On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019

[VistaLover]

6 hours ago, xpandvistafan said:

Between March 10 and March 20, Microsoft put HSTS on both the catalog for newer systems and the catalog for older systems. The difference is that the catalog for older systems supports TLS 1.0 but the catalog for newer systems supports only TLS 1.2.

In my previous post in this thread, I assumed you were trying to just connect to 

https://www.catalog.update.microsoft.com/Home.aspx

(because that's the URL I have bookmarked for MUC), so that's why I posted the results of SSL Labs on hostname www.catalog.update.microsoft.com :

Quote

Over TLS v1.2

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

Over TLS v1.1/1.0

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

It later became apparent (first via your IE8 screengrab ) that you wanted to access

https://catalog.update.microsoft.com/v7/site/Home.aspx

which is, as you stated, a different story, because it has a stricter (pun intended) HSTS (courtesy, again, of SSL Labs/Server on the "catalog.update.microsoft.com" hostname) :

Quote

Over TLS v1.2, exclusively

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

Because XP doesn't support EC Cryptography (ECC), there's sadly no way you could connect natively with IE8...
Another factor that is/was not clear is the level of your Windows Update (XPSP3 EoS, POSReady2009 EoS, etc.); judging by what @Usher has posted above, I gather that a POSReady2009 EoS level updated IE8 is able to connect successfully to

https://www.catalog.update.microsoft.com/Home.aspx

(via one of the TLS_RSA_WITH_AES_* cipher suites, possibly over TLS v1.2, too - POSReady2009 has indeed brought TLS v1.2 to XP...), so that should be the way to go on XP (until M$ ruin it further in the future, which I'm sure they will ).

On 3/31/2021 at 12:28 AM, xpandvistafan said:

ProxHTTPSProxy is not working for me. It just says SSL passthrough
and then it does not connect to the catalog.

As @Dave-H has correctly advised , if your default ProxHTTPSProxy configuration file (config.ini) has the following entry under its [SSL Pass-Thru] section:

[SSL Pass-Thru]

*microsoft.com*

you just have to comment it out, so that both MUC variants are being "proxied":

[SSL Pass-Thru]

#*microsoft.com*

Best wishes

Edited April 1, 2021 by VistaLover

[xpandvistafan]

The tray icon belongs to Security Center and it updated at around 10 am this morning.

 

[xpandvistafan]

The Windows Update Website is currently back up.

 

 

But it is still failing to complete scans.

 

Edited April 30, 2021 by xpandvistafan

[Dave-H]

I don't actually think it will ever work again, in fact I'm surprised it's still there, as I said earlier.
The only thing it's any good for now is checking your update history.

[xpandvistafan]

@Dave-H I was even more surprised that they would put the site back up after it went down. It might still be in use for Enterprises with special contracts for extended XP security updates.

[Dave-H]

Possibly, although I always imagined there would be a special mechanism for them, not using the public site.

[Vistapocalypse]

It’s pretty clear that M$ does not want Windows Update to work for anything older than Windows 7 SP1. At last report, SHA-2 support did not have to be manually installed in order to get Windows Update working for Win7 (but it must be SP1 rather than RTM), which raises doubts about the official explanation - which btw still does not list the latest error code 0x80072EFE.

[xpandvistafan]

A Little Bit OT, But I was able to activate Windows XP over the internet in 2021.

The Pictures are a little too big so I had to use imgur. 

You just need the root certificates update

 

https://www.imgur.com/a/qXlElYT

https://www.imgur.com/a/Kgl2hbA

Edited April 3, 2021 by Dave-H
Links completed

[Dave-H]

Good to hear!

Could you add the information to this thread, outlining the procedure that you used?
This will help others.
Thanks, Dave.

[xpandvistafan]

@Dave-H Ok I have done that.

Edited April 3, 2021 by xpandvistafan

[Dave-H]

Thanks!

[xpandvistafan]

I wonder how between September 25 and 28 2020 Windows Update came back up. Apparently on August 6th 2020 @daniel_k reported that Windows Update gave a 80244019 error which was a 404 error. The database was deleted. It would take a long time to reupload the updates to https://update.microsoft.com/v6/ClientWebService/client.asmx. So I wonder how it would come back up if the database was deleted.

[Dave-H]

I think it's extremely unlikely that the database was actually deleted.
I'm not at all sure what the evidence for that was.
They would certainly not have bothered to upload everything again if they had deleted it!


 

[xpandvistafan]

The evidence for that was it gave a 404 error if you tried to access update.microsoft.com/v6/ClientWebService/client.asmx.

 

[Dave-H]

Well I'm not sure what that actually is, but surely not being able to access the database doesn't mean that it doesn't exist any more?