Azure update managment VM is showing Not assessed with Exception from HRESULT: 0x80072F8F

Sukant Virkud 26 Reputation points
2021-08-18T16:51:50.147+00:00

Azure VM is showing on AUM Not assessed with Exception from HRESULT: 0x80072F8F. followed below steps:

  1. restarted the MMA and windows update service
  2. redeploy the MMA agent
  3. restarted the VM

still, it's giving the same issue.

124385-image.png

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,320 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. tbgangav-MSFT 10,416 Reputation points
    2021-08-23T11:11:49.31+00:00

    Hi @Sukant Virkud ,

    As a basic troubleshooting, if possible I would recommend to login to the server and manually scan for updates to check whether you see the same error in server or to diagnose and troubleshoot the issue in a better way, I would recommend to capture network trace, collect the logs with the help of this package, install and execute Collect-AMALogs runbook and analyze the logs.

    In general, the error code 0x80072F8F seems to be related to either windows activation failure or proxy settings or firewall issue or ssl certificate i.e., may be due to one of the below 4 reasons:

    • verify the date or time of the server as when windows tries to verify the SSL certificate for windows update, the time skew results in the certificate validation failing
    • rules configured in Azure Update Management might be preventing the access to server so try by adding below URLs in trusted sites or in other words whitelisting below endpoints at proxy level

    125643-image.png

    • proxy didn't allow the connection with "xxxxxx.windowsupdate.com" which contains the trusted root cert list so TLS handshake is not established and certification verification failure when validating "sls.update.microsoft.com" so to resolve the issue, update proxy configuration to allow *.windowsupdate.com traffic
    • update agent was unable to update service due to certificate error so open required port in firewall

    Check if your issue is due to one of these reasons. If not, to try diagnosing and troubleshooting the exact cause of this kind of issue, it would require deep dive with the help of related environment trace logs, etc. So for that, I would recommend to raise a technical support request if you have a support plan. But if you don't have a support plan then please send an email to AzCommunity@microsoft.com with subject being "Attn:Krishna" and your subscription ID and this question's link in the body of the email so that my team will work with you via our technical support channel.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.