On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019

[AstroSkipper]

@Dave-H Ok, here is a final solution. If that doesn't work too I'll be out of ideas related to error code 0x80072f8f. You can't find any other solutions in the World Wide Web, nay, despite a very deep research I couldn't find any other reasonable solutions related to this error code except those I've already posted.
Before performing this backup the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate and the folder WINDOWS\SoftwareDistribution completely or better create an image of your system partition! Here it is:

This is a fix if client machines are not reporting to WSUS properly:

Client-Side Script:

From an administrative command prompt on your system, run:

net stop bits
net stop wuauserv
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
rd /s /q "%SystemRoot%\SoftwareDistribution"
net start bits
net start wuauserv
wuauclt /resetauthorization /detectnow
PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()

Explanation: What is this Doing? Should I be Afraid of Running this?

This client-side script is something you should not be afraid of. Let’s walk through what is happening and why we’re doing it.

We stop the Background Intelligent Transfer Service (BITS), and the Windows Update Service (wuauserv) services because we’re working with items that are in use by these services.
We remove the following registry keys if they exist:
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AccountDomainSid (usually errors out but is included to be totally inclusive but I haven’t seen this since before 2005)
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\PingID (usually errors out but is included to be totally inclusive but I haven’t seen this since before 2005)
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId (This is what is responsible for most issues – duplicate SusClientId entries across multiple clients)
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientIDValidation (This also is responsible with SusClientId)
We remove the SoftwareDistribution folder from the Windows folder on the system drive – represented using a dynamic variable. This folder contains the history of Windows Update locally on the machine, but it also includes things like the cache of the downloads and temporary files that Windows Update uses. We remove this folder so that it will be recreated by the Windows Update Agent the next time it checks for updates, creating a corruption-free cache.
We start the Background Intelligent Transfer Service (BITS), and the Windows Update Service (wuauserv) services.
We run the Windows Update Client (wuauclt) and tell it to reset the authorization to re-create the SusClientId and SusClientIDValidation registry keys. We’ve also stuck on the /detectnow switch on the end of that command to initiate a detection for updates for Windows 8.1 systems and lower.
We’ve run the PowerShell equivalent of /detectnow for Windows 10 systems and Server 2016+ systems as they no longer use /detectnow as it has been deprecated. (We can also use UsoClient.exe StartScan instead of the PowerShell line however, Microsoft never intended UsoClient.exe to be used by anything other than the system itself through the orchestrator so your mileage may vary. The correct way is the PowerShell API).

Background: What is SusClientId and What Symptoms Does Having Duplicate SusClientId Entries have?

WSUS servers use the SusClientId to identify unique devices and then associate the computer’s hostname to the unique identifier for easy recognizable display purposes. Because more than 1 system has the exact same SusClientId, the WSUS server replaces the computer object’s hostname with the latest hostname that communicated with the server. This gives the appearance of a magician’s disappearing act with computers objects.
More than 75% of the time that clients have issues, it is due to cloning or imaging computers. Systems that are the ‘golden’ image are often created in an environment that allows the system to communicate with any WSUS server, including Microsoft’s Windows Update. The moment a client system communicates with a Windows Update server, it creates 2 registry keys that are essentially a security identifier (SID) [SusClientId] and a validation key [SusClientIDValidation] that gives a unique hardware identifier in a binary form. The Windows Update Agent is supposed to use a hardware validation routine to determine whether the current client hardware has changed since the SusClientId value was created, and if it has, it is “supposed to” regenerate both the SusClientId and the SusClientIDValidation. “Supposed to” doesn’t always equate to “does” and this is where the problem lies.

Note: In my system the subkeys AccountDomainSid and PingID don't exist probably due to the fact that my computer is a stand-alone one. In your system I could see in a screenshot that the subkeys PingID, SusClientId and SusClientIDValidation are present. Therefore I've crossed out all unnecessary steps and explanations including steps for Operation Systems except Windows XP. 

Edited February 5, 2022 by AstroSkipper
addition

[RainyShadow]

55 minutes ago, AstroSkipper said:

I don't believe that this has an effect.

 

41 minutes ago, Dave-H said:

Yes, I would be very surprised if changing the date format would make any difference, as there are people using the "non-US" format with it working fine.

 

You never know with Microsoft, lol. 

Didn't you check every non-nonsense possibilities already?

[AstroSkipper]

26 minutes ago, RainyShadow said:

You never know with Microsoft, lol. 

Didn't you check every non-nonsense possibilities already?

Of course and definitely not! And I am not omniscient. But I decide what is promising by reading, analyzing, checking facts, concluding and if possible proving. I am mathematician and that's the way these strange people like me do it.

Edited February 4, 2022 by AstroSkipper
correction

[AstroSkipper]

@Dave-H And check in form of a binary comparison one more time if the correct patched version of wuaueng.dll still exists in relevant folders. I assume in your system is SFC enabled. Just to be sure. 

Edited February 4, 2022 by AstroSkipper
addition

[Dave-H]

I checked with the HxD Hexeditor, which has a file compare function.
The file in system32 and the file in the Restore_WU_XP folder\x86 folder are identical.
I've just tried loading MS Update in ArcticFoxie's version of 360Chrome 13.5, which has an Internet Explorer engine function.
It produced the same result, but did allow me to look at the certificate, which it said was fine.

[AstroSkipper]

@Dave-H Have you already tried this new solution?
 

 

[Dave-H]

Not yet, I'll try it tomorrow.

[Dave-H]

OK, I've tried the last solution, still no change I'm afraid.
I did have to re-enable Microsoft Update, as you would expect.
I got this screen, which i have seen before.

As before, the "Check for Updates" button did nothing, but reloading the page produce the normal result.
I've attached the log again.

I don't know where to go from here, it is a complete mystery as to why this isn't working. As far as I'm aware nobody else has reported this problem.
I've been looking to see if there is some utility which will track the certificate chain, which is presumably failing at some point, but no luck as yet.
Can I say now how grateful I am for everyone's input and help with this, especially AstroSkipper of course!

WindowsUpdate.log

[RainyShadow]

2 hours ago, Dave-H said:

As before, the "Check for Updates" button did nothing, but reloading the page produce the normal result.

Did you try to turn on automatic updates as suggested on that page? 

Use either the link there or just open the applet from Control Panel. 

If it's ON already, try to turn it OFF and ON again

 

Last time i messed with WU/MU on my main PC, i was too annoyed at the web interface (maybe it was too slow, or there was some error, i don't remember), so i closed IE and did other things. After some time i had a notification about new updates being available in the systray. I just clicked that and checked if i want those updates without using the site.

 

Nowadays i just manually install updates only when needed. I wouldn't like some SSE2 stuff or some half-compatible DLL to sneak in and break my system. 

 

[Dave-H]

I didn't try that then, but I've now toggled it on and off a few times and now left it on.
I also tried removing all the Microsoft certificates, which stopped it working completely, not surprisingly (error 0x800B0109)!
I then ran heinoganda's root certificates updater, which put some (not all) of the deleted certificates back, proving it works I suppose, which returned it to as it was before.
I've also restored my original datastore.edb file, which has returned my update history I'm glad to say.

[xpandvistafan]

On 1/13/2022 at 4:16 PM, maile3241 said:

I have registered wuweb.dll (For Windows Update) and muweb.dll (For Microsoft Update) under c:/windows/syswow64 and added this page to Trusted Sites in Internet Options. And from Xp took the Windows Update Manager and copied it to Windows 10 on the desktop.

 

Going back to this, which file is the Windows Update Manager? I am testing it right now.

[maile3241]

1 hour ago, xpandvistafan said:

Going back to this, which file is the Windows Update Manager? I am testing it right now.

You don't necessarily need Windows Update Manager, but it's easier to open.

wupdmgr.exe

[xpandvistafan]

31 minutes ago, maile3241 said:

You don't necessarily need Windows Update Manager, but it's easier to open.

wupdmgr.exe 31.5 kB · 0 downloads

Does this also work on Windows 7? It gets stuck at Checking if your computer has the latest version updating software for the website...

Edited February 5, 2022 by xpandvistafan

[maile3241]

12 hours ago, xpandvistafan said:

Does this also work on Windows 7? It gets stuck at Checking if your computer has the latest version updating software for the website...

In Windows Vista/7 and 8 I get error code 0x80070002. It only works in Windows 10. Type the following in cmd: 

cd c:\windows\syswow64

regsvr32 c:\windows\syswow64\wuweb.dll

Btw. Run cmd as administrator!

Edited February 6, 2022 by maile3241

[AstroSkipper]

@Dave-H Very disappointing! I'd almost have bet on it that this last solution would work for you. But alright. Either you've missed one or more steps which had to be performed or your system is more defective than I previously assumed. Anyway you said you couldn't click the button "Check updates". Maybe due to a misconfigured Internet Explorer. MU web site has been called up as a http web site. Check your settings in Internet Zone, set it to lowest security level and unselect SmartScreen Filter in Advanced tab. Check all other settings of your Internet Explorer. At this point I don't want to conceal what the most effective method is to get rid of error code 0x80072f8f. Most of affected users performed a complete reinstallation of Windows XP and they reported it would have worked. A lot of them were assisted by remote connection to Microsoft and their experts couldn't find the cause of the problem. And what did they do? Of course a complete reinstallation of Windows XP. So what does it tell us? Microsoft itself is the causer of error code 0x80072f8f. What would I do if I were you? At first I'd  create an image of my system partition, replace CMOS battery, set up BIOS settings including date and time, clean my registry to get rid of all waste due to incomplete uninstallations and so on, clean complete system and all caches, reset Internet Explorer and Windows Update, perform all steps once again (and when I say all I mean all, regardless of steps or installations I did before) and execute all solutions I've posted here if necessary. If that didn't work I'd reinstall Windows XP or better I'd restore an image which was the last working one. I do have such images. If my system fails seriously I'll restore my system partition in less than 30 minutes and my computer is a very, very old one. Cheers! 

Edited February 5, 2022 by AstroSkipper
correction