Notes

Recently, I wanted to install updates on a server with Windows Server 2012 R2. Searching for and installing updates failed with error code 80072f8f. The server should download its updates from a WSUS server in a different (but trusted) Windows domain.

Common measures like using wuauclt or dism didn't work. After doing some research, I found out that the server didn't trust the WSUS server's HTTPS certificate. After deploying the root certificate using GPO and a restart, Windows Update worked again.

Again a simple problem with a simple solution. But it's difficult to find the solution…