123424 1372 2396 SLS Making request with URL HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.22631.3007/0?CH=763&L=en-US&P=&PT=0x30&WUA=1023.1020.2192.0&MK=LENOVO&MD=11CES01P00 and send SLS events, cV=C6ofe7yQk0uBGJWX.1.0.0.2.
2025/10/22 15:30:02.4235289 1372 2396 Misc *FAILED* [80072F8F] Send request
2025/10/22 15:30:02.4235401 1372 2396 Misc *FAILED* [80072F8F] WinHttp: SendRequestToServerForFileInformation (retrying with default proxy)
2025/10/22 15:30:02.7893280 1372 2396 Misc *FAILED* [80072F8F] Send request
2025/10/22 15:30:02.7893359 1372 2396 Misc *FAILED* [80072F8F] Library download error. Will retry. Retry Counter:0
2025/10/22 15:30:03.1564241 1372 2396 Misc *FAILED* [80072F8F] Send request
2025/10/22 15:30:03.1564325 1372 2396 Misc *FAILED* [80072F8F] WinHttp: SendRequestToServerForFileInformation (retrying with default proxy)
2025/10/22 15:30:24.2039457 1372 2396 Misc *FAILED* [80072EE2] Send request
2025/10/22 15:30:24.2039928 1372 2396 Misc *FAILED* [80072EE2] Library download error. Will retry. Retry Counter:1
2025/10/22 15:30:45.2621855 1372 2396 Misc *FAILED* [80072EE2] Send request
2025/10/22 15:30:45.2621928 1372 2396 Misc *FAILED* [80072EE2] WinHttp: SendRequestToServerForFileInformation (retrying with default proxy)
2025/10/22 15:31:06.3355060 1372 2396 Misc *FAILED* [80072EE2] Send request
2025/10/22 15:31:06.3355129 1372 2396 Misc *FAILED* [80072EE2] Library download error. Will retry. Retry Counter:2
2025/10/22 15:31:27.3971670 1372 2396 Misc *FAILED* [80072EE2] Send request
2025/10/22 15:31:27.3971764 1372 2396 Misc *FAILED* [80072EE2] WinHttp: SendRequestToServerForFileInformation (retrying with default proxy)
2025/10/22 15:31:27.7252905 1372 2396 Misc *FAILED* [80072F8F] Send request
2025/10/22 15:31:27.7253206 1372 2396 SLS Complete the request URL HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.22631.3007/0?CH=763&L=en-US&P=&PT=0x30&WUA=1023.1020.2192.0&MK=LENOVO&MD=11CES01P00 with [80072F8F] and http status code[0] and send SLS events.
2025/10/22 15:31:27.7253882 1372 2396 SLS *FAILED* [80072F8F] GetDownloadedOnWeakSSLCert
2025/10/22 15:31:27.7258501 1372 2396 SLS *FAILED* [80072F8F] Method failed [CSLSClient::GetResponse:700]
2025/10/22 15:31:27.7267443 1372 2396 Agent *FAILED* [80072F8F] file = C:\__w\1\s\src\Client\lib\EndpointProviders\EndpointProviders.cpp, line = 2162
2025/10/22 15:31:27.7267576 1372 2396 Agent *FAILED* [80072F8F] file = C:\__w\1\s\src\Client\lib\EndpointProviders\EndpointProviders.cpp, line = 1706
2025/10/22 15:31:27.7267674 1372 2396 Agent *FAILED* [80072F8F] file = C:\__w\1\s\src\Client\lib\EndpointProviders\EndpointProviders.cpp, line = 1722
2025/10/22 15:31:27.7267861 1372 2396 Agent *FAILED* [80072F8F] Method failed [CAgentServiceManager:

etectAndToggleServiceState:3021]
2025/10/22 15:31:27.7267918 1372 2396 Agent *FAILED* [80072F8F] SLS sync failed during service registration.
2025/10/22 15:31:27.7306429 1372 2396 Agent Total possible federated services: 1 (cV: C6ofe7yQk0uBGJWX.1.0.0.0)
2025/10/22 15:31:27.7306505 1372 2396 Agent Candidate federated service 9482F4B4-E343-43B6-B170-9A65BC822C77 (cV: C6ofe7yQk0uBGJWX.1.0.0.0)
2025/10/22 15:31:27.7306570 1372 2396 Agent Federated service 9482F4B4-E343-43B6-B170-9A65BC822C77 is not added due to an associated SLS registration failure (cV: C6ofe7yQk0uBGJWX.1.0.0.0)

pseymour · Oct 22, 2025

Same error you were getting before, no? I think you said somewhere along the way these were upgrades? If so, can you wipe one and see if it starts behaving?

Edit: Or maybe do a repair setup on one? Or, re-image one and repair one.

garlin · Oct 22, 2025

Error 0x80072F8F is "NOT FOUND"
Error 0x80072EE is "WININET_E_TIMEOUT"

It's like you have some firewall or security issues with the network connection. If I access that URL manually, my browser returns a SEC_ERROR_UNKNOWN_ISSUER fault. Ignoring that certificate error, you get an environment.cab with a single XML file inside.

pseymour · Oct 22, 2025

0x80072F8F is also WININET_E_DECODING_FAILED, per winerror.h, which is why fixing that reg key makes it work temporarily.

Code:

//
// MessageId: WININET_E_DECODING_FAILED
//
// MessageText:
//
// Content decoding has failed
//
#define WININET_E_DECODING_FAILED        _HRESULT_TYPEDEF_(0x80072F8FL)

pjudkins · Oct 23, 2025

pseymour said:
Same error you were getting before, no? I think you said somewhere along the way these were upgrades? If so, can you wipe one and see if it starts behaving?

Edit: Or maybe do a repair setup on one? Or, re-image one and repair one.

Yes, same error as before, and yes they were mostly upgrades from 10 to 11, about 95% were upgrades. Doing a reimage fixes it, repairing windows or manually upgrading to 24h2 does not fix it, a new authroot cert makes updates work for a couple of days. This issue here is it's a logistical nightmare to reimage 620 some odd pc's that are scattered across the entire state, this is why I'm so desperately looking for a solution. Not to mention reimaging all of them will be thousands of man hours and travel time.

andrew129260 · Oct 23, 2025

pjudkins said:
Yes, same error as before. Doing a reimage fixes it, repairing windows or manually upgrading to 24h2 does not fix it, a new authroot cert makes updates work for a couple of days. This issue here is it's a logistical nightmare to reimage 620 some odd pc's that are scattered across the entire state, this is why I'm so desperately looking for a solution. Not to mention reimaging all of them will be thousands of man hours and travel time.

We have smart people in here that hopefully can help you out, but if your desperate I know microsoft support sucks but I would be trying my hardest to reach out and see if you can get some help from them.

I honestly don't know much more to offer myself as this is getting quite a bit past my knowledge. You have done everything I would know to recommend.

Also not to push you off onto another forum, but the guys over here do great work at solving weird update issues with windows update. Might be worth a look. They usually can fix any windows update issue. But volunteers so it can take some time. But so would microsoft

Windows Update Forum Posting Instructions

Welcome to Sysnative's Windows Update forum. Here you may seek help and support for Windows Update errors, System File Checker (SFC) corruptions, DISM corruptions, Side by Side Configuration errors, System Service errors, and related errors, corruptions, and problems. These instructions apply...

www.sysnative.com

base77 · Dec 2, 2025

pjudkins - did you ever find a solution to this issue? Same problem here in my environment.

Question - did you happen to use NinjaRMM on those machines?

Over 600 Domain computers won't get windows updates

New member

My Computer

New member

My Computer

New member

My Computer

putting the mental back in experimental

My Computer

Well-known member

My Computer

putting the mental back in experimental

My Computer

New member

My Computer

Well-known member

My Computers

New member

My Computer