Monday, 18 Jun, 2018 Windows-Update-fifteen-minute-countdown-timer-warns-of-the-restart For a few years, I’ve been haunted by the dreaded Windows Update issue 80072F8F. I experienced this error whenever one of my Windows 8.1 Pro and Windows Server 2012 R2 computers searched for updates on Windows Update (my computers were originally joined to a Windows 2012 Domain then raised to 2012 R2). And no, raising the Domain (& Forest) to 2012 R2 didn’t help. For further details regarding my setup, please refer to: http://social.technet.microsoft.com/Forums/windows/en-US/f85d7d25-58a1-453b-8653-751ce604401b/possible-bug-windows-update-error-code-80072f8f?forum=w8itprogeneral Long story short, what broke Windows Update was a nasty GPP registry hack I once developed to force Remote Desktop Clients to use TLS 1.2 (not supported Windows 8.1 Pro and Windows Server 2012 R2 Remote Desktop Session Hosts). The FIX (from http://social.technet.microsoft.com/Forums/windowsserver/en-US/e2698d4a-7c57-4e74-8f65-503ee9a39974/windows-8-and-rd-gateway-not-working?forum=winserverTS) is to disable TLS 1.1 and TLS 1.2. To TLS 1.1 and TLS 1.2, copy-paste below code into a reg file (say disable-tls.reg) the run it on all the affected Windows 8 or Windows Server 2012 R2 RDS Hosts: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 And the following to disable 1.1 (to fall back to TLS 1.0): [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 The above changes will disable TLS 1.1 & TLS 1.2, since both TLS 1.1 & TLS 1.2 were both unsupported by Remote Desktop Services until Windows 8.1 or Windows 2012 R2. Once you add above registry entries: Restart your Windows 8.1 or Windows Server 2012 R2 host then give Windows Update another chance. How did you find out? I came to this solution by reading and re-reading this post: http://blogs.technet.com/b/win7/archive/2011/11/08/windows-update-error-80072f8f.aspx QUOTE: "the Internet Time could not be synchronized with global Update Server. The valid date and time are on the Secure Sockets Layer (SSL) certificate that the Windows Update website uses." /QUOTE ‘Though, before finding that out, I had to have a quick 2 days holiday to KI to get the inspiration 3/5 - (43 votes) Andrea MatesiSenior Professional Network and Computer Systems Engineer during work hours and father when home. Andrea strives to deliver outstanding customer service and heaps of love towards his family. In this Ad-sponsored space, Andrea shares his quest for "ultimate" IT knowledge, meticulously brought to you in an easy to read format. Share this:LinkedIn Related