Dave-H

That GTE CyberTrust Global Root certificate is on my system, dated 13.08.2018, one day before yours! I doubt that's significant. Adding WuauClt.exe to the list of Windows firewall exceptions hasn't changed anything. My XP is a normal installation on a standalone PC, it is on a domestic network but nothing else.

Those are the same programs that come with ProxHTTPSProxyMII, which I used for years, I have indeed used them when I still had it installed (I'm using HTTPSProxy at the moment to mirror AstroSkipper's system). It never made any difference to the current problem with MS Update.

HTTPSProxy seems to be working fine here, no problems with any sites at all. How did you determine that cacert.pem was faulty? I had updated mine few days ago, and it's dated 26th October 2021. I tried the disabling of Malwarebytes using Autoruns, which seemed to amount just to the main service and a couple of shell extensions, and it did work and Malwarebytes is OK again now (phew!) but it made no difference to MS Update. My current time server is still your German one, as we discussed the other day, using the default Windows updating process. Here's my equivalent of your two Microsoft certificate lists - I see you have two apparently identical Microsoft Windows Hardware Compatibility certificates too! I don't know why that is. Windows XP is certainly activated, I've had to do it a few times in recent years due to changes of motherboard, and I'm always relieved that it still works, tedious process though it is doing it on the phone! My version of WgaTray.exe is indeed 1.9.40.0. WindowsUpdate.log

After a bit of registry editing, this is my IE8 UA now. No change on Microsoft Update. I will try disabling Malwarebytes. I already have Autoruns installed, although the self-protection module might fight it. As it was that which gave me grief before I'm a bit apprehensive, but i'll give it a go!

How do I set it back to the original user agent string? Having never knowingly changed it from the default, I've never done it, in fact I didn't know that you could change it on IE without an add-on! As for #7 on the list, switching the Windows firewall off has never made any difference, and I really don't want to uninstall Malwarebytes as I seem to remember it was a bit of a problem to get working properly in the first place! You said you never got it working properly, but it does seem OK for me at the moment and I don't want to mess it up. I think if it doesn't help switching off all its scanners, uninstalling it completely is clutching at straws a bit. This has to be a certificate problem surely? Either a needed certificate is missing, or one that is installed is incorrect or invalid.

IE8 from Softpedia? Definitely not! It's a standard Microsoft upgrade installation done from IE6 years ago.

Oh that! It's just a registry hack. I've got it on IE6 on Windows 98 too!

Only because I'm using the Window 98/2000 classic theme I suspect.

OK, I uninstalled Chrome Frame, which made no difference to Microsoft Update. As you can see from these "before and after" user agent detections, it would appear that the UA is "live" from IE8 (rather than being injected by something else) as the reference to Chrome Frame has gone. What the 'BTRS111060' bit is I have no idea, and researching it doesn't help. It seems that "BTRS" followed by a number is not uncommon in UA strings, but what it actually is seems to be rather vague to say the least! One suggestion was something to do with Bluetooth, but I think that's rather unlikely in my case!

Chrome Frame is disabled of course, but I will actually uninstall it just to make sure. I was always very impressed with it, it enabled many sites to still work on IE8, even things like online banking sites, which I never thought would ever work again! Of course I was only playing with it, I had long ago given up using IE8 for any serious browsing!

That's puzzling, I certainly haven't knowingly done anything to change the user agent. I can't think that any of the add-ons I've got would do it either. I did use Chrome Frame on IE8 for a while, but can't imagine that would change the Mozilla version number! Perhaps the proxy is doing it?

OK, I still had TLS 1.1 enabled, but that was the only difference. I've reset it and set it up the same as yours now, but it hasn't changed anything. I'm slightly puzzled as to why your window is labelled "Internet Options" and mine is labelled "Internet Properties".

Of course, I had forgotten that you were still running both HTTPSProxy versions. Is 45kb the limit on the size of each file, or an overall limit? Surely not the latter! Being a moderator I have more space that others, but I can't remember what the normal limits are. As an aside, now I've got it configured properly with the launcher, I'm really liking HTTPSProxy. Is there any reason to use ProxHTTPSProxyMII instead of it? If not, I will probably carry on using it!

I have the second HTTPSProxy entry, but not the first one. How do the paths of your two entries compare?

Present and correct, as are all the other relevant registry entries. Test websites show TLS 1.2 working. The version of both is 7.6.7600.256 dated 02 June 2012 size 1.83MB. That matches the version in Restore_WU_XP. I'm using the one you posted here. Yes, just the three are there. It's set to the "High" setting with no modifications. I will now try with other settings later on. All cleared, including History this time! No difference, still error 0x80072F8F.

Ah ha! You made my wonder, and I checked, and I was actually using the HTTPSProxy default config.ini! I've replaced it now with yours, and the error is now back to the one about the clock being wrong again. Sorry for the obviously unnecessary diversion there! WindowsUpdate.log

I just disabled the scanners in the Malwarebytes interface. If that doesn't really disable them, it's pretty useless IMO! I tried going to https://fe2.update.microsoft.com/v11/3/legacy/windowsupdate/selfupdate/wuident.cab?2201301850 directly in isolation using Firefox, and got this - If I add an exception, I can then download the cab file with no problem. I'll try disabling Malwarebytes as you say.

Nothing changes with the Malwarebytes scanners and the Windows Firewall switched off. WindowsUpdate.log HTTPSProxy console has - 088 [R][D] "GET https://fe2.update.microsoft.com/v11/3/legacy/windowsupdate/selfupdate/wuident.cab?2201301850" HTTPSConnectionPool(host='fe2.update.microsoft.com', port=443): Max retries exceeded with url: /v11/3/legacy/windowsupdate/selfupdate/wuident.cab?2201301850 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)'),))

Yes, I'm afraid I am often guilty of being one of those delusional people who think they don't need to read the instructions that come with things! Anyway, it's all understood now. I think it was the running of notepad which really threw me, but of course it says in the instructions that's exactly what it does if you don't specify a target program! Anyway, it seems to be all working fine now, and my system now matches yours as far as HTTPSProxy goes. I am only using the standard Windows Firewall, and I have said OK to all the popups about allowing things through it. I did notice that before Microsoft Update fails to load, there is an error icon at the bottom left corner of IE8. It contains - Webpage error details User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 5.1; en-US; Trident/4.0; Sky Broadband; BTRS111060; chromeframe/32.0.1700.107; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; BRI/2) Timestamp: Sun, 30 Jan 2022 17:45:28 UTC Message: Permission denied Line: 590 Char: 17 Code: 0 URI: http://fe2.update.microsoft.com/microsoftupdate/v6/shared/js/redirect.js?637791615008267454 Possibly some help? Sorry about the state of my WindowsUpdate.log file, I only looked at the end of it, but now I see the rest is totally scrambled! I had an unexplained freeze and reboot yesterday, which may well have caused the corruption, although why it would i don't know, as I wouldn't have thought that the file would have been loaded when it happened, but perhaps it's a file that's always loaded. It looks like it got mixed up with the Windows Search information. Anyway, here's a new "clean" one! WindowsUpdate.log

OK, I've fixed the launcher problem. Bothering the read its help file would have helped! I didn't realise you needed to specify the program you want it to run in its shortcut. How strange that it runs notepad by default if you don't though!

Proxycfg looks fine here, I've checked its configuration several times. There's nothing related to Windows or Microsoft Update in my HOSTS file.

I'm not seeing any of that, presumably because I'm running HTTPSProxy.exe directly, which just gives a console. If I'm supposed to be using launcher.exe, that doesn't work for some reason. Al that happens is my Notepad substitute, Notetab, runs and I get an icon in the taskbar which only relates to that. It doesn't run HTTPSProxy.

OK, I've now got HTTPSProxy running insted of ProxHTTPSProxyMII, and my settings are the same as yours. Should I disable SSL 2.0? Anyway the Microsoft Update site is now failing to load with error 0x801901F6, which apparently means "The server, while acting as a gateway or proxy to fulfil the request, received an invalid response from the upstream server it accessed." HTTPSProxy is working fine everywhere else. WindowsUpdate.log

@maile3241 I use Malwarebytes Premium, the last XP version. @AstroSkipper OK, I'll fire up HTTPSProxy, switch off ProxHTTPSProxyMII, and replicate your settings. You're absolutely right that we need to be comparing two systems that are as similar as possible!

I don't see why something would work in HTTPSProxy that wouldn't work in ProxHTTPSProxyMII, as far as I can see they are pretty much the same program! AFAIK my configuration settings are correct for ProxHTTPSProxyMII, it seems to work fine everywhere else. I am a bit puzzled that although we both have our proxy servers configured for https connections only, not for all connections, they are still apparently active when we are using http connections for Microsoft Update.