On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019

[AstroSkipper]

2 hours ago, Dave-H said:

There is a certificate in my list of Intermediate Certificate Authorities called "Microsoft Update Secure Server CA 1".
It expired on 9th May 2021.
I wonder if that's the problem?
The file is attached.
Anyone any Idea how I can update it to a valid version?

@Dave-H Such an Intermediate Certificate Authorities called "Microsoft Update Secure Server CA 1" doesn't exist in my system. I agree to @Mathwiz your problem is most likely related to ProxHTTPSProxy. I had applied its cert. installer program "ProxHTTPS Cert Install.exe" too. If the mentioned version doesn't work for you try HTTPSProxy from @Thomas S.. That's what I use most of the time and it works flawlessly. No certificate problems and very comfortable with a launcher in your Taskbar Notification Area (SysTray) and a lot of options.

Edited January 22, 2022 by AstroSkipper
correction

[Mathwiz]

3 hours ago, Dave-H said:

There is a certificate in my list of Intermediate Certificate Authorities called "Microsoft Update Secure Server CA 1".
It expired on 9th May 2021.
I wonder if that's the problem?

I don't have that IC and everything seems OK; therefore, that one probably isn't needed. I don't think having it causes a problem, though, aside from wasting an insignificant amount of storage space. (FWIW, I do have an IC called "Microsoft Update Secure Server CA 2.1 which expires 21 June 2027. Do you have that one?)

Note: you do need some expired certificates, for verifying things like signed files and the like. I recently made the mistake of deleting all expired certificates from my trusted root certificate store and WU failed spectacularly. Lesson learned! I reran @heinoganda's certificate updater and it fixed my mistake by reinstalling several expired root certificates, including one called "Microsoft Root Certificate Authority" with the same expiration date (9 May 2021) as your IC.

[Dave-H]

I don't have that certificate.
Could you export it and upload it here so I can try it to see if it makes any difference?
I'm very loathe to start messing around with my installation of ProxHTTPSProxy, I've been using it for years and it has always worked perfectly with many other sites and continues to do so. I find it hard to imagine that it has an intrinsic problem that is stopping just MS Update from working but everything else is fine.

[D.Draker]

3 hours ago, Dave-H said:

I don't have that certificate.
Could you export it and upload it here so I can try it to see if it makes any difference?

It's risky to use someone else's certs . This is the official MS link . All of those are there . 

http://download.microsoft.com/download/2/4/8/248D8A62-FCCD-475C-85E7-6ED59520FC0F/MicrosoftRootCertificateAuthority2011.cer

[D.Draker]

Run the following command with Admin rights to install it . Place this file to your "C" drive and run .

certutil -addstore "Root" "C:\MicrosoftRootCertificateAuthority2011.cer"

Right click and install should also work for XP. 

[xpandvistafan]

On 1/21/2022 at 7:38 AM, maile3241 said:

That's fine by me

Well, posted now. I also made an all-in-one script to make it work. Includes all the updates needed plus ProxHTTPSProxy. https://download.ru/files/ISbL9iYw

[Dave-H]

1 hour ago, D.Draker said:

Run the following command with Admin rights to install it . Place this file to your "C" drive and run .

certutil -addstore "Root" "C:\MicrosoftRootCertificateAuthority2011.cer"

Right click and install should also work for XP. 

Thanks, yes I've done that, but no difference.
I suspect those certificates were already installed as they appear to date from 2011.
Looking at @xpandvistafan's installation script, I've now also manually added the registry entries, which weren't there before on my system.
Still no difference, I can't seem to get past the "clock setting" error.

[D.Draker]

3 hours ago, Dave-H said:

Thanks, yes I've done that, but no difference.

XP simply can't process some "modern" certs , so I sugget to use 360 v.13.5 (which has some certs right in the browser) . For Vista it's different , it can work with all them . There is a method to manually download all of the MS certs and insert them into a rar file (without the 1.6 downloader programme) . Then run as admin . If this doesn't help , finita la commedia.

Did you or did you not follow this procedure ?

https://msfn.org/board/topic/175170-root-certificates-and-revoked-certificates-for-windows-xp/

[Dave-H]

Yes, years ago!
I use heinoganda's certificates updater regularly, and I've no reason to think that anything isn't as up to date as it can be.
There are no problems anywhere else, just on the revived Microsoft Update site.
360Chrome is no use for MS Update of course, as the site relies on ActiveX controls.
That bit is apparently working fine, and it scans, but instead of showing the results, it fails with the supposed clock setting error.

[D.Draker]

3 hours ago, Dave-H said:

I use heinoganda's certificates updater regularly

I meant the manual way . For me this programme fails , even though it shows as OK . 

[Dave-H]

How do you know it's failed?
Just so I can check that mine hasn't!

[D.Draker]

I ran it , all seemed fine , yet I still had issues with the certs . Then I did that manual way and the problems just vanished . I'm sorry , I don't know what specifically was wrong with the programme.

I repeat the manual way every several months and all is fine . 

I think other members also reported problems with the programme.

Edited January 22, 2022 by D.Draker
I think other members also reported problems with the programme.

[maile3241]

3 hours ago, Dave-H said:

Yes, years ago!
I use heinoganda's certificates updater regularly, and I've no reason to think that anything isn't as up to date as it can be.
There are no problems anywhere else, just on the revived Microsoft Update site.
360Chrome is no use for MS Update of course, as the site relies on ActiveX controls.
That bit is apparently working fine, and it scans, but instead of showing the results, it fails with the supposed clock setting error.

Hello @Dave-H have you tried this yet? http://i430vx.net/files/wsusstuff/NT5x/rootsupd.exe

[maile3241]

19 hours ago, AstroSkipper said:

@maile3241 rshx32.dll is only related to security tab. To disable WFC/SFC you have to patch sfc_os.dll too. I patched this file only to disable SFC permanently. I think this is your source:

 https://www.neowin.net/forum/topic/600928-xp-home-file-system-hacks/

As I said, I get an error when patching sfc_os.dll.

[AstroSkipper]

5 hours ago, maile3241 said:

As I said, I get an error when patching sfc_os.dll

@maile3241 Have you already checked if at offset EC84 of your file this code 83F89D7508 matches? You always say the same but you give less information about what you have tried. Use an hexeditor like WinHex and look inside! If code matches then you can patch outside of system32 without any problems.

Edited January 23, 2022 by AstroSkipper
correction