On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019

[AstroSkipper]

3 minutes ago, maile3241 said:

OK. I patched the file on the desktop. But I don't see any dllcache folder. I'm slowly giving up.

@maile3241 Oh man, dllcache is a subfolder of system32 folder. 

[maile3241]

2 minutes ago, AstroSkipper said:

@maile3241 Oh man, dllcache is a subfolder of system32 folder. 

I looked in this folder. I even searched with the search assistant but nothing there.

[D.Draker]

6 hours ago, ExtremeGrief said:

You forgot disallowedcerts.sst

Oh really !? Are you sure ?

https://msfn.org/board/topic/178377-on-decommissioning-of-update-servers-for-2000-xp-and-vista-as-of-july-2019/?do=findComment&comment=1212052

 

 

[AstroSkipper]

45 minutes ago, maile3241 said:

I looked in this folder. I even searched with the search assistant but nothing there.

@maile3241 If there is no such file then it doesn't matter. Copy patched file in both folders and well done! Restart computer and check whether both files are still there. And then 

Edited January 23, 2022 by AstroSkipper
correction

[Dave-H]

12 hours ago, D.Draker said:

Don't forget to apply the disallowed first . And run the rar file as admin.

How do I do that?

I've packed up the files, and the resulting file appears to run with no errors, but how can I tell if it's worked?
There's no difference so far on Microsoft Update, it's still failing.

[AstroSkipper]

On 1/23/2022 at 2:09 AM, Dave-H said:

OK, I'll give that a try to see if it makes any difference, and I'll report back tomorrow.

@Dave-H Here are the most recent Root Certificates and Revoked Certificates Updater I made yesterday. Download link: https://www.mediafire.com/file/kegkco6y6cbybdx/Roots_Certificate_Updater_18.10.21.7z/file 

Edited January 31, 2022 by AstroSkipper
correction

[Dave-H]

Thanks, I'll give that a try!

[D.Draker]

3 hours ago, Dave-H said:

How do I do that, there appears to be no disallowedcerts.sst file to download?

I've packed up the others, and the resulting file appears to run with no errors, but how can I tell if it's worked?
There's no difference so far on Microsoft Update, it's still failing.

For revoked Certificate Update "rvkroots.exe" Microsoft download (http://www.microsoft.com/download/details.aspx?id=41542), unzip to a folder (e.g. with WinRAR). In "rvkroots.inf" the entry in the string VERSION should be changed to "5,0,2195,0" and the VER entry changed to "005". The next step is download the "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcert.sst" and paste the unzipped folder and replace older file. Then with e.g. (Create Self-Extracting Archive) WinRAR all files in the folder to an archive option SFX with the following comment:

TempMode
Silent=1
Overwrite=1
Setup=Rundll32.exe advpack.dll,LaunchINFSection rvkroots.inf,DefaultInstall

pack and you have a current update for blocking unsafe Certificates!

 

The link above works for me.

[Dave-H]

Thank you too!
I've just tried @AstroSkipper's version of what I assume is the same thing, running rvkroots.exe first, and then rootsupd.exe.
Again it appeared to work with no errors, but hasn't made any difference to Microsoft Update.

BTW, I couldn't get your Microsoft link to the original rootsupd.exe to work, it just gives a 404 not found.

[D.Draker]

Also , may be of some interest . If one wants to add a specific cert manually. Like this one , for example.

https://ssl-tools.net/subjects/281aea4e6a11200e3949b766237385489c2e8792

May export the certs registry entries from a working machine .

https://docs.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores

 

[AstroSkipper]

10 minutes ago, Dave-H said:

Thanks, I'll give that a try!

@Dave-H And if you still have problems to access MU you could give HTTPSProxy a try. You can install both on your machine they are portable but do not run both at same time i.e. they may not be executed in RAM at the same time otherwise they interfere. I don't know if I am allowed to upload HTTPSProxy due to the fact that @Thomas S. hasn't been here for a long time and he is the author. What do you think?

Edited January 23, 2022 by AstroSkipper
addition

[D.Draker]

3 hours ago, Dave-H said:

BTW, I couldn't get your Microsoft link to the original rootsupd.exe to work, it just gives a 404 not found.

Well , actually it isn't mine , this link is from this MSFN post , so I think maybe needs to be redacted. MS had the link deleted . I think it's safe to use the mirror someone gave to you . I didn't check myself ,though.

https://msfn.org/board/topic/175170-root-certificates-and-revoked-certificates-for-windows-xp/

[Dave-H]

4 minutes ago, AstroSkipper said:

@Dave-H And if you still have problems to access MU you could give HTTPSProxy a try. I don't know if I am allowed to upload due to the fact that @Thomas S. hasn't been here for a long time. What do you think?

So how does "HTTPSProxy" differ from "ProxHTTPSProxyMII" as ported to XP by @heinoganda?
Is there any known reason why one would work in this scenario and not the other?

[ExtremeGrief]

18 minutes ago, AstroSkipper said:

@Dave-H Here are the most recent Root Certificates and Revoked Certificates Updater I made yesterday. Download link: https://www.mediafire.com/file/kegkco6y6cbybdx/Roots_Certificate_Updater_18.10.21.7z/file 

Why not merge them?

[AstroSkipper]

28 minutes ago, Dave-H said:

So how does "HTTPSProxy" differ from "ProxHTTPSProxyMII" as ported to XP by @heinoganda?
Is there any known reason why one would work in this scenario and not the other?

@Dave-H Of course there are differences. HTTPSProxy ran from the very first I tried to access MU without any problems. Configuring was very easy. ProxHTTPSProxy didn't run from the very first. I had a lot of trials to get it work. Configuring wasn't easy. I had certificate problems too. In HTTPSProxy the certificate management is much easier. Beyond that HTTPSProxy is more user-friendly compared to ProxHTTPSProxy and can be accessed in SysTray at any time incl. switching on and off. By the way did you try my attached ProxHTTPSProxy's config,ini in this post? For me it is working smoothly.

 

Edited January 23, 2022 by AstroSkipper
addition