issues on server failed to run update manager assessment on windows server 2019 on-premises

Question

issues on server failed to run update manager assessment on windows server 2019 on-premises

Mohamad Irsyad 0

I have windows server 2019 where able to onboard into azure arc but failed assessment on update manager.

in other hand, i have another server with same segment network and using same proxy and same OS its success.

Error logs machine in attached.

error "Assessment failed due to this reason: 1 errors reported. The latest 100 errors are shared in details. To view all errors, review this log file on the machine:[C:\ProgramData\GuestConfig\extension_logs\Microsoft.SoftwareUpdateManagement.WindowsOsUpdateExtension\7.telemetryLogs]. Failed to assess the machine for available updates: ActivityId = [a41b9f4e-c58e-430b-9b81-9eed312dd757], Operation=[Assessment], Reason:[Windows update API threw an exception while assessing the machine for available updates. HResult: 0x80072efe.. For information on diagnosing this error, see: https://aka.ms/TroubleshootVMGuestPatching.]."

Siva shunmugam Nadessin 9,625 Reputation points Microsoft External Staff Moderator

2026-05-06T02:55:59.9933333+00:00
Hello Mohamad Irsyad,

Thank you for reaching out to the Microsoft Q&A forum.

When investigated you it looks like your Arc-enabled Windows Server 2019 is throwing HResult 0x80072efe, which generally means the Windows Update Agent can’t reach its update endpoint (a timeout). Since you’ve got another VM in the same network/proxy that works, let’s focus on the Windows Update agent, network and extension logs:

You can try below options.

Verify Windows Update works locally

On the problem server, open an elevated PowerShell or CMD and run:

net start wuauserv

wuauclt /detectnow (or “Get-WindowsUpdateLog” on Server 2016+)

Check WindowsUpdate.log (C:\Windows\Logs\WindowsUpdate\WindowsUpdate.log) and CBS.log (%windir%\Logs\CBS) for any 0x80072efe entries.

Confirm WSUS vs Microsoft Update settings

If you use WSUS, open regedit and inspect HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

Are WUServer/WUStatusServer pointing to the right host? • Can you ping/telnet to that server/port?

If you’re using direct Microsoft Update, verify your proxy settings under IE/WinHTTP:

netsh winhttp show proxy

Adjust with netsh winhttp set proxy if needed.

Review the Arc patch extension logs

C:\ProgramData\GuestConfig\extension_logs\Microsoft.SoftwareUpdateManagement.WindowsOsUpdateExtension<version>\telemetryLogs

WindowsUpdateExtension.log

cmd_execution__stdout.txt / stderr.txt

Look for network- or timeout-related errors right before the 0x80072efe.

Check the Arc agent & extension status in Azure

In the Azure portal, go to your Arc machine and verify the guest agent’s health (should be “Ready” and “Connected”).

Use the built-in diagnostics under Update Manager: • Patch Mode Diagnostic • Agent Status (Arc VM) • Disconnected Arc Machine

Confirm Periodic Assessment is enabled in your update settings (otherwise manual “Check for updates” is your only path).

Compare with the working server

Run the same manual Windows Update steps and proxy/WSUS tests.

Compare registry, “netsh winhttp” output, firewall rules, and extension versions.

If the issue still exists, kindly answer below questions for further investigation

Does “wuauclt /detectnow” or the Windows Update GUI download updates successfully on that server?

Are you pointing to a WSUS server or using public Windows Update?

What does “netsh winhttp show proxy” return on the failing VM vs the working one?

Can you successfully reach the update endpoint URLs in the documentation (e.g. via IE or curl)?

Any differences in the Arc extension version or guest agent version between the two servers?

Have you checked those extension logs for a more detailed error stack?

Reference docs

Troubleshoot machine “Not assessed” and HRESULT errors: https://aka.ms/TroubleshootVMGuestPatching

Network & proxy requirements for Windows Update: https://aka.ms/WindowsUpdateHTTPProxy

Arc VM extension troubleshooting: https://learn.microsoft.com/azure/azure-arc/servers/troubleshoot-vm-extensions

Configure Windows Update Agent: https://learn.microsoft.com/azure/update-center/configure-wu-agent

Enable periodic assessment & manage update settings: https://learn.microsoft.com/azure/update-manager/manage-update-settings

Support matrix & prerequisites: https://learn.microsoft.com/azure/update-manager/support-matrix

Let me know if any further queries - feel free to reach out!

1 answer

Your answer

Answer 1

The error HResult: 0x80072EFE during Azure Update Manager assessment indicates a Windows Update network/connectivity problem on that specific Windows Server 2019 machine, even though another server in the same segment works.

Use these targeted steps on the failing server:

Validate local Windows Update
1. Sign in to the server and try running Windows Update locally:
  - Open Settings → Update & Security → Windows Update → Check for updates.
  - If this fails, the Windows Update Agent is misconfigured or cannot reach its update source.
2. If using WSUS/ConfigMgr, confirm the machine can reach the configured intranet update endpoint as described in the Windows Update troubleshooting guidance referenced by Update Manager.
Check network/proxy connectivity
1. Because 0x80072EFE is a connectivity-type error, verify:
  - The server can resolve and reach the required Windows Update or WSUS endpoints.
  - The same proxy configuration that works on the other server is correctly applied (system proxy, WinHTTP proxy, or any security appliance rules).
2. If using Windows Update (not WSUS), ensure the machine can reach the endpoints listed under Issues related to HTTP/proxy.
Verify Windows Update service and agent health
1. Confirm the Windows Update service (wuauserv) is running and not disabled.
2. Review %Windir%\WindowsUpdate.log on the failing server for errors around the time of the assessment. Use the guidance in Windows Update log files to interpret the log.
3. Optionally run the Windows Update troubleshooter on the server to automatically detect and fix common Windows Update issues.
Compare with the working server
1. Compare these items between the working and failing servers:
  - WSUS/Windows Update configuration (registry keys under HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate).
  - Proxy settings (WinHTTP and user-level proxy).
  - Firewall rules or endpoint security policies.
2. Align any differences so the failing server matches the known-good configuration.
Re-run Azure Update Manager assessment After fixing the local Windows Update connectivity/configuration issues:
1. Trigger a new assessment from Azure Update Manager.
2. If it still fails, review the extension logs under: C:\ProgramData\GuestConfig\extension_logs\Microsoft.SoftwareUpdateManagement.WindowsOsUpdateExtension especially WindowsUpdateExtension.log and the referenced telemetry log.

If the problem persists after these steps, collect the WindowsUpdate.log, extension logs, and network/proxy configuration and engage local IT or support for deeper analysis.

References:

Troubleshoot known issues with Azure Update Manager

Share via

issues on server failed to run update manager assessment on windows server 2019 on-premises

1 answer

Your answer