xpandvistafan

Yes, but I was looking to make an ISO with Vista updated to only 2017 EOS. That way it would be easier to then install the extended kernel and Server 2008 updates from there.

Thanks, but I would like to have a fully updated until 2017 ISO, which is why I posted in this thread.

@win32 @asdf2345 Both MEGA links are now dead, any alternatives?

Thanks, this even works on Windows Vista with Extended Kernel.

@maile3241 I cannot seem to replace wuaueng.dll in Windows Vista. It always says I need permission, which I have. EDIT: Nevermind, I just had to rename the old file to wuauengold.dll and it worked.

A little OT, but I found it interesting that 2 Microsoft Root Certificates expired in the past 2 years. One of them is the Microsoft Root Authority, signed using MD5 and valid from January 10, 1997 to December 31, 2020. The other one is the Microsoft Root Certificate Authority signed using SHA-1 and valid from May 9, 2001 to May 9, 2021. Both of the expiry dates lined up with Microsoft's SHA-1 deprecation plan.

@WinFX Any news about this project? It would be really nice to get it working again. Where is the Hosts File in Windows 95? I cannot find it. I am currently running IIS on Windows 2000 Advanced Server SP4 but when I access it from 95, it redirects to fe2.update.microsoft.com.

Some images.

Thank you very much. We actually got Windows Update Working again on XP, check out the "On Discommisioning of Update Servers for 2000, XP, (and Vista?) as of July 2019. I have got it working on 2000, although I have not publicly released the prerequisites for it. It is similar to yours, except it requires a few more updates, Visual Studio 2008, and the extended kernel.

Great you got it working! We currently have it working on XP, Server 2003 (untested for Server 2003), 2000 with SP4 and extended kernel (not publicly released) , and Vista RTM and SP1 (not publicly released) even though Vista uses the control panel for Windows Updates. Yes, I think reverse engineering the backend would be a good idea. Unfortunately I am not one who is good at code, but I am sure there are people in this forum that are. We know that it connects to the endpoint https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx using POST, and somehow receives the updates from that endpoint. It is the same endpoint that Windows 7 and later use. By the way, you do not need g_sconsumersite=1 for XP and later, that is only for 2000. For XP, you just need to add http://update.microsoft.com, http://www.update.microsoft.com, and https://www.update.microsoft.com to your trusted sites and set the security level for those sites to high.

Yes, it seems it supports XP ciphers. The endpoint that Windows Update uses is https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx You cannot access this page in Windows XP even with PosReady updates if you don't use ProxHTTPSProxy. But with https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx you are able to access this page if you have TLS 1.2 enabled without ProxHTTPSProxy. The endpoints seem exactly the same.

Maybe someone at Microsoft temporarily enabled TLS 1.0 on the server and enabled an XP compatible cipher suite. You can check the cipher suites at https://www.ssllabs.com/ssltest/analyze.html?d=fe2.update.microsoft.com Currently, there are no XP compatible cipher suites on. But some Microsoft websites, like this one https://www.ssllabs.com/ssltest/analyze.html?d=sws1.update.microsoft.com have XP compatible cipher suites on. https://www.ssllabs.com/ssltest/analyze.html?d=fe2.ws.microsoft.com has xp cipher suites enabled, but it needs TLS 1.2, which also means it needs PosReady Updates. The old endpoint used www.update.microsoft.com. Now that website has no xp compatible cipher suites enabled, but you can see before in November 2020, it still had TLS 1.0 enabled and XP compatible cipher suites. Since the certificate was signed using SHA1, Windows 2000 and earlier versions of Windows could connect using the 3DES cipher, although the update searching only worked on 2000 or later.

Yes, pre SP2 was ok. Running Microsoft Update now is so slow, even on a virtual machine with 2GB of RAM. CPU usage is also at 100%.

@Dave-H Is there something wrong with my computer? It has taken a day to search for Office 2010 updates using this method and now it is taking 1 hour to install 25 updates for SP2!

How long is it supposed to take for Office 2010 updates? After installing Office 2010 SP2, it has been searching for updates for 15 minutes now.

Do you know where to find it? I only find something called extreme explorer when I search it up.

Lucky you! My update history on my XP machine was deleted last year since I had to reinstall XP. It had update history back to 2003. Great you got it working though.

Thank you, I was able to update the certificates on XP and 2000 without the f8f error.

I am not too familiar with generating certificates for ProxHTTPSProxy. Where are you supposed to generate it?

ProxHTTPSProxy works fine for me with extended kernel and c++ 2008 on windows 2000.

In order to get it working from the control panel, you have to install the SHA-2 Code Signing update, (KB4474419) and also enable TLS 1.2 in Internet Options.

Yes, same as maile3241.

@AstroSkipper Do you know why the Windows Update website is not working on Vista SP2 and Windows 7? It is strange that it works on SP1 and RTM but not on SP2 and Windows 7.

With the Windows Update app, it takes at least 5-20 minutes on Windows 7.

How long does it take to scan?