Post

Windows Update Wierdness

I’ve been having some difficulties with Windows Update not working properly on machines in completely different locations and service providers. After a lot of research I found no real results from these search for the specific problem I was encountering. However, some of these pointed me to some files that eventually allowed me to narrow down the issue. Here’s the problem:

After connecting to Windows Update and selecting a list of updates to install, the screen comes up to show the download/install progress. The progress bar moves very slowly for a bit, then hits it’s maximum value. Then you have a listing in the browser that shows you nothing was installed.

You can find the Windows Update.log file located in the Windows/WinNT directory. Inside there you will see that the following error message occurs while attempting to download each update:

Library download error. Will retry. (Error 0x80072EFD)

That’s not real helpful, but looking at the full URL for the file that it’s attempting to download, copy that into the browser. I would get a Cannot find server or DNS error. Hmmm… weird. So I open a console and ping download.windowsupdate.com. It worked. Woah!!!!! WTF? The IP resolves to 127.0.0.1?

OK, so started looking in the hosts and lmhosts.sam file… nope… nothing there. Definitely coming from my providers DNS server that way.

So, I wondered if this was happening elsewhere… attempted to find out more information using SamSpade.org for download.windowsupdate.com

It resolves just fine, telling me several IP addresses that download.windowsupdate.com resolves to.

So as a work around to get these machines up and running, I modified the hosts file so that the IP will resolve to one of the listed locations. This file can be found in: C:\Windows\System32\Drivers\Etc\Host (with no extension) for Windows XP and C:\WinNT\System32\Drivers\Etc\Host (with no extension). It’s pretty straight forward how to modify this file and a restart is not necessary.

Hope this helps anyone else experiencing this specific issue.

UPDATE: It turns out that many service providers are modifying their DNS servers to point *.windowsupdate.com to 127.0.0.1 in response to the sobig.F virus/worm. Now that’s smart ;-) Hey, get the patch to stop the worm; but wait, you can’t since we’ve made it so you can’t download the update from windowsupdate.microsoft.com.

This post is licensed under CC BY 4.0 by the author.