Jump to content

On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019

Mcinwwl

By Mcinwwl
in Windows XP

 Share

Recommended Posts


maile3241

maile3241

Posted
Posted (edited)
10 minutes ago, xpandvistafan said:

Maybe someone at Microsoft temporarily enabled TLS 1.0 on the server and enabled an XP compatible cipher suite. You can check the cipher suites at https://www.ssllabs.com/ssltest/analyze.html?d=fe2.update.microsoft.com Currently, there are no XP compatible cipher suites on. But some Microsoft websites, like this one https://www.ssllabs.com/ssltest/analyze.html?d=sws1.update.microsoft.com have XP compatible cipher suites on. https://www.ssllabs.com/ssltest/analyze.html?d=fe2.ws.microsoft.com has xp cipher suites enabled, but it needs TLS 1.2, which also means it needs PosReady Updates.

It never worked without Tls 1.2.

PS. I was able to go to fe2.ws.microsoft.com but I keep getting error 0x800C0002 on that page.

10 minutes ago, AstroSkipper said:

Microsoft had changed a lot in the past. Maybe they had switched back to old ciphers in this short time in Dezember.

Maybe. It didn't always work. It was luck.

Edited by maile3241
Link to comment
Share on other sites
xpandvistafan

xpandvistafan

Posted
Posted
14 minutes ago, maile3241 said:

I was able to go to fe2.ws.microsoft.com but I keep getting error 0x800C0002 on that page.

Yes, it seems it supports XP ciphers. The endpoint that Windows Update uses is https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx You cannot access this page in Windows XP even with PosReady updates if you don't use ProxHTTPSProxy. But with https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx you are able to access this page if you have TLS 1.2 enabled without ProxHTTPSProxy. The endpoints seem exactly the same.

1
Link to comment
Share on other sites
cc333

cc333

Posted
Posted (edited)

I came across this page, which, last I checked, only had 20 or so pages (!), so it took some time to read through it all!

Anyway, I pieced together the instructions, and got everything set up.  It took a few tries, but after realizing the script failed to replace wuaueng.dll with the patched version, I did it myself manually (I found that to satisfy SFC, I had to replace it in three places: C:/Windows/System32, C:/Windows/System32/dllcache, and C:/Windows/ServicePackFiles/i386), and, well, I'll let these screenshots speak for themselves:

1712162334_ScreenShot2022-02-15at12_19_35AM.thumb.png.a191533fc26bc9bd37fe8b63b19302b2.png707311134_ScreenShot2022-02-15at1_07_47PM.thumb.png.6b78bb5f9e9dc4a0a6a111f5d7d64693.png

I was so excited, I forgot to get a screenshot of the initial landing page, but the fact I got these two should nevertheless imply that I was quite successful!

The install I'm using is a copy of Windows XP Professional that I installed in a virtual machine running on my Mac.

I'm quite surprised that everything's still here and apparently functional, and only the means of accessing it from XP was blocked!  I wonder how long it will last before MS decides to shut the site down altogether?  Nevertheless, it just occurred to me that maybe it's still here because some well-paying corporte or governmental customers are contracting MS to produce special extended support updates, one or more of which may enable proper, native support for SHA-2/SHA256?  It sure would be fun if somehow we could find out for certain!

That being said, in the interest of preservation, I think this is a good opportunity for someone to consider analyzing the site and downloading every possible file, with an eye towards perhaps reverse engineering the backend and re implementing it on a local server.  Or perhaps as some sort of runtime that can run in much the same way as ProxHTTPSProxy?

c

Edited by cc333
corrections, new thoughts, etc.
Link to comment
Share on other sites
xpandvistafan

xpandvistafan

Posted
Posted (edited)
1 hour ago, cc333 said:

I came across this page, which, last I checked, only had 20 or so pages (!), so it took some time to read through it all!

Anyway, I pieced together the instructions, and got everything set up.  It took a few tries, but after realizing the script failed to replace wuaueng.dll with the patched version, I did it myself manually (I found that to satisfy SFC, I had to replace it in three places: C:/Windows/System32, C:/Windows/System32/dllcache, and C:/Windows/ServicePackFiles/i386), and, well, I'll let these screenshots speak for themselves:

1712162334_ScreenShot2022-02-15at12_19_35AM.thumb.png.a191533fc26bc9bd37fe8b63b19302b2.png707311134_ScreenShot2022-02-15at1_07_47PM.thumb.png.6b78bb5f9e9dc4a0a6a111f5d7d64693.png

I was so excited, I forgot to get a screenshot of the initial landing page, but the fact I got these two should nevertheless imply that I was quite successful!

The install I'm using is a copy of Windows XP Professional that I installed in a virtual machine running on my Mac.

I'm quite surprised that everything's still here and apparently functional, and only the means of accessing it from XP was blocked!  I wonder how long it will last before MS decides to shut the site down altogether?  Nevertheless, it just occurred to me that maybe it's still here because some well-paying corporte or governmental customers are contracting MS to produce special extended support updates, one or more of which may enable proper, native support for SHA-2/SHA256?  It sure would be fun if somehow we could find out for certain!

That being said, in the interest of preservation, I think this is a good opportunity for someone to consider analyzing the site and downloading every possible file, with an eye towards perhaps reverse engineering the backend and re implementing it on a local server.  Or perhaps as some sort of runtime that can run in much the same way as ProxHTTPSProxy?

c

Great you got it working! We currently have it working on XP, Server 2003 (untested for Server 2003), 2000 with SP4 and extended kernel (not publicly released) , and Vista RTM and SP1 (not publicly released) even though Vista uses the control panel for Windows Updates. Yes, I think reverse engineering the backend would be a good idea. Unfortunately I am not one who is good at code, but I am sure there are people in this forum that are. We know that it connects to the endpoint https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx using POST, and somehow receives the updates from that endpoint. It is the same endpoint that Windows 7 and later use. By the way, you do not need g_sconsumersite=1 for XP and later, that is only for 2000. For XP, you just need to add http://update.microsoft.com, http://www.update.microsoft.com, and https://www.update.microsoft.com to your trusted sites and set the security level for those sites to high.

Edited by xpandvistafan
Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted (edited)
3 hours ago, Dave-H said:

I'm still seeing this in my System Event Log regularly.
I still have automatic updates set to tell me if there are any!
I guess this is because it can't use the proxy.

I disabled automatic updates a long time ago. I thought this app would use IE engine to check for updates. So actually you had to keep HTTPSProxy running generally. I think you don't really want to do that. Therefore disable automatic updates! Unfortunately there will be no more updates in future. :( But since restoring MU you can check manually for updates at any time. :)

Edited by AstroSkipper
correction
Link to comment
Share on other sites
cc333

cc333

Posted
Posted

@xpandvistafanGood to know, thanks!

I'm trying to get it to work on XP x64, and so far I seem to be unable to.  Since it's generally identical to Server 2003 (which, although untested, should work), I figured it would work.

Does it matter that the last time WU worked natively, I had been using Microsoft Update?  It seems stuck in the redirect loop, and I'm not sure how to fixed it, unless there's a patched MU dll somewhere?

c

Link to comment
Share on other sites
maile3241

maile3241

Posted
Posted
54 minutes ago, AstroSkipper said:

I disabled automatic updates a long time ago. I thought this app would use IE engine to check for updates. So actually you had to keep HTTPSProxy running generally. I think you don't really want to do that. Therefore disable automatic updates! Unfortunately there will be no more updates in future. :( But since restoring MU you can check manually for updates at any time. :)

Automatic Updates works fine for me with httpsproxy. I also can see the yellow shield in the taskbar.

Link to comment
Share on other sites
cc333

cc333

Posted
Posted (edited)

OK.  Here's a couple detailing the Internet Settings (these same settings work fine on my 32-bit XP Pro VM):

1808239032_ScreenShot2022-02-16at12_41_02PM.thumb.png.48f1779ec865ab9cd94d4ef8d8a6d3d9.png

1362932002_ScreenShot2022-02-16at12_42_01PM.thumb.png.d15cc5349f3359c65ba3925097177405.png

I hope these are useful.

EDIT: This XP Pro x64 install is also running in a VM, if that matters....

c

Edited by cc333
Link to comment
Share on other sites
maile3241

maile3241

Posted
Posted (edited)
9 minutes ago, cc333 said:

OK.  Here's a couple detailing the Internet Settings (these same settings work fine on my 32-bit XP Pro VM):

1808239032_ScreenShot2022-02-16at12_41_02PM.thumb.png.48f1779ec865ab9cd94d4ef8d8a6d3d9.png

1362932002_ScreenShot2022-02-16at12_42_01PM.thumb.png.d15cc5349f3359c65ba3925097177405.png

I hope these are useful.

c

Try to use http and not https. If it does not work, try this page: http://fe2.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en&g_sconsumersite

And replace the config file.

Edited by maile3241
Link to comment
Share on other sites
maile3241

maile3241

Posted
Posted (edited)
17 minutes ago, cc333 said:

OK.  Here's a couple detailing the Internet Settings (these same settings work fine on my 32-bit XP Pro VM):

1808239032_ScreenShot2022-02-16at12_41_02PM.thumb.png.48f1779ec865ab9cd94d4ef8d8a6d3d9.png

1362932002_ScreenShot2022-02-16at12_42_01PM.thumb.png.d15cc5349f3359c65ba3925097177405.png

I hope these are useful.

c

You added the wrong pages! You added www.microsoft.update.com. This page does not exist! Correct the settings.

46VC6or.png

Edited by maile3241
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...