Windows Update error 80072ee2 on TMG server

After installing TMG on Windows Server,  if you ever had tried to run Windows Update on the TMG server.

You will encounter the Error 80072EE72.

This is because the Web Proxy settings are not enabled and set on the TMG server.

Here we will learn the trick to fix this error message.


  • Run CMD with Elevated Permissions

1. Press Windows Key

2. Type cmd

3. Right Click  cmd Icon

4. Select Run as Administrator


1. Press Windows Key

2. Type CMD

3. Press these keys combination Shift + Control + Enter

  • netsh winhttp set proxy localhost:8080


Create a Self-Signed Server Certificate

Creating a Self-Signed Server Certificate

The Certificate Creation tool generates X.509 certificates for testing purposes only. It creates a public and private key pair for digital signatures and stores it in a certificate file. This tool also associates the key pair with a specified publisher’s name and creates an X.509 certificate that binds a user-specified name to the public part of the key pair.

Makecert.exe includes basic and extended options. Basic options are those most commonly used to create a certificate. Extended options provide more flexibility.


makecert [options] outputCertificateFile

You can find a description of all of the command line options for Makecert here.


makecert -r -pe -n “” -eku -b 05/09/2012 -e 01/01/2059 -sky exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 -sv

Download the makecert tool here.

To create a certificate using inetmgr

You can either use Internet Information Services Manager (IIS) or a command line utility called Certificate Creation Tool (makecert.exe) to create a self-signed Server Certificate.

  1. Click Start, and then click Run.
  2. Type inetmgr, and then click OK.
  3. In the left pane, click your server name to select it.
  4. In the main pane, double-click Server Certificates under the IIS section.
  5. In the Actions pane, click Create Self-Signed Certificate.
  6. In Specify a friendly name for the certificate, type a friendly name, and then click OK. You shall see a newly created certificate listed in the main pane.
  7. Close IIS Manager.

Export the Certificate

If you created the certficate using makecert.exe, you can use the certificate file.  However, if you created the certificate using IIS Manager, you must export it to a file before you can import it to Windows Certificate Store.

To export the certificate

  1. Click Start, and then click Run.
  2. Type certmgr.msc, and then click OK.
  3. In the left pane, expand Trusted Root Certification Authorities or Personal, and then expand Certificates.
  4. In the main pane, locate the certificate using the Friendly Name column.
  5. Right-click the certificate, poing to All Tasks, and then click Export.
  6. Click Next,
  7. Select No, do not export the private key, and then click Next.
  8. Select DER encoded binary X.509(.CER), and then click Next.
  9. Type the location and the file name for the certificate, and then click Next. The certificate extension is .cer.
  10. Click Finish.