0x80072efd WU V5 trying to load 192.168.1.1

Discussion in 'Windows Update' started by Jim Garrison, Oct 6, 2004.

  1. Jim Garrison

    Jim Garrison Guest

    I am having the same problem with WU V5 and getting error code
    0x80072EFD. I fired up Ethereal to see what it was having trouble
    with, and found that WU is trying to open a connection to 192.168.1.1
    which, of course, fails.

    I am not using a proxy of any sort, my ethernet adapter IP address is
    in the 10.0.0.0/8 range, and there are no entries in etc/hosts other
    than the default 127.0.0.1. Did MS accidentally leave a hardcoded
    IP address in the V5 software?

    Jim Garrison
     
    Jim Garrison, Oct 6, 2004
    #1
    1. Advertisements

  2. MowGreen [MVP], Oct 6, 2004
    #2
    1. Advertisements

  3. Jim Garrison

    Jim Garrison Guest

    Did that, get same error, except now Ethereal doesn't see
    ANY outgoing traffic when I click on Custom Install link
    (until WindowsUpdate fetches the errorinformation.aspx
    link to display the error page)

    The idea that Windows has a DNS cache that survives reboots
    is REALLY scary, and breaks the RFCs for DNS.
     
    Jim Garrison, Oct 6, 2004
    #3
  4. Then there may be some clues about that in the WindowsUpdate.log
    which you can find by comparing the entries made for each occasion.

    dnscache seems to be really pretty transitory except for entries
    which originate from HOSTS. What is in HOSTS?
    Note that HOSTS may not be where you think it is due to malware.
    E.g. use the following command to see what is in use:

    netsh diag show adapter /v | find /i "DataBasePath"

    (Works on XP. Otherwise just search registry for that value name.)


    Are you using

    ipconfig /displaydns

    to see what the dnscache actually contains or just speculating about
    how that address is being found?


    Although you say you aren't using a proxy are you sure you aren't
    configured for one? E.g. check with proxycfg
    and msinfo32 /category IEConnectivity
    commands.


    Have you checked for malware and its residual effects?

    If this is XP Pro I would appreciate it if you would load ipseccmd
    from its Support Tools so you can try

    ipseccmd show filters

    In any case I would also be interested in whether this command
    shows anything when you have the problem:

    netsh interface ip show type=LSP


    For an interactive FAQ for XP networking issues try
    http://www.michna.com/kb/wxnet.htm

    E.g. check the box "Internet Explorer cannot display some web sites..."
    and look at the open entries in the Results section.


    HTH

    Robert Aldwinckle
    ---
     
    Robert Aldwinckle, Oct 10, 2004
    #4
  5. Jim Garrison

    Jim Garrison Guest

    Thanks for the response. Here are the results of trying
    your suggestions. I also have a case open with MS Support on this,
    and will post any resolution.

    DatabasePath = %SystemRoot%\System32\drivers\etc

    That file contains:
    127.0.0.1 localhost
    Speculating. Turns out my speculation may be incorrect.
    Running windowsupdate after a reboot and monitoring network traffic
    with Ethereal reveals the following exchange:

    myhost -> A/D Server: DNS query for wpad.athens.int
    Response: host not found
    myhost -> 192.168.1.1: SYN
    myhost -> 192.168.1.1: SYN
    myhost -> 192.168.1.1: SYN
    myhost -> 192.168.1.1: SYN
    myhost -> fetch error page from microsoft.com

    athens.int is our internal A/D domain name. We have no host named 'wpad'
    and never have had. We also have NEVER had SUS or WUS anywhere in our
    domain. I have no idea why it's looking for "wpad" within our domain,
    or why it falls back to 192.168.1.1 when it can't resolve it.
    msinfo32 not found
    Generic MM Filters
    ------------------------------
    No filters

    Specific MM Filters
    ------------------------------
    No filters

    Generic Transport Filters
    ------------------------------
    No filters

    Specific Transport Filters
    ------------------------------
    No filters

    Generic Tunnel Filters
    ------------------------------
    No filters

    Specific Tunnel Filters
    ------------------------------
    No filters

    The command completed successfully.
    netsh interface ip show type=LSP
    The following command was not found: interface ip show type=LSP.

    netsh interface ip show
    The following commands are available:
    Commands in this context:
    show address - Displays IP address configuration.
    show config - Displays IP address and additional information.
    show dns - Displays the DNS server addresses.
    show icmp - Displays ICMP statistics.
    show interface - Displays IP interface statistics.
    show ipaddress - Displays current IP addresses.
    show ipnet - Displays IP net-to-media mappings.
    show ipstats - Displays IP statistics.
    show joins - Displays multicast groups joined.
    show offload - Displays the offload information.
    show tcpconn - Displays TCP connections.
    show tcpstats - Displays TCP statistics.
    show udpconn - Displays UDP connections.
    show udpstats - Displays UDP statistics.
    show wins - Displays the WINS server addresses.
    I have no problems with any sites other than WU.
     
    Jim Garrison, Oct 11, 2004
    #5

  6. Take a look here:
    http://groups.google.com/groups?hl=...soft.public.windowsupdate&as_qdr=&btnG=Search

    In a command prompt, you will need to do like this:

    start msinfo32 /category IEConnectivity

    (From Start\Run, you do not need start in front of this command).


    What about the output from proxycfg.exe (run it in a command
    prompt without using start in front)?
     
    Torgeir Bakken \(MVP\), Oct 11, 2004
    #6
  7. Jim Garrison

    Jim Garrison Guest

    Now we appear to be getting somewhere:

    proxycfg

    Current WinHTTP proxy settings under

    HKEY_LOCAL_MACHINE\
    SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
    WinHttpSettings :

    Flags = PROXY_TYPE_DIRECT | PROXY_TYPE_PROXY
    Proxy Server = 192.168.1.1
    Bypass List = -not set-

    What the (*^%*&% is this, how did it get set, and why is it apparently only
    affecting WU?
     
    Jim Garrison, Oct 11, 2004
    #7
  8. Jim Garrison

    Jim Garrison Guest

    I reset the proxy configuration with "proxycfg -u" and this is what
    it now says:

    Current WinHTTP proxy settings under

    HKEY_LOCAL_MACHINE\
    SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
    WinHttpSettings :

    Flags = PROXY_TYPE_DIRECT
    Proxy Server = -not set-
    Bypass List = -not set-

    However, attempting WU now gets a different error 0x80072ee2 and
    it's still issuing a DNS query for wpad.athens.int, a non-existent
    host. AFAICT it's no longer attempting to contact 192.168.1.1.
     
    Jim Garrison, Oct 11, 2004
    #8
  9. You can find lots of threads about that code.
    I think that there is even a troubleshooter article about it now.

    http://groups.google.com/groups?q=8...owsupdate&num=20&hl=en&lr=&c2coff=1&scoring=d

    (Google Groups search for
    80072ee2 OR 0x80072ee2 MVP OR MSFT group:microsoft.*.windowsupdate
    - sorted by date to capture current thinking
    )

    I suspect if you stopped your monitoring you wouldn't notice a problem.
    That wpad thing is probably what IE does when you have checked
    Automatically detect settings
    (Internet Options, Connections tab, Settings...)


    HTH

    Robert
    ---
     
    Robert Aldwinckle, Oct 11, 2004
    #9
  10. Jim Garrison

    Jim Garrison Guest

    Those are all disabled
     
    Jim Garrison, Oct 12, 2004
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.