Windows Update Doesn't Work in Domain Environment

eaturbrainz · 24 Aug 2011

I'm trying to set up a new PC around the office, but as soon as I establish a connection to the domain, Windows Update keeps giving me ERROR: 8024402F. This may sound wacky, but I've narrowed the problem down to the clock (as in time). After checking the Event Viewer logs I found this...

Code:

 
Log Name:      Application
Source:        Microsoft-Windows-CAPI2
Date:          8/24/2011 1:02:36 PM
Event ID:      4107
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LABPC1.******************.com
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Event Xml:
<Event xmlns="Error">
  <System>
    <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
    <EventID Qualifiers="0">4107</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2011-08-24T18:02:36.849214800Z" />
    <EventRecordID>574</EventRecordID>
    <Correlation />
    <Execution ProcessID="1116" ThreadID="2704" />
    <Channel>Application</Channel>
    <Computer>LABPC1.******************.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab</Data>
    <Data>A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
</Data>
  </EventData>
</Event>

As soon as I take the computer off the domain, Windows Update works properly, and I don't see that error message. If I put it back on the domain, and I lose the ability to update and my error log is riddled with the error seen above.

I've tried everything suggested here, to no avail. The reason this is an important matter is because we are running Microsoft Security Essentials as our antivirus, and it gets its virus definitions through Windows Update. Without Windows Update, we have no functioning antivirus.

Thanks for any help, I appreciate it.

EDIT: I've never had this problem before. It's only with this new batch of PCs we bought about a week ago.

JMH · 24 Aug 2011

Welcome eaturbrainz { like the user name BTW.}:)

Links below that should address your problem.
Note they are in a random order.

You may encounter temporary connection-related errors when you use Windows Update or Microsoft Update to install updates

Updating Windows Update Agent (Windows)

System Update Readiness Tool - CheckSur.log File Analyzis

Windows Update error 80244016, 8024402f, or c80003fa

Troubleshooting

How to troubleshoot problems connecting to Windows Update or to Microsoft Update

eaturbrainz · 26 Aug 2011

None of those had any effect... Im just surprised that with all these seemingly specific error codes, there has never been some sort of library with every error and how it could be fixed. I've been searching for the last 3 days, and have yet to find a mention of this error let alone a way to fix it (I have seven brand new PCs and they're all doing the same thing). Here's the error description.

Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

UPDATE: All these PCs have wireless network cards in them, as well as wired, but both connections give the same results (never really suspected the network card, but I'm tryin' everything...).

EDIT: I've seen some mention of ActiveX Filtering on the firewall, but that isn't it (There's about 40 PCs going through this firewall and none of them are having update issues).

EDIT2: The above error has nothing to do with my Windows Update error... I found a FixIt that solved the problem seen in the event viewer, but Windows Update still spits out 8024402F. Even though Windows Update is giving an error, the event viewer shows no warning or errors... You'd think Windows Update failing would classify as an "event".

JMH · 26 Aug 2011

eaturbrainz
It may be time to consult the " experts" at Microsoft Technical Support re your annoying problem.
See link below.

Help and Support

eaturbrainz · 26 Aug 2011

I'll try that. Thanks for your help.

When (and if) they give a real solution I'll edit this post with their solution and mark it as solved.

JMH · 26 Aug 2011

I await the outcome.
Good luck too.:)

Kari · 26 Aug 2011

Just echo from the past... I remember having some WU problems in a domain environment when clocks were not in sync. Long shot, probably not your case, but decided to post when I remembered this.

Kari

2xg · 30 Aug 2011

Hello,

I don't know if I'm too late. Do you have WSUS configured? Any GPO Policy for the WU?