Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019


Recommended Posts

6 hours ago, xpandvistafan said:

Between March 10 and March 20, Microsoft put HSTS on both the catalog for newer systems and the catalog for older systems. The difference is that the catalog for older systems supports TLS 1.0 but the catalog for newer systems supports only TLS 1.2.

In my previous post in this thread, I assumed you were trying to just connect to 

https://www.catalog.update.microsoft.com/Home.aspx

(because that's the URL I have bookmarked for MUC), so that's why I posted the results of SSL Labs on hostname www.catalog.update.microsoft.com :P :

Quote

Over TLS v1.2

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

Over TLS v1.1/1.0

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

It later became apparent (first via your IE8 screengrab :P) that you wanted to access

https://catalog.update.microsoft.com/v7/site/Home.aspx

which is, as you stated, a different story, because it has a stricter (pun intended) HSTS (courtesy, again, of SSL Labs/Server on the "catalog.update.microsoft.com" hostname) :

Quote

Over TLS v1.2, exclusively

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

Because XP doesn't support EC Cryptography (ECC), there's sadly no way you could connect natively with IE8... :(
Another factor that is/was not clear is the level of your Windows Update (XPSP3 EoS, POSReady2009 EoS, etc.); judging by what @Usher has posted above, I gather that a POSReady2009 EoS level updated IE8 is able to connect successfully to

https://www.catalog.update.microsoft.com/Home.aspx

(via one of the TLS_RSA_WITH_AES_* cipher suites, possibly over TLS v1.2, too - POSReady2009 has indeed brought TLS v1.2 to XP...), so that should be the way to go on XP (until M$ ruin it further in the future, which I'm sure they will :realmad: ).

On 3/31/2021 at 12:28 AM, xpandvistafan said:

ProxHTTPSProxy is not working for me. It just says SSL passthrough
and then it does not connect to the catalog.

As @Dave-H has correctly advised :), if your default ProxHTTPSProxy configuration file (config.ini) has the following entry under its [SSL Pass-Thru] section:

[SSL Pass-Thru]

*microsoft.com*

you just have to comment it out, so that both MUC variants are being "proxied":

[SSL Pass-Thru]

#*microsoft.com*

Best wishes :)

Edited by VistaLover
Link to post
Share on other sites

I don't actually think it will ever work again, in fact I'm surprised it's still there, as I said earlier.
The only thing it's any good for now is checking your update history.
:(

Link to post
Share on other sites

Possibly, although I always imagined there would be a special mechanism for them, not using the public site.
:dubbio:

  • Like 1
Link to post
Share on other sites

It’s pretty clear that M$ does not want Windows Update to work for anything older than Windows 7 SP1. At last report, SHA-2 support did not have to be manually installed in order to get Windows Update working for Win7 (but it must be SP1 rather than RTM), which raises doubts about the official explanation - which btw still does not list the latest error code 0x80072EFE.

  • Like 1
  • Upvote 1
Link to post
Share on other sites

I wonder how between September 25 and 28 2020 Windows Update came back up. Apparently on August 6th 2020 @daniel_k reported that Windows Update gave a 80244019 error which was a 404 error. The database was deleted. It would take a long time to reupload the updates to https://update.microsoft.com/v6/ClientWebService/client.asmx. So I wonder how it would come back up if the database was deleted.

Link to post
Share on other sites

I think it's extremely unlikely that the database was actually deleted.
I'm not at all sure what the evidence for that was.
They would certainly not have bothered to upload everything again if they had deleted it!
:)

 

  • Like 1
Link to post
Share on other sites

Well I'm not sure what that actually is, but surely not being able to access the database doesn't mean that it doesn't exist any more?
:dubbio:

  • Upvote 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...