AstroSkipper Posted February 14, 2022 Share Posted February 14, 2022 24 minutes ago, maile3241 said: Too bad. I'm still wondering how I got it to work without a proxy for a short time in December. Microsoft had changed a lot in the past. Maybe they had switched back to old ciphers in this short time in Dezember. Link to comment Share on other sites More sharing options...
maile3241 Posted February 14, 2022 Share Posted February 14, 2022 (edited) 10 minutes ago, xpandvistafan said: Maybe someone at Microsoft temporarily enabled TLS 1.0 on the server and enabled an XP compatible cipher suite. You can check the cipher suites at https://www.ssllabs.com/ssltest/analyze.html?d=fe2.update.microsoft.com Currently, there are no XP compatible cipher suites on. But some Microsoft websites, like this one https://www.ssllabs.com/ssltest/analyze.html?d=sws1.update.microsoft.com have XP compatible cipher suites on. https://www.ssllabs.com/ssltest/analyze.html?d=fe2.ws.microsoft.com has xp cipher suites enabled, but it needs TLS 1.2, which also means it needs PosReady Updates. It never worked without Tls 1.2. PS. I was able to go to fe2.ws.microsoft.com but I keep getting error 0x800C0002 on that page. 10 minutes ago, AstroSkipper said: Microsoft had changed a lot in the past. Maybe they had switched back to old ciphers in this short time in Dezember. Maybe. It didn't always work. It was luck. Edited February 14, 2022 by maile3241 Link to comment Share on other sites More sharing options...
xpandvistafan Posted February 14, 2022 Share Posted February 14, 2022 14 minutes ago, maile3241 said: I was able to go to fe2.ws.microsoft.com but I keep getting error 0x800C0002 on that page. Yes, it seems it supports XP ciphers. The endpoint that Windows Update uses is https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx You cannot access this page in Windows XP even with PosReady updates if you don't use ProxHTTPSProxy. But with https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx you are able to access this page if you have TLS 1.2 enabled without ProxHTTPSProxy. The endpoints seem exactly the same. 1 Link to comment Share on other sites More sharing options...
cc333 Posted February 15, 2022 Share Posted February 15, 2022 (edited) I came across this page, which, last I checked, only had 20 or so pages (!), so it took some time to read through it all! Anyway, I pieced together the instructions, and got everything set up. It took a few tries, but after realizing the script failed to replace wuaueng.dll with the patched version, I did it myself manually (I found that to satisfy SFC, I had to replace it in three places: C:/Windows/System32, C:/Windows/System32/dllcache, and C:/Windows/ServicePackFiles/i386), and, well, I'll let these screenshots speak for themselves: I was so excited, I forgot to get a screenshot of the initial landing page, but the fact I got these two should nevertheless imply that I was quite successful! The install I'm using is a copy of Windows XP Professional that I installed in a virtual machine running on my Mac. I'm quite surprised that everything's still here and apparently functional, and only the means of accessing it from XP was blocked! I wonder how long it will last before MS decides to shut the site down altogether? Nevertheless, it just occurred to me that maybe it's still here because some well-paying corporte or governmental customers are contracting MS to produce special extended support updates, one or more of which may enable proper, native support for SHA-2/SHA256? It sure would be fun if somehow we could find out for certain! That being said, in the interest of preservation, I think this is a good opportunity for someone to consider analyzing the site and downloading every possible file, with an eye towards perhaps reverse engineering the backend and re implementing it on a local server. Or perhaps as some sort of runtime that can run in much the same way as ProxHTTPSProxy? c Edited February 15, 2022 by cc333 corrections, new thoughts, etc. Link to comment Share on other sites More sharing options...
xpandvistafan Posted February 15, 2022 Share Posted February 15, 2022 (edited) 1 hour ago, cc333 said: I came across this page, which, last I checked, only had 20 or so pages (!), so it took some time to read through it all! Anyway, I pieced together the instructions, and got everything set up. It took a few tries, but after realizing the script failed to replace wuaueng.dll with the patched version, I did it myself manually (I found that to satisfy SFC, I had to replace it in three places: C:/Windows/System32, C:/Windows/System32/dllcache, and C:/Windows/ServicePackFiles/i386), and, well, I'll let these screenshots speak for themselves: I was so excited, I forgot to get a screenshot of the initial landing page, but the fact I got these two should nevertheless imply that I was quite successful! The install I'm using is a copy of Windows XP Professional that I installed in a virtual machine running on my Mac. I'm quite surprised that everything's still here and apparently functional, and only the means of accessing it from XP was blocked! I wonder how long it will last before MS decides to shut the site down altogether? Nevertheless, it just occurred to me that maybe it's still here because some well-paying corporte or governmental customers are contracting MS to produce special extended support updates, one or more of which may enable proper, native support for SHA-2/SHA256? It sure would be fun if somehow we could find out for certain! That being said, in the interest of preservation, I think this is a good opportunity for someone to consider analyzing the site and downloading every possible file, with an eye towards perhaps reverse engineering the backend and re implementing it on a local server. Or perhaps as some sort of runtime that can run in much the same way as ProxHTTPSProxy? c Great you got it working! We currently have it working on XP, Server 2003 (untested for Server 2003), 2000 with SP4 and extended kernel (not publicly released) , and Vista RTM and SP1 (not publicly released) even though Vista uses the control panel for Windows Updates. Yes, I think reverse engineering the backend would be a good idea. Unfortunately I am not one who is good at code, but I am sure there are people in this forum that are. We know that it connects to the endpoint https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx using POST, and somehow receives the updates from that endpoint. It is the same endpoint that Windows 7 and later use. By the way, you do not need g_sconsumersite=1 for XP and later, that is only for 2000. For XP, you just need to add http://update.microsoft.com, http://www.update.microsoft.com, and https://www.update.microsoft.com to your trusted sites and set the security level for those sites to high. Edited February 15, 2022 by xpandvistafan Link to comment Share on other sites More sharing options...
Dave-H Posted February 16, 2022 Share Posted February 16, 2022 I'm still seeing this in my System Event Log regularly. I still have automatic updates set to tell me if there are any! I guess this is because it can't use the proxy. Link to comment Share on other sites More sharing options...
AstroSkipper Posted February 16, 2022 Share Posted February 16, 2022 (edited) 3 hours ago, Dave-H said: I'm still seeing this in my System Event Log regularly. I still have automatic updates set to tell me if there are any! I guess this is because it can't use the proxy. I disabled automatic updates a long time ago. I thought this app would use IE engine to check for updates. So actually you had to keep HTTPSProxy running generally. I think you don't really want to do that. Therefore disable automatic updates! Unfortunately there will be no more updates in future. But since restoring MU you can check manually for updates at any time. Edited February 16, 2022 by AstroSkipper correction Link to comment Share on other sites More sharing options...
cc333 Posted February 16, 2022 Share Posted February 16, 2022 @xpandvistafanGood to know, thanks! I'm trying to get it to work on XP x64, and so far I seem to be unable to. Since it's generally identical to Server 2003 (which, although untested, should work), I figured it would work. Does it matter that the last time WU worked natively, I had been using Microsoft Update? It seems stuck in the redirect loop, and I'm not sure how to fixed it, unless there's a patched MU dll somewhere? c Link to comment Share on other sites More sharing options...
maile3241 Posted February 16, 2022 Share Posted February 16, 2022 On 2/10/2022 at 10:53 PM, maile3241 said: You need to add these three websites to Trusted Sites: http://www.update.microsoft.com https://www.update.microsoft.com and http://update.microsoft.com And set the level to high. If it is not available, press reset first. @cc333 Look at this to stop the forwarding. Link to comment Share on other sites More sharing options...
maile3241 Posted February 16, 2022 Share Posted February 16, 2022 54 minutes ago, AstroSkipper said: I disabled automatic updates a long time ago. I thought this app would use IE engine to check for updates. So actually you had to keep HTTPSProxy running generally. I think you don't really want to do that. Therefore disable automatic updates! Unfortunately there will be no more updates in future. But since restoring MU you can check manually for updates at any time. Automatic Updates works fine for me with httpsproxy. I also can see the yellow shield in the taskbar. Link to comment Share on other sites More sharing options...
cc333 Posted February 16, 2022 Share Posted February 16, 2022 @maile3241I did that. Unfortunately, no change. c Link to comment Share on other sites More sharing options...
maile3241 Posted February 16, 2022 Share Posted February 16, 2022 1 minute ago, cc333 said: @maile3241I did that. Unfortunately, no change. c Post a screenshot. Link to comment Share on other sites More sharing options...
cc333 Posted February 16, 2022 Share Posted February 16, 2022 (edited) OK. Here's a couple detailing the Internet Settings (these same settings work fine on my 32-bit XP Pro VM): I hope these are useful. EDIT: This XP Pro x64 install is also running in a VM, if that matters.... c Edited February 16, 2022 by cc333 Link to comment Share on other sites More sharing options...
maile3241 Posted February 16, 2022 Share Posted February 16, 2022 (edited) 9 minutes ago, cc333 said: OK. Here's a couple detailing the Internet Settings (these same settings work fine on my 32-bit XP Pro VM): I hope these are useful. c Try to use http and not https. If it does not work, try this page: http://fe2.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en&g_sconsumersite And replace the config file. Edited February 16, 2022 by maile3241 Link to comment Share on other sites More sharing options...
maile3241 Posted February 16, 2022 Share Posted February 16, 2022 (edited) 17 minutes ago, cc333 said: OK. Here's a couple detailing the Internet Settings (these same settings work fine on my 32-bit XP Pro VM): I hope these are useful. c You added the wrong pages! You added www.microsoft.update.com. This page does not exist! Correct the settings. Edited February 16, 2022 by maile3241 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now