Jump to content

On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019


Mcinwwl
 Share

Recommended Posts

I'd already looked at that page and tried everything there, nothing made any difference.
My anti-virus is Malwarebytes Premium.
I'll check to see if that has any relevant settings.
Other https sites seem to work fine, so I'd be surprised if there is something there only affecting the Microsoft Update site.
:)

Link to comment
Share on other sites


This thread is a little bit confusing especially for people looking for help. So I have made a complete guide with all tips and steps which have to be performed to restore access to Microsoft Update web site and are working for me. Of course at your own risk without any guarantee!
And just to clarify: I am not the author or contributor of these patches and tools. I am a user and have examined my problems while restoring MU in Windows XP. This guide is the result of my examinations to help other users. Of course I did some modifications due to the fact that some patches don't work properly or something is missing. If you want improvements of these tools and patches, please contact the authors!

Complete guide for restoring Microsoft Update in IE

To be successful in restoring of access to MU web site, you have to keep the order of following steps. Please, do not change this order!
1.  Check BIOS and Windows date and time incl. correct time zone. Perform a time sync!
2. If you have used "WSUS server" in combination with "WUMT" in the past remove it completely by "Remove_wsus.cmd". This batch file does not work properly, so you have to remove this registry key manually: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate. You can let "Remove_wsus.cmd" perform this by adding following line (without quotes): "reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /f". Start Automatic Update service. In system panel Automatic Update may not be shown greyed out.
3. Go to Windows Services. Three system services are absolutely important for MU: bits, wuauserv and cryptsvc. These services should have been started and set to automatic.
4. Configure Internet Explorer. Internet Zone to standard, Trusted Zone to high with only these three urls related to MU: http://www.update.microsoft.com, https://www.update.microsoft.com and  http://update.microsoft.com. Credits to @maile3241 and @AstroSkipper. Go to Internet Explorer Options, Advanced. Check if TLS 1.2 is enabled. Uncheck entry "Check for server certificate revocation".
5. Before installing updates apply "PosReady.reg" if not already done.
6. Install these four updates  KB4467770, KB4019276, KB4493435, KB942288-V3. Credits to @maile3241.
7. Apply "Tls 1.2.reg". Credits to @maile3241
8. Execute "rootsupd.exe".
9. Install the latest Windows Update Agent 7.6. It's version 7.6.7600.256. Download link: 
http://download.windowsupdate.com/windowsupdate/redist/standalone/7.6.7600.320/WindowsUpdateAgent-7.6-x86.exe
10. Install "ProxHTTPSProxy". Download link: https://i430vx.net/files/XP/ProxHTTPSProxyMII_REV3d_PY344.7z, credits to @heinoganda.
Here you have to edit the config file "config.ini". Under section [SSL No-Verify] I added fe2.update.microsoft.com and deleted update.microsoft.com under sections [SSL Pass-Thru] and [BYPASS URL]. This is working for me.
11. Download and install one of these packages: 
an English all in one version, credits to @Windows7fan from MDL, @xpandvistafan, @maile3241 and @AstroSkipper from MSFN: https://drive.google.com/u/0/uc?id=1z5NGORov8OS7iBkoFVsvWOTOE1_LCjoQ&export=download
or a German all in one version, based on version above, modified and updated by @AstroSkipper: https://www.mediafire.com/file/0y1zmwv8z4lch9s/Restore_WU_XP_DE.7z/file. Credits to @Windows7fan from MDL, of course.
Here you have to check if "install.cmd" did its job properly i.e. all commands in "install.cmd" should have been performed completely. Additionally you have to verify the existence of patched "wuaueng.dll" in both folders system32 and system32\dllcache in form of a binary comparison.. Be aware of SFC which tries to restore an original old version of this file! After patching restart your computer and recheck! Verify if really all registry entries have been added.i
All bold files mentioned here are in these all in one versions included. They can be installed manually (all registry entries of "install.cmd" have to be added manually too) or automatically by applying "install.cmd".
12. If you have problems in configuring ProxHTTPSProxy, or you get error code 0x80072f8f while trying to access MU web site, have a look in my thread:

13. Use "CAupdater" or "Certificate Updater 1.6" to update your root certificates. Download link of Certificate Updater 1.6 can be found here:

14. If the button "Check for updates" doesn't work on MU, close Internet Explorer, open MU from Start Menu again and in most cases it will load successfully.
15. If you have a fresh installation or a reinstallation of Windows XP, it seems to be necessary to install MU ActiveX Control manually because it won't be downloaded automatically any longer. Without any confirmation by me (no opportunity to check it), here is a guide how you can do that. Credits to @maile3241:

16. If on MU web page error code 0x80072F78 appears, turn off your firewall temporarily. If MU is working now, add the program "wuauClt.exe" into the exception list of your firewall and turn your firewall back on. In any case ProxHTTPSProxy or HTTPSProxy must not be blocked by your firewall. Same for Internet Explorer, of course.
If on MU web page other error codes appear, rename the windows folder "SoftwareDistribution" to "SoftwareDistribution.old" and let MU generate a fresh one. Maybe you have to disable a "HTTPS scanning" feature of your security software temporarily or make exclusions for MU related sites.
17. Do not use the same "DataStore.edb" in "SoftwareDistribution" for WSUS server/WUMT and MU web version. I have two DataStore.edb files, one for WSUS server and one for MU. One for all doesn't work in my system.
18. Use only http-links to open MU in IE. Direct link is http://fe2.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en or http://fe2.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en&g_sconsumersite=1
19. MU is only working if ProxHTTPSProxy is enabled.
20. For testing I add a link of my working ProxHTTPSProxy's config.ini: https://www.mediafire.com/file/vr1klatuzjh6v5c/ProxHTTPSProxy_-_config.ini/file
21. If completing all of these steps didn't help you at all, even after repeated execution, you may have a rather general problem relating to MU in your Windows XP installation. In this case you can try to manually reset Windows Update components. Here is my post how you can do that: 

After that kind of reset I recommend to perform all steps once again (from step 1 to 20 inclusive). Of course, some steps won't be necessary any more but checking which to perform or not will cost a lot of time, therefore senseless. Although I am not a friend of automatisms, I also offer a tool here to perform this reset of Microsoft or Windows Update automatically. Anyway, I recommend to backup your system partition completely at first.
This tool called Reset Windows Update Tool (Script) is said to be working properly, but it has not been tested by me, so no guarantee of success and use at your own risk.
The last XP compatible version is 10.5.3.7:
https://www.mediafire.com/file/k48ll6e41eypogy/ResetWUEng10.5.3.7.zip/file  
and a less recent version 10.5.3.4 with a help file included: 
https://www.mediafire.com/file/wl0yrq98me8dfkj/ResetWUEng10.5.3.4.zip/file
22. If unfortunately none of all these 21 steps helped you, then you should presumably think about a complete reinstallation of Windows XP.

I did all these steps (except steps 21 and 22) and for me MU is working flawlessly in my Windows XP Professional system.

For further detailed instructions and missing files perform a search in this thread and enjoy the screenshots we all have uploaded!  :thumbup

If you enjoyed this guide or maybe you found it interesting and helpful, I would be pleased about any reaction by liking or upvoting.

Greetings from Germany,  :hello:

AstroSkipper

PS: This guide will no longer be maintained. It will stay here just for historical purpose. The new, maintained and up-to-date version can be found here: 
 

 

Edited by AstroSkipper
Update of content
  • Like 2
  • Upvote 4
Link to comment
Share on other sites

40 minutes ago, xpandvistafan said:

@maile3241 It is time for you to make a decision. We all don't want this to be patched, but you have to decide if we want to share this in MDL forums, or just keep it with MSFN.

That's fine by me

Link to comment
Share on other sites

On 1/19/2022 at 11:42 PM, AstroSkipper said:

@maile3241 The cmd file is a batch file. You can add in first line a path command for example "path c:\WINDOWS\system32\wbem\" or "set path c:\WINDOWS\system32\wbem\", If you add more than one path you have to separate by semicolon e. g. "path c:\WINDOWS\system32\wbem\; c:\WINDOWS\system32\dllcache\". In Windows XP you can set global paths. Look here: https://cs.calvin.edu/courses/cs/112/resources/installingEclipse/path/

I tried your guide. The location was correct. I found wmic is missing from wbem folder. I then added the registry entries manually. It works perfectly. It would be nice if there was such a patch for W2k.

Link to comment
Share on other sites

2 hours ago, AstroSkipper said:

This thread is a little bit confusing especially for people looking for help. So I have made a little guide with all tips and steps which have to be performed and are working for me. Of course at your own risk without any guarantee!

Complete guide for restoring Microsoft Update in IE

- Check BIOS and Windows date and time incl. correct time zone. Perform a time sync!
- If you have used "WSUS server" in combination with "WUMT" in the past remove it completely by "Remove_wsus.cmd". This batch file does not work properly, so you have to remove this registry key manually: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate. You can let "Remove_wsus.cmd" perform this by adding following line (without quotes): "reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /f". Start Automatic Update service. In system panel Automatic Update may not be shown greyed out.
- Configure Internet Explorer. Internet Zone to standard, Trusted Zone to high with only these three urls related to MU: http://www.update.microsoft.com, https://www.update.microsoft.com and http://update.microsoft.com. Disable in IE settings "Check for server certificate revocation".
- Install these four updates  KB4467770, KB4019276, KB4493435, KB94228-V3.
- Apply if necessary "PosReady.reg".
- Apply "Tls 1.2.reg".
- Execute "rootsupd.exe".
- Install "Restore_WU_XP_2003". Here you have to check if "install.cmd" did its job properly i.e. all commands in "install.cmd" have to be performed properly. Check the correct version of "wuaueng.dll" in both folder system32 and system32\dllcache. Check if all registry entries have been added.
- Install "ProxHTTPSProxy". Here you have to edit the config file "config.ini". Under section [SSL No-Verify] I added fe2.update.microsoft.com and deleted update.microsoft.com under sections [SSL Pass-Thru] and [BYPASS URL]. This is working for me.
- Use "CAupdater" or "Certificate Updater 1.6" to update your root certificates.
- If on MU web page error codes appear rename the windows folder "SoftwareDistribution" to "SoftwareDistribution.old" and let MU generate a fresh one. Maybe you have to disable a "HTTPS scanning" feature of your security software temporarily or make exclusions for MU related sites.
- Do not use the same "DataStore.edb" in "SoftwareDistribution" for WSUS server/WUMT and MU web version. I have two DataStore.edb files, one for WSUS server and one for MU. One for all doesn't work in my system.
- Use only http-links to open MU in IE. Direct link is http://fe2.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en (English version).
- MU is only working if ProxHTTPSProxy is enabled.

I did all these steps and for me MU is working flawlessly. For testing I attach my working config.ini of ProxHTTPSProxy. :yes:

For detailed instructions and files perform a search in this thread and enjoy the screenshots we all have uploaded! :thumbup

Greetings from Germany :hello:

config.ini 5.01 kB · 0 downloads

Shouldn't you make premake ProxHTTPSProxy with the config.ini, and also a script could be made to do the trusted zone. Also restoreWUXP2003 needs a patch to allow it to work after you already launched it once (batch needs a mod else when you run it second+ time it will not work). And you should also make more updated root certificates.

Also the Certificate Updater 1.6 always fails for me but it works without it

Link to comment
Share on other sites

@Dave-H Maybe perform all steps in my new post:

As I told you I had a lot of troubles to restore MU in my system. I had all error codes someone could get. I think your error code has been one of them. Maybe you have a BIOS date/time problem due to low cmos battery but I don't think so. My advice: Do all the steps once again and do not miss anyone! You know Windows is very often a mystery. :crazy:

Link to comment
Share on other sites

37 minutes ago, ExtremeGrief said:

Shouldn't you make premake ProxHTTPSProxy with the config.ini, and also a script could be made to do the trusted zone. Also restoreWUXP2003 needs a patch to allow it to work after you already launched it once (batch needs a mod else when you run it second+ time it will not work). And you should also make more updated root certificates.

Also the Certificate Updater 1.6 always fails for me but it works without it

@ExtremeGrief Sorry, I should do nothing. I am not the author of these packages and patches. I am a user like you and have examined my problems by restoring MU. This little guide some posts above is the result of my examinations to help other users. And once again I "should" do nothing. But you should reflect on how to speak to a member. First read the whole thread and then you will understand.

Edited by AstroSkipper
correction
Link to comment
Share on other sites

2 hours ago, AstroSkipper said:

This thread is a little bit confusing especially for people looking for help. So I have made a little guide with all tips and steps which have to be performed and are working for me. Of course at your own risk without any guarantee!

Complete guide for restoring Microsoft Update in IE

- Check BIOS and Windows date and time incl. correct time zone. Perform a time sync!
- If you have used "WSUS server" in combination with "WUMT" in the past remove it completely by "Remove_wsus.cmd". This batch file does not work properly, so you have to remove this registry key manually: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate. You can let "Remove_wsus.cmd" perform this by adding following line (without quotes): "reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /f". Start Automatic Update service. In system panel Automatic Update may not be shown greyed out.
- Configure Internet Explorer. Internet Zone to standard, Trusted Zone to high with only these three urls related to MU: http://www.update.microsoft.com, https://www.update.microsoft.com and http://update.microsoft.com. Disable in IE settings "Check for server certificate revocation".
- Install these four updates  KB4467770, KB4019276, KB4493435, KB94228-V3.
- Apply if necessary "PosReady.reg".
- Apply "Tls 1.2.reg".
- Execute "rootsupd.exe".
- Install "Restore_WU_XP_2003". Here you have to check if "install.cmd" did its job properly i.e. all commands in "install.cmd" have to be performed properly. Check the correct version of "wuaueng.dll" in both folder system32 and system32\dllcache. Check if all registry entries have been added.
- Install "ProxHTTPSProxy". Here you have to edit the config file "config.ini". Under section [SSL No-Verify] I added fe2.update.microsoft.com and deleted update.microsoft.com under sections [SSL Pass-Thru] and [BYPASS URL]. This is working for me.
- Use "CAupdater" or "Certificate Updater 1.6" to update your root certificates.
- If on MU web page error codes appear rename the windows folder "SoftwareDistribution" to "SoftwareDistribution.old" and let MU generate a fresh one. Maybe you have to disable a "HTTPS scanning" feature of your security software temporarily or make exclusions for MU related sites.
- Do not use the same "DataStore.edb" in "SoftwareDistribution" for WSUS server/WUMT and MU web version. I have two DataStore.edb files, one for WSUS server and one for MU. One for all doesn't work in my system.
- Use only http-links to open MU in IE. Direct link is http://fe2.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en (English version).
- MU is only working if ProxHTTPSProxy is enabled.

I did all these steps and for me MU is working flawlessly. For testing I attach my working config.ini of ProxHTTPSProxy. :yes:

For detailed instructions and files perform a search in this thread and enjoy the screenshots we all have uploaded! :thumbup

Greetings from Germany :hello:

config.ini 5.01 kB · 1 download

http://www.update.microsoft.com is still missing here.

Link to comment
Share on other sites

36 minutes ago, AstroSkipper said:

@ExtremeGrief Sorry, I should do nothing. I am not the author of these packages and patches. I am a user like you and have examined my problems by restoring MU. This little guide some posts above is the result of my examinations to help other users. And once again I "should" do nothing. But you should reflect on how to speak to a member. First read the whole thread and then you will understand.

Sorry, I thought you're one of the contribuitors. I was just giving some suggestions, also the thread is 53 pages so it will take a while to read it all.

Link to comment
Share on other sites

7 minutes ago, maile3241 said:

Step 3 only shows 2 pages instead of 3 and http://www.update.microsoft.com is the one that is missing.

No, in step 3 there are three urls related to MU.

 

3 hours ago, AstroSkipper said:

- Configure Internet Explorer. Internet Zone to standard, Trusted Zone to high with only these three urls related to MU: http://www.update.microsoft.com, https://www.update.microsoft.com and http://update.microsoft.com. Disable in IE settings "Check for server certificate revocation".

Maybe you have missed it. :whistle:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...