8024402C and 80072ee7

In a msg in this NG dated Jul 2 2006 10:21 AM and entitled "Windows
update doesn't; 8024402C and 80072ee7", I asked about why Windows
Update wouldn't work on one of my PCs. I had tried everything I could
find in this NG and at Microsoft, to no avail; the Windows update log
shows a long series of 80072ee7 errors, followed by a 0x8024402C error.

This is not a firewall error, as I have tried it with the firewall
turned off. Nor is it a problem with my ISP, since I have tried it
with two different ISPs (comcast and my olde dial-up ISP). And the
other PCs on my home network update just fine.

I've spent hours trying various things, to no avail. My only guess at
this point is that I have some malware, although all my scans have come
up clean (Avast, Spybot, Ad-Aware). If you have suggestions for other
scanners to try, please do. In fact, if you have _any_ suggestions,
_please_ do!

This affects Windows Update, Windows Defender, and possibly CygWin
update (at least that wasn't working last night).

What alternatives do I have for updating these programs? Is it
possible to download the update packages to one of my other PCs, and
then copy it over to this one and run the update?

/s/
Desperate
(aka Mike Maxwell)

[email protected] wrote:

> In a msg in this NG dated Jul 2 2006 10:21 AM and entitled "Windows
> update doesn't; 8024402C and 80072ee7", I asked about why Windows
> Update wouldn't work on one of my PCs. I had tried everything I could
> find in this NG and at Microsoft, to no avail; the Windows update log
> shows a long series of 80072ee7 errors, followed by a 0x8024402C
> error.
> [snip]
> This affects Windows Update, Windows Defender, and possibly CygWin
> update (at least that wasn't working last night).

See http://support.microsoft.com/kb/836941

Try also "Dial-a-fix" from http://wiki.djlizard.net/Dial-a-fix to repair
Windows Update and network settings.

Try opening a command prompt window and typing the command:

netsh winsock reset

--
Robin Walker [MVP Networking]
[email protected]

Thanks for your reply, but I'm still stuck:

Robin Walker [MVP] wrote:
> See http://support.microsoft.com/kb/836941
I had already tried this. I should probably run through the list
again, just to make sure.

> Try also "Dial-a-fix" from http://wiki.djlizard.net/Dial-a-fix to repair
> Windows Update and network settings.
Ran it with the "Fix Windows update" box checked (and all the boxes
that that automagically checks), still not working.

> Try opening a command prompt window and typing the command:
>
> netsh winsock reset
Did this, rebooted as directed. Still not working.

I also went to Symantec and ran their virus scan through the ActiveX
interface, came up clean.

Based on advice in another thread, I did this:
---------------------------
>nslookup download.windowsupdate.com
*** Can't find server name for address 192.168.2.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.2.1

Non-authoritative answer:
Name: a258.g.akamai.net
Addresses: 204.2.192.41, 204.2.192.47
Aliases: download.windowsupdate.com, main.dl.wu.akadns.net
dom.dl.wu.akadns.net, dl.wu.ms.edgesuite.net
---------------------------
I'm not sure how to interpret this. Looks like it failed to find the
DNS server where it expected. 192.168.2.1 is the IP address of my
router--why would it expect my router to be acting as a DNS server? I
do have TCP/IP set up to "Obtain DNS server address automatically", as
directed by my ISP = Comcast. But then it comes up with what looks (to
me, anyway!) like correct but "non-authoratitive" addresses for aliases
anyway. Is there any way to verify the 204 IP addresses? I can ping
them fine.

Mike Maxwell

[email protected] wrote:

>> nslookup download.windowsupdate.com
> *** Can't find server name for address 192.168.2.1: Non-existent
> domain
> *** Default servers are not available
> Server: UnKnown
> Address: 192.168.2.1
>
> Non-authoritative answer:
> Name: a258.g.akamai.net
> Addresses: 204.2.192.41, 204.2.192.47
> Aliases: download.windowsupdate.com, main.dl.wu.akadns.net
> dom.dl.wu.akadns.net, dl.wu.ms.edgesuite.net
> ---------------------------
> I'm not sure how to interpret this. Looks like it failed to find the
> DNS server where it expected. 192.168.2.1 is the IP address of my
> router--why would it expect my router to be acting as a DNS server? I
> do have TCP/IP set up to "Obtain DNS server address automatically", as
> directed by my ISP = Comcast. But then it comes up with what looks
> (to me, anyway!) like correct but "non-authoratitive" addresses for
> aliases anyway. Is there any way to verify the 204 IP addresses? I
> can ping them fine.

Your router 192.168.2.1 has declared itself to be your DNS server when it
responded to your PC's DHCP request. So your router will proxy all DNS
requests from your PC. The rest of the messages are then all normal. The
replies are "non-authoritative" because they do not come from the primary
DNS servers for the domains of the IP addresses in question. All normal.

I don't think that any of this is related to your Windows Update problem.

--
Robin Walker [MVP Networking]
[email protected]

Robin Walker [MVP] wrote:
....
> Your router 192.168.2.1 has declared itself to be your DNS server when it
> responded to your PC's DHCP request. So your router will proxy all DNS
> requests from your PC.

When you say my "router will proxy all DNS requests from your PC",
that is not the same as saying that my router is a proxy server, is it?


> The rest of the messages are then all normal. The
> replies are "non-authoritative" because they do not come from the primary
> DNS servers for the domains of the IP addresses in question. All normal.
>
> I don't think that any of this is related to your Windows Update problem.

OK, so where do I go from here?

Mike Maxwell

[email protected] wrote:

> When you say my "router will proxy all DNS requests from your PC",
> that is not the same as saying that my router is a proxy server, is
> it?

It looks as if the router is a proxy for DNS requests, but not for anything
else. Since the other PCs on your LAN are behaving normally, this is not a
problem.

> OK, so where do I go from here?

Can you open a command prompt window, type the command

ipconfig /all

and copy/paste the results back here?

--
Robin Walker [MVP Networking]
[email protected]

Robin Walker [MVP] wrote:
> Can you open a command prompt window, type the command
>
> ipconfig /all
>
> and copy/paste the results back here?


Here goes:
--------------------------------
>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : MUINANE
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ChezNous

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139/810x Family
Fast Eth
ernet NIC
Physical Address. . . . . . . . . : 00-13-D3-9E-36-8F

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : ChezNous
Description . . . . . . . . . . . : IEEE 802.11g Wireless
Cardbus/PCI Ad
apter
Physical Address. . . . . . . . . : 00-40-F4-F3-AB-BE
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
Lease Obtained. . . . . . . . . . : Saturday, July 08, 2006
4:04:04 PM
Lease Expires . . . . . . . . . . : Monday, January 18, 2038
11:14:07 PM
--------------------------------
BTW, I turned off my wireless network and tried to use the dial-up
again, still no luck. But I tried nslookup there, and it gave a result
more like what I expected:
--------------
>nslookup download.windowsupdate.com
Server: ns4.starnetusa.net
Address: 66.19.192.200

Non-authoritative answer:
Name: download.windowsupdate.com.c.footprint.net
Addresses: 209.3.40.190, 63.236.48.222
Aliases: download.windowsupdate.com, main.dl.wu.akadns.net
dom.dl.wu.akadns.net, download.windowsupdate.com.fp.nsatc.net
--------------
But as you say, that doesn't seem to be the problem.

Thanks for your help!

Mike Maxwell

[email protected] wrote:

> DNS Suffix Search List. . . . . . : ChezNous
>
> Ethernet adapter Wireless Network Connection:
>
> Connection-specific DNS Suffix . : ChezNous

Could you try deleting these "ChezNous" configurations from your network
configuration.

Also, use Dial-a-Fix 0.60 beta to "Flush Software Distribution"

--
Robin Walker [MVP Networking]
[email protected]

Robin Walker [MVP] wrote:
> [email protected] wrote:
>
> > DNS Suffix Search List. . . . . . : ChezNous
> >
> > Ethernet adapter Wireless Network Connection:
> >
> > Connection-specific DNS Suffix . : ChezNous
>
> Could you try deleting these "ChezNous" configurations from your network
> configuration.

Uh...not sure how to do this. Nothing obvious in the router interface.


I brought up the network config for TCP/IP for the wireless on my PC,
but nothing obvious there, either. On the "Advanced" settings for
TCP/IP properties, on the DNS tab, there is a radio button that allows
you to choose between "Append primary and connection specific DNS
suffixes" and "Append these DNS suffixes (in order)." The former was
checked (along with its check button for "Append parent suffixes of the
primary DNS suffix"), but if I switch the radio button to the latter,
it requires me to list at least one DNS suffix.

I tried disabling my wireless and using the dial-up, in which case
ipconfig/all shows a blank in the "DNS Suffix Search List" and in the
"Connection-specific DNS Suffix". But of course the update doesn't
work there either... (I just now verified that, with no firewall
turned on.) Here's the result from ipconfig/all with the dial-up:
--------------------------
>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : MUINANE
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8139/810x Family
Fast Eth
ernet NIC
Physical Address. . . . . . . . . : 00-13-D3-9E-36-8F

PPP adapter NetHere:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 66.217.131.111
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 66.217.131.111
DNS Servers . . . . . . . . . . . : 66.19.192.200
216.126.128.40
NetBIOS over Tcpip. . . . . . . . : Disabled
--------------------------
Again, let me thank you for your rapid responses, and taking the time.
I do hope you have a life...

Mike Maxwell

Robin Walker [MVP] wrote:
> [email protected] wrote:
>
> > DNS Suffix Search List. . . . . . : ChezNous
> >
> > Ethernet adapter Wireless Network Connection:
> >
> > Connection-specific DNS Suffix . : ChezNous
>
> Could you try deleting these "ChezNous" configurations from your network
> configuration.

Since I haven't figured out how to do this for my wireless, and since
the corresponding entries for my dial-up cnxn are blank, I tried:

> Also, use Dial-a-Fix 0.60 beta to "Flush Software Distribution"

(Or rather, I did the steps manually, saving the old
\windows\SoftwareDistribution to another location rather than deleting
it--on the assumption that the information in there might be useful.
If that was the wrong thing to do, let me know.)

Still no luck (using the dial-up with no firewall).

Mike Maxwell

[email protected] wrote:
> Robin Walker [MVP] wrote:
>> Could you try deleting these "ChezNous" configurations from your
>> network configuration.
>
> Uh...not sure how to do this.
>
> I brought up the network config for TCP/IP for the wireless on my PC,
> but nothing obvious there, either. On the "Advanced" settings for
> TCP/IP properties, on the DNS tab, there is a radio button that allows
> you to choose between "Append primary and connection specific DNS
> suffixes" and "Append these DNS suffixes (in order)." The former was
> checked (along with its check button for "Append parent suffixes of
> the primary DNS suffix"), but if I switch the radio button to the
> latter, it requires me to list at least one DNS suffix.

In the same dialog box as you found above, ensure that the box "DNS suffix
for this connection" is blank, and UNcheck (leave blank) the check box
"Register this connection's addresses in DNS".

> I tried disabling my wireless and using the dial-up, in which case
> ipconfig/all shows a blank in the "DNS Suffix Search List" and in the
> "Connection-specific DNS Suffix". But of course the update doesn't
> work there either...

OK, so it looks as if the network connection configuration is not the
problem.

> Here's the result from ipconfig/all with the dial-up:

.... which all looked normal.

I'm beginning to think I'm missing something completely obvious here. Can
you try these things:

1. In control panel "Internet Options", tab "Connections", button "LAN
Settings", please ensure that all three check boxes are UNchecked. If "Use
a proxy server for your LAN" had been checked, click "Advanced" and copy out
into a follow-up all the settings displayed there.

2. In control panel Internet Options, tab "Advanced", scroll down and ensure
that "Use HTTP 1.1" is checked. You may also experiment with "Use HTTP 1.1
through proxy connections" if you were using any proxy settings above.

3. Open a command prompt window, type the command

proxycfg

and copy-and-paste the output back into a follow-up. Then give the command:

proxycfg -d

4. If you were using any form of download accelerator, please disable it.

5. Can you post an extract from C:\WINDOWS\WindowsUpdate.log (extract
covering a complete attempt from beginning to end of an attempt to use the
Windows Update web site).

--
Robin Walker [MVP Networking]
[email protected]

Robin Walker [MVP] wrote:
> [email protected] wrote:
> > Robin Walker [MVP] wrote:
> >> Could you try deleting these "ChezNous" configurations from your
> >> network configuration.
....
> In the same dialog box as you found above, ensure that the box "DNS suffix
> for this connection" is blank, and UNcheck (leave blank) the check box
> "Register this connection's addresses in DNS".

OK, I've done that. Now in the result of ipconfig/all, "DNS Suffix
Search List" no longer appears, and the "Connection-specific DNS
Suffix" field is empty. No "ChezNous" anywhere.
....
> I'm beginning to think I'm missing something completely obvious here. Can
> you try these things:
>
> 1. In control panel "Internet Options", tab "Connections", button "LAN
> Settings", please ensure that all three check boxes are UNchecked. If "Use
> a proxy server for your LAN" had been checked, click "Advanced" and copy out
> into a follow-up all the settings displayed there.

The "Automatically detect settings" button had been checked, but none
of the others. I unchecked it.

> 2. In control panel Internet Options, tab "Advanced", scroll down and ensure
> that "Use HTTP 1.1" is checked. You may also experiment with "Use HTTP 1.1
> through proxy connections" if you were using any proxy settings above.

"Use HTTP 1.1" was checked, "Use HTTP 1.1 through proxy connections"
was unchecked, as I think is correct.

> 3. Open a command prompt window, type the command
>
> proxycfg
> and copy-and-paste the output back into a follow-up.
------------------Attached here-----------
>proxycfg
Microsoft (R) WinHTTP Default Proxy Configuration Tool
Copyright (c) Microsoft Corporation. All rights reserved.

Current WinHTTP proxy settings under:
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\
WinHttpSettings :

Direct access (no proxy server).
------------------End attachment---------

> Then give the command:
>
> proxycfg -d

Done; appears to give identical results to above.

> 4. If you were using any form of download accelerator, please disable it.

N/A

> 5. Can you post an extract from C:\WINDOWS\WindowsUpdate.log (extract
> covering a complete attempt from beginning to end of an attempt to use the
> Windows Update web site).

I'll do that in a separate posting, as I think it will be rather long
(and I'll reboot first, just in case...)

Thanks!

<[email protected]> wrote in message
news:[email protected]
....

> suggestions for other scanners to try


FiddlerTool with RPASpy (in case the problem is with https)

http://insidehttp.blogspot.com/2006/...ng-rpaspy.html


Good luck

Robert Aldwinckle
---


> In a msg in this NG dated Jul 2 2006 10:21 AM and entitled "Windows
> update doesn't; 8024402C and 80072ee7", I asked about why Windows
> Update wouldn't work on one of my PCs. I had tried everything I could
> find in this NG and at Microsoft, to no avail; the Windows update log
> shows a long series of 80072ee7 errors, followed by a 0x8024402C error.
>
> This is not a firewall error, as I have tried it with the firewall
> turned off. Nor is it a problem with my ISP, since I have tried it
> with two different ISPs (comcast and my olde dial-up ISP). And the
> other PCs on my home network update just fine.
>
> I've spent hours trying various things, to no avail. My only guess at
> this point is that I have some malware, although all my scans have come
> up clean (Avast, Spybot, Ad-Aware). If you have suggestions for other
> scanners to try, please do. In fact, if you have _any_ suggestions,
> _please_ do!
>
> This affects Windows Update, Windows Defender, and possibly CygWin
> update (at least that wasn't working last night).
>
> What alternatives do I have for updating these programs? Is it
> possible to download the update packages to one of my other PCs, and
> then copy it over to this one and run the update?
>
> /s/
> Desperate
> (aka Mike Maxwell)
>

Robin Walker [MVP] wrote:
> 5. Can you post an extract from C:\WINDOWS\WindowsUpdate.log (extract
> covering a complete attempt from beginning to end of an attempt to use the
> Windows Update web site).

OK, here it is:
2006-07-09 15:40:28 1916 a84 Misc =========== Logging initialized
(build: 5.8.0.2469, tz: -0400) ===========
2006-07-09 15:40:28 1916 a84 Misc = Process: C:\Program
Files\Internet Explorer\iexplore.exe
2006-07-09 15:40:28 1916 a84 Misc = Module:
C:\WINDOWS\system32\wuapi.dll
2006-07-09 15:40:28 1916 a84 COMAPI ----------- COMAPI:
IUpdateServiceManager::AddService -----------
2006-07-09 15:40:28 1916 a84 COMAPI - ServiceId =
{7971f918-a847-4430-9279-4a52d1efe18d}
2006-07-09 15:40:28 1916 a84 COMAPI - AuthorizationCabPath =
C:\WINDOWS\SoftwareDistribution\AuthCabs\muauth.cab
2006-07-09 15:40:28 3036 be0 Misc =========== Logging initialized
(build: 5.8.0.2469, tz: -0400) ===========
2006-07-09 15:40:28 3036 be0 Misc = Process:
C:\WINDOWS\system32\wuauclt.exe
2006-07-09 15:40:28 3036 be0 Misc = Module:
C:\WINDOWS\system32\wuaueng.dll
2006-07-09 15:40:28 3036 be0 DtaStor Update service properties: service
registered with AU is {7971F918-A847-4430-9279-4A52D1EFE18D}
2006-07-09 15:40:28 1916 a84 COMAPI - Added service, URL =
http://update.microsoft.com/microsoftupdate/
2006-07-09 15:40:28 1916 a84 COMAPI ----------- COMAPI:
IUpdateServiceManager::RegisterServiceWithAU -----------
2006-07-09 15:40:28 1916 a84 COMAPI - ServiceId =
{7971f918-a847-4430-9279-4a52d1efe18d}
2006-07-09 15:40:29 1916 a84 Misc =========== Logging initialized
(build: 5.8.0.2469, tz: -0400) ===========
2006-07-09 15:40:29 1916 a84 Misc = Process: C:\Program
Files\Internet Explorer\iexplore.exe
2006-07-09 15:40:29 1916 a84 Misc = Module:
C:\WINDOWS\system32\muweb.dll
2006-07-09 15:40:29 1916 a84 Setup *********** Setup: Checking whether
self-update is required ***********
2006-07-09 15:40:29 1916 a84 Setup * Inf file:
C:\WINDOWS\SoftwareDistribution\WebSetup\wusetup.inf
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wuweb.dll: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup * IsUpdateRequired = No
2006-07-09 15:40:29 1916 a84 Misc =========== Logging initialized
(build: 5.8.0.2469, tz: -0400) ===========
2006-07-09 15:40:29 1916 a84 Misc = Process: C:\Program
Files\Internet Explorer\iexplore.exe
2006-07-09 15:40:29 1916 a84 Misc = Module:
C:\WINDOWS\system32\wuweb.dll
2006-07-09 15:40:29 1916 a84 Setup *********** Setup: Checking whether
self-update is required ***********
2006-07-09 15:40:29 1916 a84 Setup * Inf file:
C:\WINDOWS\SoftwareDistribution\WebSetup\wusetup.inf
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\cdm.dll: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\iuengine.dll: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wuapi.dll: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wuauclt.exe: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wuauclt1.exe: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wuaucpl.cpl: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wuaueng.dll: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wuaueng1.dll: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wucltui.dll: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wups.dll: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup Update NOT required for
C:\WINDOWS\system32\wups2.dll: target version = 5.8.0.2469, required
version = 5.8.0.2469
2006-07-09 15:40:29 1916 a84 Setup * IsUpdateRequired = No
2006-07-09 15:41:17 1916 a84 COMAPI -------------
2006-07-09 15:41:17 1916 a84 COMAPI -- START -- COMAPI: Search
[ClientId = MicrosoftUpdate]
2006-07-09 15:41:17 1916 a84 COMAPI ---------
2006-07-09 15:41:17 1916 a84 COMAPI - Online = Yes; Ignore download
priority = No
2006-07-09 15:41:17 1916 a84 COMAPI - Criteria = "IsInstalled=0 and
IsHidden=1"
2006-07-09 15:41:17 1916 a84 COMAPI - ServiceID =
{7971F918-A847-4430-9279-4A52D1EFE18D}
2006-07-09 15:41:17 1916 a84 COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = MicrosoftUpdate]
2006-07-09 15:41:17 1148 55c Agent *************
2006-07-09 15:41:17 1148 55c Agent ** START ** Agent: Finding updates
[CallerId = MicrosoftUpdate]
2006-07-09 15:41:17 1148 55c Agent *********
2006-07-09 15:41:32 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:41:32 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:41:32 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://download.windowsupdate.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:41:32 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:41:32 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:41:32 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:41:47 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:41:47 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:41:47 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://download.windowsupdate.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:41:47 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:41:47 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:41:47 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:42:02 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:42:02 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:42:02 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://download.windowsupdate.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:42:02 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:42:02 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:42:02 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:42:17 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:42:17 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:42:17 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://download.windowsupdate.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:42:17 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:42:17 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:42:17 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:42:17 1148 55c Misc WARNING: DownloadFileInternal failed
for
http://download.windowsupdate.com/v6...r/muredir.cab:
error 0x80072ee7
2006-07-09 15:42:32 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:42:32 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:42:32 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://download.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:42:32 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:42:32 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:42:32 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:42:47 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:42:47 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:42:47 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://download.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:42:47 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:42:47 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:42:47 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:43:02 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:43:02 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:43:02 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://download.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:43:02 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:43:02 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:43:02 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:43:17 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:43:17 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:43:17 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://download.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:43:17 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:43:17 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:43:17 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:43:17 1148 55c Misc WARNING: DownloadFileInternal failed
for http://download.microsoft.com/v6/mic...r/muredir.cab:
error 0x80072ee7
2006-07-09 15:43:32 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:43:32 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:43:32 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://update.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:43:32 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:43:32 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:43:32 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:43:47 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:43:47 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:43:47 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://update.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:43:47 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:43:47 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:43:47 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:44:02 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:44:02 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:44:02 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://update.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:44:02 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:44:02 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:44:02 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:44:17 1148 55c Misc WARNING: Send failed with hr =
80072ee7.
2006-07-09 15:44:17 1148 55c Misc WARNING: SendRequest failed with hr =
80072ee7. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-07-09 15:44:17 1148 55c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://update.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072ee7
2006-07-09 15:44:17 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072ee7
2006-07-09 15:44:17 1148 55c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072ee7
2006-07-09 15:44:17 1148 55c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072ee7
2006-07-09 15:44:17 1148 55c Misc WARNING: DownloadFileInternal failed
for http://update.microsoft.com/v6/micro...r/muredir.cab:
error 0x80072ee7
2006-07-09 15:44:17 1148 55c Agent * WARNING: Failed to synchronize,
error = 0x8024402C
2006-07-09 15:44:17 1148 55c Agent * WARNING: Exit code = 0x8024402C
2006-07-09 15:44:17 1148 55c Agent *********
2006-07-09 15:44:17 1148 55c Agent ** END ** Agent: Finding updates
[CallerId = MicrosoftUpdate]
2006-07-09 15:44:17 1148 55c Agent *************
2006-07-09 15:44:17 1148 55c Agent WARNING: WU client failed Searching
for update with error 0x8024402c
2006-07-09 15:44:17 1916 af4 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = MicrosoftUpdate]
2006-07-09 15:44:18 1916 af4 COMAPI - Updates found = 0
2006-07-09 15:44:18 1916 af4 COMAPI - WARNING: Exit code =
0x00000000, Result code = 0x8024402C
2006-07-09 15:44:18 1916 af4 COMAPI ---------
2006-07-09 15:44:18 1916 af4 COMAPI -- END -- COMAPI: Search
[ClientId = MicrosoftUpdate]
2006-07-09 15:44:18 1916 af4 COMAPI -------------
2006-07-09 15:44:18 1916 a84 COMAPI WARNING: Operation failed due to
earlier error, hr=8024402C
2006-07-09 15:44:18 1916 a84 COMAPI FATAL: Unable to complete
asynchronous search. (hr=8024402C)

[email protected] wrote:
> Robin Walker [MVP] wrote:
>> 5. Can you post an extract from C:\WINDOWS\WindowsUpdate.log (extract
>> covering a complete attempt from beginning to end of an attempt to
>> use the Windows Update web site).
>
> OK, here it is:
>
> SendRequestUsingProxy failed for
> <http://download.windowsupdate.com/v6/microsoftupdate/redir/muredir.cab>.
> error 0x80072ee7

The evidence seems to be that your PC is unable to communicate with
download.windowsupdate.com

If you click on the URL above, does your browser download muredir.cab?

Can you try opening a command prompt window and typing the following
commands:

route print

tracert download.windowsupdate.com

and copy&paste the results back?

--
Robin Walker [MVP Networking]
[email protected]

Robin Walker [MVP] wrote:
> The evidence seems to be that your PC is unable to communicate with
> download.windowsupdate.com
>
> If you click on the URL above, does your browser download muredir.cab?

Yes, it appears to contain a small xml file. (In light of the results
below, which seem to indicate a slow cnxn, this download did seem to be
slow for such a small file.)

> Can you try opening a command prompt window and typing the following
> commands:
>
> route print
>
> tracert download.windowsupdate.com
>
> and copy&paste the results back?

Here it is:
-----------------------
C:\Documents and Settings\maxwell>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 d3 9e 36 8f ...... Realtek RTL8139/810x Family Fast
Ethernet NIC -
Packet Scheduler Miniport
0x3 ...00 40 f4 f3 ab be ...... IEEE 802.11g Wireless Cardbus/PCI
Adapter - Pac
et Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4
40
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
1
192.168.2.0 255.255.255.0 192.168.2.4 192.168.2.4
40
192.168.2.4 255.255.255.255 127.0.0.1 127.0.0.1
40
192.168.2.255 255.255.255.255 192.168.2.4 192.168.2.4
40
224.0.0.0 240.0.0.0 192.168.2.4 192.168.2.4
40
255.255.255.255 255.255.255.255 192.168.2.4 2
1
255.255.255.255 255.255.255.255 192.168.2.4 192.168.2.4
1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

C:\Documents and Settings\maxwell>tracert download.windowsupdate.com

Tracing route to download.windowsupdate.com.c.footprint.net
[64.152.2.62]
over a maximum of 30 hops:

1 1 ms 2 ms 1 ms 192.168.2.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 17 ms 18 ms 16 ms unknown.Level3.net [64.152.2.62]

Trace complete.
----------------------

Mike Maxwell

[email protected] wrote:

> C:\Documents and Settings\maxwell>tracert download.windowsupdate.com
>
> Tracing route to download.windowsupdate.com.c.footprint.net
> [64.152.2.62]
> over a maximum of 30 hops:
>
> 1 1 ms 2 ms 1 ms 192.168.2.1
> 2 * * * Request timed out.
> 3 * * * Request timed out.
> 4 * * * Request timed out.
> 5 * * * Request timed out.
> 6 * * * Request timed out.
> 7 * * * Request timed out.
> 8 * * * Request timed out.
> 9 * * * Request timed out.
> 10 * * * Request timed out.
> 11 * * * Request timed out.
> 12 * * * Request timed out.
> 13 * * * Request timed out.
> 14 * * * Request timed out.
> 15 * * * Request timed out.
> 16 17 ms 18 ms 16 ms unknown.Level3.net [64.152.2.62]
>
> Trace complete.

If you do the same tracert on the other PCs on your LAN, do you get the same
results?

--
Robin Walker [MVP Networking]
[email protected]

Robin Walker [MVP] wrote:
> If you do the same tracert on the other PCs on your LAN, do you get the same
> results?

No, this is what I got on one of the other PCs:
-------------------------------------------
>tracert download.windowsupdate.com

Tracing route to a258.g.akamai.net [207.138.82.23]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 192.168.2.1
2 * * * Request timed out.
3 9 ms 8 ms 9 ms
ge-1-22-ur01.hyattsville.md.bad.comcast.net [68.
87.136.113]
4 7 ms 9 ms 12 ms te-9-3-ur02.lanham.md.bad.comcast.net
[68.87.129
..46]
5 9 ms 19 ms 8 ms te-9-1-ur01.lanham.md.bad.comcast.net
[68.87.129
..61]
6 10 ms 9 ms 9 ms te-9-1-ur01.bowie.md.bad.comcast.net
[68.87.128.
177]
7 10 ms 9 ms 8 ms
te-8-2-ar01.capitolhghts.md.bad.comcast.net [68.
87.128.182]
8 10 ms 9 ms 9 ms
POS-2-3-cr01.ritchieroad.md.pvcomcast.net [68.87
..16.165]
9 12 ms 9 ms 8 ms 12.118.122.9
10 11 ms 12 ms 11 ms tbr1-p010401.wswdc.ip.att.net
[12.123.8.26]
11 16 ms 11 ms 11 ms 12.123.8.113
12 12 ms 11 ms 12 ms att-gw.washdc.gblx.net [192.205.32.42]
13 16 ms 18 ms 16 ms so2-2-0-10G.scr1.NYC1.gblx.net
[67.17.95.73]
14 17 ms 16 ms 16 ms te8-1-10G.ar4.NYC1.gblx.net
[67.17.105.238]
15 17 ms 16 ms 16 ms 207.138.82.23

Trace complete.
-------------------------

I just re-ran it on this PC and got the same results as before, i.e.
all requests timed out except the first and last ones. However, the
previous time the last line returned an "unknown.Level3.net" (whatever
that means), this time it was
15 17 ms 16 ms 16 ms 207.138.82.23
I have no idea of the significance of that difference, or why the first
and last ones don't time out...

Mike Maxwell

I decided to try the tracert on my dialup with the PC that won't
update. If anything, it was even worse than the cable service--every
one of 30 tries timed out.

I also tried 'tracert www.google.com', back with my cable ISP again.
This gives basically the same results as 'tracert
download.windowsupdate.com' did: the first line is
1 1 ms 1 ms 1 ms 192.168.2.1
and the last line is
21 34 ms 40 ms 37 ms 72.14.207.99
while all the rest look like
2 * * * Request timed out.

Given that I can easily get to google in my browser (I'm there now),
I'm not sure what this means. But I guess that's why you have 'MVP'
after your name!

Robin Walker [MVP] wrote:
> Can you try opening a command prompt window and typing the following
> commands:
>
> route print
>
> tracert download.windowsupdate.com
>
> and copy&paste the results back?

Turned out my bad 'route print' and 'tracert' results were caused by my
firewall. I turned the firewall (Comodo) off and turned my WinXP
firewall on (I didn't figure I should be out there without any firewall
at all), and this time (using cable ISP), I got significantly different
results:
------------------------
>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 d3 9e 36 8f ...... Realtek RTL8139/810x Family Fast
Ethernet NIC -
Packet Scheduler Miniport
0x3 ...00 40 f4 f3 ab be ...... IEEE 802.11g Wireless Cardbus/PCI
Adapter - Pack
et Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4
40
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
1
192.168.2.0 255.255.255.0 192.168.2.4 192.168.2.4
40
192.168.2.4 255.255.255.255 127.0.0.1 127.0.0.1
40
192.168.2.255 255.255.255.255 192.168.2.4 192.168.2.4
40
224.0.0.0 240.0.0.0 192.168.2.4 192.168.2.4
40
255.255.255.255 255.255.255.255 192.168.2.4 2
1
255.255.255.255 255.255.255.255 192.168.2.4 192.168.2.4
1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

>tracert download.windowsupdate.com

Tracing route to download.windowsupdate.com.c.footprint.net
[208.172.64.222]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.2.1
2 * * * Request timed out.
3 12 ms 8 ms 9 ms
ge-1-22-ur01.hyattsville.md.bad.comcast.net [68.
87.136.113]
4 8 ms 9 ms 10 ms te-9-3-ur02.lanham.md.bad.comcast.net
[68.87.129
..46]
5 9 ms 9 ms 9 ms te-9-1-ur01.lanham.md.bad.comcast.net
[68.87.129
..61]
6 9 ms 9 ms 12 ms te-9-1-ur01.bowie.md.bad.comcast.net
[68.87.128.
177]
7 11 ms 15 ms 15 ms
te-8-2-ar01.capitolhghts.md.bad.comcast.net [68.
87.128.182]
8 15 ms 11 ms 11 ms
POS-2-3-cr01.ritchieroad.md.pvcomcast.net [68.87
..16.165]
9 14 ms 10 ms 11 ms 12.118.122.5
10 12 ms 12 ms 11 ms tbr2-p011701.wswdc.ip.att.net
[12.123.8.30]
11 12 ms 12 ms 11 ms 12.123.8.109
12 10 ms 11 ms 32 ms dcr2-so-4-0-0.Washington.savvis.net
[206.24.238.
161]
13 74 ms 10 ms 12 ms bcs2-as0-0.Washington.savvis.net
[204.70.192.166
]
14 11 ms 12 ms 11 ms bcs1-so-7-0-0.Washington.savvis.net
[204.70.192.
33]
15 25 ms 26 ms 23 ms dcr1-so-3-0-0.Atlanta.savvis.net
[204.70.192.53]

16 24 ms 23 ms 23 ms acr1-so-4-0-0.Atlanta.savvis.net
[208.172.67.245
]
17 28 ms 24 ms 25 ms 208.172.64.222

Trace complete.
---------------------------

But Windows Update still gives me the same 8024402C and 80072ee7 errors
(I just checked again).

Mike Maxwell

[email protected] wrote:

> Turned out my bad 'route print' and 'tracert' results were caused by
> my firewall. I turned the firewall (Comodo) off and turned my WinXP
> firewall on (I didn't figure I should be out there without any
> firewall at all), and this time (using cable ISP), I got
> significantly different results:
> [snip]
> But Windows Update still gives me the same 8024402C and 80072ee7
> errors (I just checked again).

So let's summarise what we know so far:

1. You can download with IE a file (muredir.cab) from
download.windowsupdate.com, but, according to the log, Windows Update cannot
download the same file from the same URL;

2. All the other PCs on your home LAN can use Windows Update without
problems;

3. The affected PC exhibits the same symptoms via an alternate dial-up
connection;

4. You have already tried renaming SoftwareDistribution, and re-registering
various DLLs, using Dial-a-fix.

All of this seems to point to a problem with the interface between Windows
Update and WinHTTP. Assuming that winhttp.dll is present in system32, it
should have been re-registered when Dial-a-fix repaired Windows Update.

It is possible to re-install the Windows Update files as follows:

1. Download and "Save" (not "Run"):
http://download.windowsupdate.com/v6...gent20-x86.exe
to a convenient directory.

2. Open a command prompt window and navigate using the CD command to the
directory in which you saved the above download.

3. Type the command:

WindowsUpdateAgent20-x86.exe /wuforce

That should re-install all WindowsUpdate files correctly.

For repairing WinHTTP I don't know a better way than re-installing XP
Service Pack 2 (the available downloads for WinHTTP and BITS are all pre-SP2
versions). If your CD copy of XP already has SP2 incorporated, then do a
Repair Installation (see
http://www.microsoft.com/windowsxp/u...ps/doug92.mspx
for method - this will leave all your other installations intact). If SP2
was applied after XP was first installed, then just re-apply SP2 by
downloading the complete installer from
http://www.microsoft.com/downloads/d...DisplayLang=en
which will run without requiring internet access during the process.
Unfortunately, after either of the above procedures, you will need to
re-apply all post-SP2 updates. So let's hope Windows Update is working
again by then!

As you can probably sense, I am almost clutching at straws trying to figure
out a resolution to your symptoms. If any other advisor on this newsgroup
has any better insights, please dive in now.

--
Robin Walker [MVP Networking]
[email protected]

Robin Walker [MVP] wrote:
> As you can probably sense, I am almost clutching at straws trying to figure
> out a resolution to your symptoms. If any other advisor on this newsgroup
> has any better insights, please dive in now.

I'll give your suggestions a try when I get back home this evening.

There was one other reply to my original msg, from Robert Aldwinckle,
who suggested "FiddlerTool with RPASpy (in case the problem is with
https)". I have not tried that yet, in part because I wasn't clear
what this would do, and partly because I was scared off by the RPASpy
site's statement that "RPASpy is experimental code and should only be
installed on test machines."

Which would you suggest doing first--the re-install of the windows
update and/or XP Service Pack 2, or RPASpy?

Mike Maxwell

[email protected] wrote:

> Which would you suggest doing first--the re-install of the windows
> update and/or XP Service Pack 2, or RPASpy?

Fiddler and RPASpy will not themselves fix anything, but might reveal the
HTTP dialog between Windows Update and the servers, and thus might provide
more diagnostic information. My bet is that the Windows Update requests
never get as far as hitting the network, so might not appear in Fiddler at
all. On the other hand, if they do appear in Fiddler, we shall have a
little more diagnostic information.

You can try the Fiddler/RPASpy combo before the re-installations.

--
Robin Walker [MVP Networking]
[email protected]

Robin Walker [MVP] wrote:
> Fiddler and RPASpy will not themselves fix anything,

Oddly, it does seem to fix it. That is, without Fiddler running, I
still can't do the update. But with Fiddler running, Windows Update
works fine! (And so does Windows Defender's built-in update, which I
presume uses the same stuff--if that's the technical term--behind the
scenes.)

> ...but might reveal the
> HTTP dialog between Windows Update and the servers, and thus might provide
> more diagnostic information. My bet is that the Windows Update requests
> never get as far as hitting the network, so might not appear in Fiddler at
> all. On the other hand, if they do appear in Fiddler, we shall have a
> little more diagnostic information.
>
> You can try the Fiddler/RPASpy combo before the re-installations.

I did do the re-install of the Windows Update files before installing
Fiddler/ RPASpy; I did not re-install XP SP2 (being basically lazy).

The first time I tried to run Fiddler, it hung in the load phase (all I
had was the splash screen), and couldn't even be stopped with Task
Manager: each time I stopped it, it apparently re-started itself. But
it worked OK after a re-boot.

Any chance I have some kind of a Trojan (which doesn't show up even
with all the scans I've done), and Fiddler is somehow stealing back
control from the Trojan? Seems far-fetched, but so does the idea that
a debugger (I guess that's what Fiddler is) would fix the problem...

Mike Maxwell

<[email protected]> wrote in message news:[email protected]...
> Robin Walker [MVP] wrote:
>> Fiddler and RPASpy will not themselves fix anything,
>
> Oddly, it does seem to fix it. That is, without Fiddler running, I
> still can't do the update. But with Fiddler running, Windows Update
> works fine!


; )


....
> Any chance I have some kind of a Trojan (which doesn't show up even
> with all the scans I've done), and Fiddler is somehow stealing back
> control from the Trojan? Seems far-fetched, but so does the idea that
> a debugger (I guess that's what Fiddler is) would fix the problem...


Your symptoms are common in interfering proxy server scenarios.
FiddlerTool is a proxy server so if you only replaced
an old proxy with a new one (e.g. instead of chaining them)
you might thereby be bypassing the (still unknown) symptom cause.

Another set of tools which would not require a proxy to be used
are netcap (from the XP Support Tools) and Ethereal (freeware)
for formatting the resulting .cap file. Ethereal can also be used
to do the capture provided you also install its WinPCap service
but FWIW I don't think that that results in as transparent a trace.


Robert
---

[email protected] wrote:

> Any chance I have some kind of a Trojan (which doesn't show up even
> with all the scans I've done)

From sysinternals, try RootkitRevealer.

--
Robin Walker [MVP Networking]
[email protected]

Robert Aldwinckle wrote:
....
> Your symptoms are common in interfering proxy server scenarios.
> FiddlerTool is a proxy server so if you only replaced
> an old proxy with a new one (e.g. instead of chaining them)
> you might thereby be bypassing the (still unknown) symptom cause.

When I ran proxycfg earlier, this is what I got:

------------------Attached here-----------
>proxycfg

Microsoft (R) WinHTTP Default Proxy Configuration Tool
Copyright (c) Microsoft Corporation. All rights reserved.

Current WinHTTP proxy settings under:
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\
WinHttpSettings :

Direct access (no proxy server).
------------------End attachment---------

Is there a circumstance under which a proxy server would not show up in
the output of 'proxycfg'? (perhaps intentionally, i.e. malware?) Or
by "the (still unknown) symptom cause", did you mean something else?

Mike Maxwell

<[email protected]> wrote in message
news:[email protected]...
> Robert Aldwinckle wrote:
> ...
>> Your symptoms are common in interfering proxy server scenarios.
>> FiddlerTool is a proxy server so if you only replaced
>> an old proxy with a new one (e.g. instead of chaining them)
>> you might thereby be bypassing the (still unknown) symptom cause.
>
> When I ran proxycfg earlier, this is what I got:
>
> ------------------Attached here-----------
>>proxycfg
>
> Microsoft (R) WinHTTP Default Proxy Configuration Tool
> Copyright (c) Microsoft Corporation. All rights reserved.
>
> Current WinHTTP proxy settings under:
> HKEY_LOCAL_MACHINE\
> SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
> Settings\Connections\
> WinHttpSettings :
>
> Direct access (no proxy server).
> ------------------End attachment---------
>
> Is there a circumstance under which a proxy server would not show up in
> the output of 'proxycfg'? (perhaps intentionally, i.e. malware?) Or
> by "the (still unknown) symptom cause", did you mean something else?
>
> Mike Maxwell


proxycfg only shows the WinHTTP proxy settings
which as I understand it is in a different protocol layer.

Also at one point I think it was thought that its display
wasn't always reliable so repeating the command which
would cause that display could be a good idea.

I think that you could still have IE proxy settings in effect
which would be different. E.g. that would be the reason
for the -u switch syntax, to ensure they were the same.


You could look at that side of the picture with this diagnostic:

msinfo32 /category IEConnectivity

That's where FiddlerTool would work from.
Heh. It never even occurred to me if it would be necessary
to do proxycfg -u just because you inserted FiddlerTool
into IE's communications path.

I'm also not sure if the -u switch is a one-time thing
or whether it enables a continuous update of it in which case
the question about setting it when you activated the
FiddlerTool proxy would be moot.

So my guess would be if the proxycfg -d option was
really in effect it may just mean that certain transactions
would not be traced by FiddlerTool. But I don't know.
I have never seen any detailed documentation (e.g. specs)
on how this is supposed to work and I have never bothered
to do sufficient blackbox testing to do the reverse engineering
required as an alternative.


FWIW

Robert
---

I finally fixed it; this msg is just a follow-up for anyone reading
this thread, no reply required.

The "fix" when I used RPASpy to monitor things (as per my 10 July msg)
worked only some of the time.

The inability to do updates affected not only Windows Update, but also
Avast virus's auto update and Windows Defender. I suspect (but don't
know) that that's because all these programs use the same technique to
ensure that they reach the right website, rather than an imposter.

Towards the end, I was getting behavior that looked like malware--one
example is that Firefox launched itself multiple times, with an icon on
the pages in Firefox that said "Home Page" which I didn't click on, but
which I suspect was not my real home page. The only way to stop this
behavior was with the Task Manager (no matter how fast I clicked on the
'x' buttons in the upper right-hand corner of FF, new instances came up
faster). Nonetheless, scans with multipe virus scanners and spyware
detectors showed nothing, nor did a scan with RootkitRevealer. So I'm
at a loss to explain what was going on.

The only thing I didn't try was to re-install the Windows Update files.
I decided it would be easier (and more secure, in light of the other
problems I was starting to have) just to re-install Windows.

The fix that finally worked was to use the OEM's Windows re-install CD
to re-install Windows. Fortunately, this saves your data (to a
temporary partition, I presume) before re-formatting (the partition
with Windows). And everything is working fine again.

Thanks to all for your suggestions!

Mike Maxwell

Hi, just wanted to add, for anyone that experinece the same problem.

Had the same problem as above on a customers computer, but what finally solved it for me was running, smitfraudfix v2.330 found here Mainly its the winsockfix that solves it.

Hopefully it will help someone else.

By the way, some antivirus programs complain about a file in smitfraudfix called reboot, used this program in a lot of diffrent situations and had no problems, but if you feel unsure you can delete the reboot file, you can still run the program.