[SOLVED] Windows 10 detecting available updates, but failing to download them

Thanks for the info. Please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Attachments

System activated automatically upon reboot!
One Windows Update update is now in "waiting for install" state.
But I'm still seeing many instances of these lines in the WindowsUpdate.log that I just pulled via powershell command get-windowsupdatelog:

2016/08/03 10:05:37.7382169 932 5216 DownloadManager BITS job {E3D08F20-D0CF-49CB-90C8-955E465FE9A6} hit a transient error, updateId = {9C1A3EAA-9371-4749-92D1-9F3D03B4FFA9}.203, error = 0x80072EFD
2016/08/03 10:05:37.7384844 932 5216 DownloadManager File: http://fg.v4.download.windowsupdate..._a110d0c44697860f50758118fe114e7bcf662697.exe
2016/08/03 10:05:37.7391695 932 5216 DownloadManager Error 0x80072efd occurred while downloading update; notifying dependent calls.

I am curious about the single "access denied" result in the fixlog -- what is that all about?
The file c:\resetlog.txt referenced in the command that had this result (netsh int ip reset) no longer exists -- was it deleted upon reboot?
I am also curious as to which fixlist command actually resolved the problem with activation.

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Jeremy (2016-08-03 09:52:05) Run:5
Running from C:\Users\Jeremy\Desktop
Loaded Profiles: Jeremy (Available Profiles: Jeremy & Phil & DefaultAppPool)
Boot Mode: Normal
==============================================


fixlist content:
*****************
CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
*****************


Restore point was successfully created.


========= netsh advfirewall reset =========


Ok.




========= End ofCMD: =========




========= netsh advfirewall set allprofiles state ON =========


Ok.




========= End ofCMD: =========




========= ipconfig /flushdns =========




Windows IP Configuration


Successfully flushed the DNS Resolver Cache.


========= End ofCMD: =========




========= netsh winsock reset catalog =========




Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.




========= End ofCMD: =========




========= netsh int ip reset c:\resetlog.txt =========


Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.


Restart the computer to complete this action.




========= End ofCMD: =========




========= ipconfig /release =========




Windows IP Configuration




Ethernet adapter Local Area Connection 2:


Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::1887:330f:ab37:4f41%5
Default Gateway . . . . . . . . . :


Tunnel adapter Teredo Tunneling Pseudo-Interface:


Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:148e:f27:6d8c:627a
Link-local IPv6 Address . . . . . : fe80::148e:f27:6d8c:627a%2
Default Gateway . . . . . . . . . : ::


========= End ofCMD: =========




========= ipconfig /renew =========




Windows IP Configuration




Ethernet adapter Local Area Connection 2:


Connection-specific DNS Suffix . : cable.rcn.com
Link-local IPv6 Address . . . . . : fe80::1887:330f:ab37:4f41%5
IPv4 Address. . . . . . . . . . . : 192.168.1.113
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1


Tunnel adapter Teredo Tunneling Pseudo-Interface:


Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:30c0:39ac:6d8c:627a
Link-local IPv6 Address . . . . . : fe80::30c0:39ac:6d8c:627a%2
Default Gateway . . . . . . . . . : ::


Tunnel adapter isatap.cable.rcn.com:


Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cable.rcn.com


========= End ofCMD: =========




=========== EmptyTemp: ==========


BITS transfer queue => 235457 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34850535 B
Java, Flash, Steam htmlcache => 83270 B
Windows/system/drivers => 3521062 B
Edge => 5264772 B
Chrome => 451657544 B
Firefox => 387804959 B
Opera => 0 B


Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 31846 B
NetworkService => 21119188 B
Jeremy => 58752465 B
Phil => 9184 B
DefaultAppPool => 0 B


RecycleBin => 931830594 B
EmptyTemp: => 1.8 GB temporary data Removed.


================================




The system needed a reboot.


==== End of Fixlog 09:53:29 ====
 
System activated automatically upon reboot!
Click to expand...
Excellent.

One Windows Update update is now in "waiting for install" state.
Click to expand...
Are you able to install it?

But I'm still seeing many instances of these lines in the WindowsUpdate.log that I just pulled via powershell command get-windowsupdatelog:

2016/08/03 10:05:37.7382169 932 5216 DownloadManager BITS job {E3D08F20-D0CF-49CB-90C8-955E465FE9A6} hit a transient error, updateId = {9C1A3EAA-9371-4749-92D1-9F3D03B4FFA9}.203, error = 0x80072EFD
2016/08/03 10:05:37.7384844 932 5216 DownloadManager File: http://fg.v4.download.windowsupdate....7bcf662697.exe
2016/08/03 10:05:37.7391695 932 5216 DownloadManager Error 0x80072efd occurred while downloading update; notifying dependent calls.
Click to expand...

We'll keep working on it if need be.

I am curious about the single "access denied" result in the fixlog -- what is that all about?
The file c:\resetlog.txt referenced in the command that had this result (netsh int ip reset) no longer exists -- was it deleted upon reboot?
Click to expand...
It's fairly common. The Netsh command is attempting to delete the following key and is unable to. I don't think this is an issue.
Code: 
HKLM\System\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\26

The resetlog.txt doesn't exist because the functionality to create a log was removed after Windows XP. I only keep it in my scripts so that I don't have to change them between operating systems.

I am also curious as to which fixlist command actually resolved the problem with activation.
Click to expand...
I would put my money on one of the following two but I can't know for sure.
Code: 
CMD: netsh winsock reset catalog
 CMD: netsh int ip reset c:\resetlog.txt
OK the next thing I would like you to do is to update to the Windows 10 Anniversary Update (Version 1607, OS Build 14393) that recently came out. You can follow the instructions below to do so.

1. Download the Media Creation Tool and save this to your desktop. Go ahead and run this as well. Note: Click the Download tool now button when you get to this link.
2. Accept the License Agreement
3. Keep the default Upgrade this PC option and click Next.
4. Let this process complete the upgrade to the newest build and let me know when complete.
 
When I start up the Media Creation Tool, I get the following:

We're not sure what happened, but we're unable to run this tool on your PC. If you continue experiencing problems, reference the error code when contacting customer support. Error code: 0x80072EFD - 0x20000

This is the same thing that happened when I originally tried to run the Media Creation Tool on this machine.
Should I run the Media Creation Tool on another machine, make media there, and then use the media I make there to upgrade this machine?

I suspect that the Media Creation Tool uses BITS (or perhaps a shared communication layer under BITS) to download the content for the media it creates.
So we're dealing with the same problem here that I'm seeing with downloading updates.

FWIW, the one update showing as "Waiting for install" in the Windows 10 Settings Windows Update applet is still showing "Waiting for install"; the others are all showing "Waiting for Download", just as they have been at every step we've performed so far.
 

Attachments

  • MediaCreationTool0x80072EFD-20000.png
    MediaCreationTool0x80072EFD-20000.png
    5.6 KB · Views: 3
I created media on another machine. On the media I created, the Sources directory and the install.esd, ws.dat, and boot.wim files are all dated 8/4/2016 8:30 or 8:29 am, so I *think* this is version 1607 -- and I ran the install on the machine with the BITS connectivity problem.

I'm still seeing the same behavior from Windows Update -- updates are detected, but BITS downloads fail with 0x80072EFD.
And curiously the File > Help > About dialog in File Explorer says version 1511.
 
OK, please do the following.

Step#1 - Run Windows Repairs
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
1. Download Windows Repair (All-in-One) Portable to your desktop.
2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...
Extract.JPG

3. Keep the defaults and click the Extract button.
4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.
Capture.JPG



6. Double-click on Repair_Windows.exe to open. Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
7. When the program opens, click the Reboot to Safe Mode button at the bottom of the screen. Answer Yes to allow.
8. Once rebooted into Safe Mode, open the program again. When the program opens, click the Repairs tab and click the Open Repairs button.
9. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
10. Please click the Unselect All button and then click to enable only the following ones:
01 - Reset Registry Permissions
02 - Reset File Permissions
03 - Reset Service Permissions
04 - Register System Files
05 - Repair WMI
06 - Repair Windows Firewall
10 - Remove Policies Set By Infection
14 - Remove Temp Files
15 - Repair Proxy Settings
17 - Repair Windows Updates
21 - Repair MSI (Windows Installer)


11. Ensure the Restart check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.
StartRepairsWithReboot.JPG

12. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.
 
OK, completed all steps. Repair tool did not prompt me to restart -- it restarted automatically when finished.
Upon reboot, no internet connection.
Checking for updates gave me a new message, that it couldn't reach the update servers right now.
And Google Chrome was reporting no internet connection when I tried to reach Sysnative.com.
I went to Control Panel > Internet Options > LAN settings and unchecked Automatically Detect.
Then the internet connection worked, at least enough to reach Sysnative.com in a browser.
Checking for updates found the same updates it's always found.
Still seeing 0x80072EFD errors on BITS download jobs in the Windows Update log.

Interesting note: when the Automatically Detect box was checked in Internet Options LAN Settings, Google Chrome's no-connection message said something about checking proxy settings.
 
Here's what I see in Google Chrome, when I have the Automatically Detect box checked in Internet Options LAN Settings:

[h=1]There is no Internet connection[/h][FONT=&quot]There is something wrong with the proxy server, or the address is incorrect.[/FONT]
[FONT=&quot][/FONT][FONT=&quot]Try:

  • Checking the proxy address
  • Contacting the system admin
[/FONT]
[FONT=&quot]ERR_PROXY_CONNECTION_FAILED

[/FONT]
 
I found something interesting that may be part of the problem...

ipconfig /all showed me something unusual for DNS suffix search list.
Unlike on our other computers, where that value was set to a subdomain owned by our ISP (cable.rcn.com), on *this* machine it was set to browsersecurity.info ...
and a brief Google search turned up browsersecurity.info as a malicious DNS provider.

I reset it to cable.rcn.com.

I also saw, in the Registry, at HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad, a subkey for the apparent malicious DNS provider. It had a WpadDetectedUrl value of "http://wpad.browsersecurity.info/wpad.dat".

I renamed the WpadDetectedUrl value to xWpadDetectedUrl .

After doing that, I tried checking the Automatically Detect box in Internet Options LAN Settings, and now I have a working Internet connection even when it is checked.

However, I still get 0x80072EFD - 0x20000 from the Media Creation Tool.

So I suspect that I've found and fixed *some* of the damage, enough to make WinInet work (hence, browser able to reach Sysnative.com), but maybe there's more corrupted state still to be found and fixed to get WinHTTP to work. That seems to be the stumbling block with BITS, the Win 10 upgrade tool, and the Win 10 media creation tool.
 
Interesting. Thanks for the info. Please do the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Attachments

Ran fix in post #31.
Updates started flowing.
A few of them errored out.
Most of those were retried and succeeded eventually.
The ones that didn't were an Intel chipset driver update and a MS Silverlight update.
I can now run the Media Creation Tool on this machine.

Interesting notes:
  1. Seeing a bunch of notifications that default app association is being reset to the canonical Windows default app, for various file types. Not sure whether this is an artifact of the upgrades-from-media that I did, or additional remnants of past malware infections.
  2. Before I did the RemoveProxy: in the latest FRST fixlist, if I had Automatically Detect checked in Control Panel > Internet Options > Connections > LAN Settings, FRST64 would check for updates and report that updates failed. When I removed the checkbox, FRST64 started OK. After running the latest FRST fixlist with RemoveProxy:, this no longer happened, and the updates started downloading.
  3. During the somewhat massive set of update download jobs, I attempted to run get-windowsupdatelog in Powershell. It thought for a very long time and then errored out (timed out?) with a message that it couldn't read log sources. (The gang in Redmond needs to brush up on its mastery of concurrent programming against persistent resources I guess :-). Or not farm out mundane projects like ETL of log data to programming noobs. Or something.) Rerunning get-windowsupdatelog after BITS was done catching up was successful.

Code: 
2016/08/05 09:41:20.5001139 1012  4260  DownloadManager BITS job {925C2D78-B28E-4587-BE7E-2E9B82CEAB99} completed successfully

Music to my ears.
 
Thanks for all your help!
One final question: is it OK at this point to reinstall HitmanPro Alert?
I did not experience the problem with it that was described in the article you posted a link to.
I had it in place in order to provide interception of malware attempting to encrypt data files.
This machine is my son's, and he's managed to stumble into malware before (obviously :-)).
I'd like to reduce the probability that he'll stumble into ransomware.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top