Description
WININET_E_CANNOT_CONNECT (hex code 0x80072EFD, decimal -2147012867) is a Windows error-level error code in the RPC & Network family. Microsoft surfaces this code through the Win32 API, the Common Language Runtime, the kernel, the event log, PowerShell, command-line tools (sfc, dism, gpupdate, sc), and Windows-side applications such as Outlook, Teams, Office, and System Center.
A connection with the server could not be established.
This page documents what triggers 0x80072EFD, the most common scenarios where it appears, the likely root causes, and a step-by-step troubleshooting workflow you can run against affected endpoints. It is intended for system administrators, MSP technicians, helpdesk engineers, and anyone diagnosing Windows behavior in a managed environment.
In-depth explanation
This is an error-severity code. Windows uses it to signal a failed operation that prevented the caller from completing its work. The underlying cause can range from a permissions or quota issue to a corrupted system component, missing dependency, or unreachable service.
It is part of the RPC / WinHTTP / WinINet error space and signals a failed remote call or HTTP/network operation. Most commonly seen with WMI, Group Policy, MMC consoles, and any tool relying on RPC.
The code can be looked up programmatically in PowerShell with [ComponentModel.Win32Exception]::new(-2147012867).Message (for Win32 / NTSTATUS codes that map cleanly), or with net helpmsg <decimal> for the legacy decimal range. For HRESULT-style codes, decode the facility and code with err.exe from the SDK or via the WinDbg !error command.
Common causes
- Target service not running or listening on the expected port.
- Windows Firewall blocking the dynamic RPC range (49152-65535) or the named pipe.
- Network path obstruction (NAT, ACL, segmentation) between client and server.
- RPC endpoint mapper (port 135) unreachable on the target.
- DNS resolving the target to the wrong IP / IPv4 vs IPv6 mismatch.
Troubleshooting steps
- From the client, run
Test-NetConnection -ComputerName <target> -Port 135to verify Endpoint Mapper reachability. - Check that the target service is running:
sc \\<target> query <service>. - Verify Windows Firewall on the target allows the dynamic RPC range (49152-65535) and the named pipe used by the service.
- Inspect
Microsoft-Windows-RPC-Eventslog on both ends for the matching RPC error code. - If the client is multi-homed or behind a proxy, confirm correct binding order, IP, and absence of TLS / WAF interception.
Decode in PowerShell
# Decode 0x80072EFD (-2147012867) in PowerShell
[ComponentModel.Win32Exception]::new(-2147012867).Message
# Or via WinDbg / err.exe (Windows SDK)
# err 0x80072EFD
# Or net helpmsg (legacy decimal range only)
# net helpmsg <decimal>Frequently asked questions
What does the Windows error code 0x80072EFD mean?
WININET_E_CANNOT_CONNECT (decimal -2147012867). A connection with the server could not be established.How do I decode 0x80072EFD in PowerShell?
[ComponentModel.Win32Exception]::new(-2147012867).Message in any PowerShell session. For HRESULT-style codes, use err.exe from the Windows SDK or the WinDbg !error command.Where does Windows typically log this error?
%WinDir%\WindowsUpdate.log; AD/Kerberos → Security event log on the DC; BSOD → minidump under C:\Windows\Minidump; MSI → %TEMP%\msi*.log; WMI → Microsoft-Windows-WMI-Activity). Always cross-reference the timestamp and module name with the Application and System event logs.Is this code recoverable?
Should I open a Microsoft support case for this?
Get-WinEvent export ready before opening the case.