I've updated some of my test hosts to Update 1 (KB2919355).
Now, they cannot scan against WSUS anymore (0x80072F8F)
OK, easy you say! Microsoft patched that issue, and warned about it.
Now to the harder part.
My WSUS Server is running on 2012 R2, and has TLS 1.2 enabled – I should not be affected.
Even weirder, I've installed the corrected update which is supposed to have fixed the issue.
To be safe, I tried installing the Update KB2959977 mentioned in above KB Article. Result: This update is already installed.
So, I'm at a loss here 🙂 Does anyone else have the same problem? Any suggestions? Did Microsoft screw this really up?
Best Answer
Check your certificate chain for certificates with signature algorithm MD5 or SHA512. TLS 1.2 no longer supports MD5. Microsoft implementation of TLS 1.2 does not support SHA512 by default. Have a look:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/857c6804-8ce1-4f09-b657-00554055da16/tls-12-and-sha512/