On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019

[AstroSkipper]

3 minutes ago, Dave-H said:

Nothing changes with the Malwarebytes scanners and the Windows Firewall switched off.

@Dave-H Ok, sill same error. The good news error code 0x80072f8f solved the bad you stay at error code 0x801901f6. In which way did you disable Malwarebytes? Can you restart computer without any modules in RAM related to Malwarebytes? Just to exclude that Malwarebytes is not involved. You can do that with Sysinternals Autostarts.

[Dave-H]

I just disabled the scanners in the Malwarebytes interface.
If that doesn't really disable them, it's pretty useless IMO!

I tried going to https://fe2.update.microsoft.com/v11/3/legacy/windowsupdate/selfupdate/wuident.cab?2201301850 directly in isolation using Firefox, and got this -

If I add an exception, I can then download the cab file with no problem.

I'll try disabling Malwarebytes as you say.

 

[AstroSkipper]

3 minutes ago, Dave-H said:

I just disabled the scanners in the Malwarebytes interface.
If that doesn't really disable them, it's pretty useless IMO!

Of course but I don't trust such features anyway and in case of Malwarebytes Premium for Windows 3.5.1.2522 even more. Your log looks fine until warning and error code 0x801901f6 appears, a cold comfort unfortunately. Please check if my provided config.ini is used and check Trusted Zone if only the three provided urls related to Microsoft exist. Check your Internet Zone too, maybe lower restrictions i.e. lower security level.

[maile3241]

17 minutes ago, Dave-H said:

I just disabled the scanners in the Malwarebytes interface.
If that doesn't really disable them, it's pretty useless IMO!

I tried going to https://fe2.update.microsoft.com/v11/3/legacy/windowsupdate/selfupdate/wuident.cab?2201301850 directly in isolation using Firefox, and got this -

If I add an exception, I can then download the cab file with no problem.

I'll try disabling Malwarebytes as you say.

 

I found out that Firefox only works when ProxhttpsProxy is closed.

[AstroSkipper]

2 minutes ago, maile3241 said:

I found out that Firefox only works when ProxhttpsProxy is closed

Newer browsers do not need HTTPSProxy or ProxhttpsProxy. I use these tools only for accessing web sites using IE or IE engine. Some programs use IE looking for updates or providing other services. Same for email clients. Most of the time HTTPSProxy is disabled in my system.

[Dave-H]

17 minutes ago, AstroSkipper said:

Of course but I don't trust such features anyway and in case of Malwarebytes Premium for Windows 3.5.1.2522 even more. Your log looks fine until warning and error code 0x801901f6 appears, a cold comfort unfortunately. Please check if my provided config.ini is used and check Trusted Zone if only the three provided urls related to Microsoft exist. Check your Internet Zone too, maybe lower restrictions i.e. lower security level.

Ah ha! You made my wonder, and I checked, and I was actually using the HTTPSProxy default config.ini!
I've replaced it now with yours, and the error is now back to the one about the clock being wrong again.
Sorry for the obviously unnecessary diversion there!

WindowsUpdate.log

[AstroSkipper]

1 hour ago, Dave-H said:

I've replaced it now with yours, and the error is now back to the one about the clock being wrong again

Now do this once again:

Quote

Check in your registry if the key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate doesn't exist otherwise delete it.

Open system panel, click Automatic Updates and check if it is not greyed out. Then select Turn off Automatic Updates.

Open Internet Explorer on the Tools menu, click Internet Options.

Under Advanced check if check for server certificate revocation is unselected.

Then click the Content tab. Under Certificates, click Clear SSL State. Click OK when you receive the message that the SSL cache was successfully cleared.

Under Personal information, click AutoComplete. Under Clear AutoComplete history, click Clear Forms. Click OK when you are prompted to confirm the operation. Click Clear Passwords.

Click OK when you are prompted to clear all previously saved passwords, and then click OK two more times.

Close Internet Explorer.

Start HTTPSProxy and then Internet Explorer.

Try to access Microsoft Update one more time.

Post your Windows Update Log again.

And what is about your time server?

Edited January 30, 2022 by AstroSkipper
correction

[xpandvistafan]

1 hour ago, Dave-H said:

Nothing changes with the Malwarebytes scanners and the Windows Firewall switched off.

WindowsUpdate.log 8.3 kB · 2 downloads

HTTPSProxy console has -

088 [R][D] "GET https://fe2.update.microsoft.com/v11/3/legacy/windowsupdate/selfupdate/wuident.cab?2201301850" HTTPSConnectionPool(host='fe2.update.microsoft.com', port=443): Max retries exceeded with url: /v11/3/legacy/windowsupdate/selfupdate/wuident.cab?2201301850 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)'),))

Do you have the Windows Update registry entries? The override ones? They are the ones in the directory HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Test.

Edited January 30, 2022 by xpandvistafan

[AstroSkipper]

6 minutes ago, xpandvistafan said:

directory

I think you mean registry key it isn't a directory. But thanks for tip! We have to check all again and again and again.... 

[maile3241]

29 minutes ago, Dave-H said:

Ah ha! You made my wonder, and I checked, and I was actually using the HTTPSProxy default config.ini!
I've replaced it now with yours, and the error is now back to the one about the clock being wrong again.
Sorry for the obviously unnecessary diversion there!

WindowsUpdate.log

 

2 minutes ago, AstroSkipper said:

I think you mean registry key it isn't a directory. But thanks for tip! We have to check all again and again and again.... 

I don't think this needs to be checked. You can see in its log file that the agent tries to check for updates through the new endpoint.

[AstroSkipper]

@Dave-H 

Due to the fact we have to check what else you have missed check following items:

1. Tls 1.2.reg was applied successfully. Important is reg key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
   "DefaultSecureProtocols"=dword:00000a80
2. Check if still correct patched wuaueng.dll version exists in both folder system32 and system32\dllcache. If you have SFC enabled Windows is able to swap it by an other one. In my system SFC is disabled.
3. Be absolutely sure you have taken the suitable config.ini for HTTPSProxy. I have provided two of them, one for HTTPSProxy and one for ProxHTTPSProxy.
4. Check Trusted Zone if only the three provided urls related to Microsoft exist. That's very important. I've already mentioned this several times but no statement from you.
5. Check your Internet Zone too, maybe lower restrictions i.e. lower security level. I've already mentioned this several times but no statement from you.
6. Clear SSL State and Personal information once again. I've already mentioned it above.
7. Did you try to access MU by disabling MalwareBytes and firewall completely? I've already mentioned this but no statement from you.

I do this list for you to be sure you haven't missed one of them.

When you reply to this do it in the way item 1 checked and so on. So I know what is done and what has to be done.

If none of necessary steps was missed you would be able to access MU without any problems. So what the hell is missing? Check it!

Edited January 30, 2022 by AstroSkipper
correction

[Dave-H]

Quote

Tls 1.2.reg was applied successfully. Important is reg key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a80

Present and correct, as are all the other relevant registry entries.
Test websites show TLS 1.2 working.

Quote

Check if still correct patched wuaueng.dll version exists in both folder system32 and system32\dllcache. If you have SFC enabled Windows is able to swap it by an other one. In my system SFC is disabled.

The version of both is 7.6.7600.256 dated 02 June 2012 size 1.83MB.
That matches the version in Restore_WU_XP.

Quote

Be absolutely sure you have taken the suitable config.ini for HTTPSProxy. I have provided two of them, one for HTTPSProxy and one for ProxHTTPSProxy.

I'm using the one you posted here.

Quote

Check Trusted Zone if only the three provided urls related to Microsoft exist. That's very important. I've already mentioned this several times but no statement from you.

Yes, just the three are there.
 

Quote

Check your Internet Zone too, maybe lower restrictions i.e. lower security level. I've already mentioned this several times but no statement from you.

It's set to the "High" setting with no modifications. I will now try with other settings later on.
 

Quote

Clear SSL State and Personal information once again. I've already mentioned it above.

All cleared, including History this time!

No difference, still error 0x80072F8F.

[AstroSkipper]

12 hours ago, Dave-H said:

No difference, still error 0x80072F8F.

Ok, item 1. to 6. checked and done. Very good. Important is item 7. I found this on a web site due to error code 0x80072F8F:

Quote

Spent a lot of time with Windows Online Support yesterday. The fault
was that Update was calling upon a file directly rather than going
through my proxy server, and was getting stopped by a firewall. Have
now made a hole in the firewall to accommodate the call.

Therefore we have to compare the Windows Firewall settings too.

https://imgur.com/a/OEfex0j

 

Edited January 31, 2022 by AstroSkipper
correction

[Dave-H]

I have the second HTTPSProxy entry, but not the first one.
How do the paths of your two entries compare?

[AstroSkipper]

13 minutes ago, Dave-H said:

I have the second HTTPSProxy entry, but not the first one.
How do the paths of your two entries compare?

@Dave-H The first entry is related to ProxHTTPSProxy and the second one to HTTPSProxy. You know I have both in my system.

I found a list with all error codes. Here is the link: http://inetexplorer.mvps.org/archive/wuc.htm

And there you can find:

Error Code: 0x80072F8F

Dec Error Code: -2147012721

Error String: ERROR_INTERNET_SECURE_FAILURE ErrorClockWrong

Description: One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server.

I wanted to upload more screenshots but I have a size limit of 45 kb. No chance! Is that normal?