Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019


Recommended Posts

56 minutes ago, digbick said:

I have the 0x800b0003 error with online and offline update in wumt. I'm using the latest wsusscn2.cab with sha-1 signature from july 13th, but I don't think this has something with the error since the only vector that causes the error is the presence of IE8.

I need IE8 just to read some html reports generated from a legacy software that runs only in windows xp due to the hardlock.

It's normal (See here). Use an old wsusscn2.cab and it will work ;) : https://web.archive.org/web/20191209214827/http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab

Edited by max-h
Link to post
Share on other sites

It should certainly get beyond that stage, it's when you actually scan that it will fail if the patch hasn't worked.
Have you tried repeatedly reloading it? On my system it can take many attempts before the page will even load at all, and it sometimes even then hangs on the "checking" page, as you're seeing.
Eventually though, it has always loaded for me, at least recently.
:)

Link to post
Share on other sites

I see no one mentioned it, but WU is down again (since friday november 30) and for good this time.

MS restricted to TLS 1.2 and cipher TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 which is not supported by XP SP3.

Abbodi on MDL finded an ultime solution with a proxy to upgrade TLS connection (the proxy connect to WU with TLS 1.2 and responding to XP with TLS1) but for me (and other members), it's not working... I get error 0x80072EFE like a direct connection.

:(

Edited by max-h
Link to post
Share on other sites
38 minutes ago, max-h said:

I see no one mentioned it, but WU is down again (since friday november 30) and for good this time.

That's too bad!

38 minutes ago, max-h said:

MS restricted to TLS 1.2 and cipher TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 which is not supported by XP SP3.

My understanding is that as long as it isn't ECC-based, there exists the possibility of somehow implementing it.  Right?

40 minutes ago, max-h said:

Abbodi on MDL finded an ultime solution with a proxy to upgrade TLS connection (the proxy connect to WU with TLS 1.2 and responding to XP with TLS1) but for me (and other members), it's not working... I get error 0x80072EFE like a direct connection.

This will ultimately have to be the proper solution, I suspect, because it doesn't involve (I assume) direct hacking of system files.

c

Link to post
Share on other sites
28 minutes ago, max-h said:

WU is down again (since friday november 30)

I guess you meant to write “Friday October 30,” since September 30 was a Wednesday. I didn’t realize that WU was up in October.

37 minutes ago, max-h said:

MS restricted to TLS 1.2 and cipher TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 which is not supported by XP SP3.

It sounds like M$ detected suspicious activity and took preventative action. Wonder how long it will be before M$ takes down all updates for XP?

Link to post
Share on other sites

 

2 hours ago, cc333 said:

My understanding is that as long as it isn't ECC-based, there exists the possibility of somehow implementing it.  Right?

I don't know.

2 hours ago, cc333 said:

This will ultimately have to be the proper solution, I suspect, because it doesn't involve (I assume) direct hacking of system files.

Yep, no need to hack something.

2 hours ago, Vistapocalypse said:

I guess you meant to write “Friday October 30,” since September 30 was a Wednesday. I didn’t realize that WU was up in October.

Oops... october, yes.

2 hours ago, Vistapocalypse said:

It sounds like M$ detected suspicious activity and took preventative action. Wonder how long it will be before M$ takes down all updates for XP?

Probably. For the deletion of updates, impossible to say. But download them quickly as possible, or use WSUS Server like me.

Tutorial for windows server 2019 : https://www.prajwaldesai.com/install-configure-wsus-on-windows-server-2019/

But it works also on 2008R2 2012 and 2016 of course.

Edited by max-h
Link to post
Share on other sites

New method found ! Thanks to abbodi1406 :thumbup https://forums.mydigitallife.net/threads/restore-windows-update-for-windows-xp-server-2003.82538/page-3#post-1628508

Quote

# Requirements

-Windows update agent : http://download.windowsupdate.com/windowsupdate/redist/standalone/7.4.7600.226/windowsupdateagent30-x86.exe

- VC++ 11 (2012)
https://www.microsoft.com/en-us/download/details.aspx?id=30679
for XP/2003 x64, you need both vcredist_x64.exe/vcredist_x86.exe

- Internet Explorer 8
or the lost Microsoft Internationalized Domain Names (IDN) Mitigation APIs
idndl.x86.exe

- Patched PHP 5.6 for Windows XP/2003
http://www.lindasc.com/php/

(non thread safe, for IIS)
php-5.6.24-nts-WinXP32-VC11-x86.7z






needed files: 
ext\php_curl.dll 
libeay32.dll 
libssh2.dll 
nonxp.dll 
php.exe 
php5.dll 
ssleay32.dll

- Optional, latest OpenSSL 1.0.2u (libeay32.dll and ssleay32.dll)
https://www.totalcommander.ch/win/openssl/
https://github.com/IndySockets/OpenSSL-Binaries

- Windows Update MiniTool to scan against WSUS
WU/MU via IE scan against windowsupdate servers directly and fail

- WSUS Proxy mod by @mspaintmsi (AFAIK, not published before)
https://download.ru/files/vMYWEl7O

 

# How To

- Install WUA agent
- Extract WSUS_Proxy_XP.7z to proper simple path
- Execute Add_wsus.cmd
- Execute run_wsus.cmd and approve Firewall Unblock for PHP
- Run wumt_x86.exe (it should point to Windows Server Update Service) and scan
- PHP cmd window should log the requests (to client.asmx)
- When finished, close PHP cmd window

# Caveats

- Slow (specially for first scan)
and PHP will consume some RAM/CPU
- Might fail with 0x8024400A, due race condition in http.sys
just rescan again and it will work
 

 

/!\ Restricted to french IPs

Or if your're lazy, you can use my proxy that I have made available to everyone : http://wsus.update-old-wins.fr.nf

It should be specified in gpedit.msc  :

Computer configuration > Administrative templates > Windows components > Windows update > Specify intranet Microsoft update service location, and enter in the two fields : http://wsus.update-old-wins.fr.nf/?

In this case a simple update of WUA to 7.4.7600.226 or 7.6.7600.256 is required.

 

This proxy also restore the updates for Windows 2000! It just need two requirements :

-double update of WUA :

http://download.windowsupdate.com/v7/windowsupdate/redist/standalone/WindowsUpdateAgent30-x86.exe

http://download.windowsupdate.com/windowsupdate/redist/standalone/7.4.7600.226/windowsupdateagent30-x86.exe

-Root certificates : http://download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/rootsupd_a153023b66d29034420aa227ccc2164cff75229e.exe

You should also add the Specify intranet Microsoft update service location GPO in gpedit, for this : right click on Adminisitrative template : Add/remove template > add wuau.adm The Windows update section should be appear in the list.

Finally, scan with WUMT.

Edited by max-h
  • Like 2
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...