I fought this for two days. I tried all the things MS knowledge base
said. I tried everything I could find on the net like additional
sites to add to the trusted list. Nothing worked.

Here is what finally fixed it for me:
I have ZoneAlarm configured to keep certain MS dlls/apps from
accessing the internet. That was not the problem. I would boot up
and disable ZoneAlarm before running WindowsUpdate to let them talk as
they needed. The problem was that once ZoneAlarm has kept these MS
dlls/apps from accessing the internet then even after you disable
ZoneAlarm they will never try again (during that boot up).

They try once on boot up and if they fail, even if you disable
ZoneAlarm, they will never try again like when you go to

I marked all the MS stuff as allowed to access the internet, rebooted,
and WindowsUpdate worked fine.

I would recommend that you disable outbound "phone home" firewalls and
anti-virus while accessing WindowsUpdate. This was easy for me as my
LAN is well protected from the internet but those with direct
connections to the internet that rely entirely on personal firewalls
must be careful not to expose themselves.

The MS program in question was "Generic Host Process" (or possibly
"Services and Controller app") and it would probably work to just give
this guy full access to the internet for the duration of the

I understand that there may be a similar issue with Norton (NIS?)
firewalling these MS programs.


