Can't load any Windows or Microsoft sites or run Windows Update

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I've just finished reinstalling XP Pro (SP2 slipstream) on a freshly
formatted hard disk.
Everything went OK, all drivers have been installed and Windows has been
activated.
Apart from that I haven't made any changes to the configuration or setup.

I can access the net and sites like BBC, Google, etc. load fine.
The problem is though I can't access any Windows or Microsoft sites.
I'm trying to run Windows Update but it just times out with a "page cannot
be displayed".
The same thing happens with microsoft.com and windows.com and the IP address
of Microsoft (http://207.46.20.30/).
I've even tried manually typing the latest Windows Update url
(http://update.microsoft.com/windows...t.aspx?ln=en-us) but it still doesn't
work.
Surely it should work 'out of the box' without having to make any
configuration changes, etc?

I have restored an old Ghost image (which is the build I'm using now) and
it's fine so obviously there's nothing wrong with the hardware.
The XP slipstream disc I used is the same one I used about 12 months ago and
I haven't changed any hardware since originally building the system.
I didn't have this problem last time so I can't work out what the problem is.

So basically I have this build of XP (the one I'm on now) which works fine
but if I load the Ghost image of my new build (built from the same CD on
exactly the same system) I can't get on to Microsoft or Windows sites.

Is it something to do with expired certificates?

I've tried all of the 'solutions' I've found on Google and the Microsoft
support site but nothing has worked.
Anyone know what the problem is?
 
Looks in some way like my situation (see 30/9/2005 time 19.16), but the
error message I get is different, and I can access microsort but not their
update service.

Will be interested to see replis to this question.

Regards
Eric
 
Eric said:
Looks in some way like my situation (see 30/9/2005 time 19.16), but the
error message I get is different, and I can access microsort but not their
update service.

Will be interested to see replis to this question.

Regards
Eric
Click to expand...

Me too.

I've tried everything I've found searching the web for "page cannot be
displayed" and lots of other things but anything to do with Microsoft
(update, MSN, microsoft.com) just will not load.
 
Don't know what systems are involved but a lot of these problems are caused
by spyware / adware and that should be a likely place to start if you
haven't already done so.

First get these utility programs


--
SpyBot Search and Destroy
http://www.safer-networking.org/en/download/
Microsoft Antispyware
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
Important - LSP-Fix
http://www.cexx.org/lspfix.htm

Be aware that using either of these to actually remove spyware can result in
some programs refusing to work, in other words "Free" programs that you
downloaded on condition you accepted ads and so called "Research" may get
broken and you might want to uninstall them first. Some spyware actually
breaks Windows trying to force it's way in and you should arm yourself with
LSP-Fix before starting in case you lose internet connectivity.


Then check for a file called "HOSTS" with no extension... open it with
notepad and see if there are any references in it to sites you cannot reach.
Some programs will alter this file for good reason, to block popups etc, but
spyware may alter it to stop you finding fixes...

By default there's only one entry for localhost to IP 127.0.0.1



Charlie
 
Thanks Charlie.

Already checked the hosts file - it's fine.
As for Spyware/Adware, this is a brand new fresh clean install of Windows so
it's not that.
I literally installed Windows SP2, installed the drivers, connected the ADSL
modem and then clicked on Update all within the space of an hour.
The build is less than a few minutes old but it just won't connect to
Microsoft.

Paul
 
I thought that too but recently was proved wrong. I installed W2003 Server
on a machine and the advice from MS is not to connect to the internet until
SP is added. Well I wanted to do something on the local network so ignored
the advice - it was only a test machine anyway. Guess what, somehow
something managed to infect the thing. All I am saying is don't dismiss the
possibility, it happens. If you can't get to the update site then obviously
there are a few patches missing.

I assume the ghost image is attached to the same network so we can rule out
networking problems as far as the sites are concerned, I mean if one machine
(OS) can get there it should not be anything wrong with other parts of the
network.

Charlie
 
Thanks Charlie.

Already checked the hosts file - it's fine.
As for Spyware/Adware, this is a brand new fresh clean install of Windows so
it's not that.
I literally installed Windows SP2, installed the drivers, connected the ADSL
modem and then clicked on Update all within the space of an hour.
The build is less than a few minutes old but it just won't connect to
Microsoft.
Click to expand...

Unless you installed the OS and did the AV/Firewall while it was
COMPLETELY DISCONNECTED FROM ANY NETWORK then your machine is
compromised again.

I've seen people leaving their network cable connected be compromised
before they can even load their AV software on the system, never opening
IE, since the default is to enable File/Printer sharing in Windows.

If you don't have at least a NAT router between your network and the
Internet you're fooling yourself.

In the case of the infection that disables the ability to even see the
page for Windows Update, it also impacts most buttons on websites where
you click them and they do something.

I worked with many different clean/restore IE methods for about a week
(part time) and then called MS - after two hours they suggested that I
do a repair/reinstall - since I had already spent so much time I opted
for a full wipe/fresh install so that I could be 101% sure that there
was no trace of the malicious code.
 
Charlie Tame said:
I thought that too but recently was proved wrong. I installed W2003 Server
on a machine and the advice from MS is not to connect to the internet until
SP is added. Well I wanted to do something on the local network so ignored
the advice - it was only a test machine anyway. Guess what, somehow
something managed to infect the thing. All I am saying is don't dismiss the
possibility, it happens. If you can't get to the update site then obviously
there are a few patches missing.
Click to expand...

I'm using a slipstreamed SP2 CD which already contains all the updates up to
and including SP2.
I only connect the adsl modem after Windows has installed and just prior to
clicking on Windows Update.

I thought it might be a problem with my SP2 CD so I just tried installing
from my original XP Pro disk.
Same thing happens.
Install Windows, connect the modem, click on Windows Update and zip.
I assume the ghost image is attached to the same network so we can rule out
networking problems as far as the sites are concerned, I mean if one machine
(OS) can get there it should not be anything wrong with other parts of the
network.
Charlie
Click to expand...

The Ghost images are on one of my storage disks.
I have a Ghost image of this working build and a Ghost image of my new
install.
I am using exactly the same machine for each build - I just load whichever
one I want to the C drive.

Weirdest problem I've ever seen.
 
Leythos said:
Unless you installed the OS and did the AV/Firewall while it was
COMPLETELY DISCONNECTED FROM ANY NETWORK then your machine is
compromised again.

I've seen people leaving their network cable connected be compromised
before they can even load their AV software on the system, never opening
IE, since the default is to enable File/Printer sharing in Windows.

If you don't have at least a NAT router between your network and the
Internet you're fooling yourself.

In the case of the infection that disables the ability to even see the
page for Windows Update, it also impacts most buttons on websites where
you click them and they do something.

I worked with many different clean/restore IE methods for about a week
(part time) and then called MS - after two hours they suggested that I
do a repair/reinstall - since I had already spent so much time I opted
for a full wipe/fresh install so that I could be 101% sure that there
was no trace of the malicious code.
Click to expand...

I have a 4 port router with a hardware firewall.
I don't have a 'network' as such - just this 1 machine.

This is how I installed Windows (3 times now using SP2 slipstream and a
standard CD)
1. I physically disconnect the lan cable
2. Format the disk
3. Install Windows XP Pro
4. Start Windows
5. Connect lan cable
6.Click on Windows Update

At the point I connect the lan cable I already have 2 firewalls in place -
my hardware firewall and the windows firewall.

This is the same way I have alyways installed Windows on this machine and
it has worked *every* time.

I fail to see what else I can do to make it any safer.
 
Brogan said:
I'm using a slipstreamed SP2 CD which already contains all the updates up
to
and including SP2.
I only connect the adsl modem after Windows has installed and just prior
to
clicking on Windows Update.

I thought it might be a problem with my SP2 CD so I just tried installing
from my original XP Pro disk.
Same thing happens.
Install Windows, connect the modem, click on Windows Update and zip.


The Ghost images are on one of my storage disks.
I have a Ghost image of this working build and a Ghost image of my new
install.
I am using exactly the same machine for each build - I just load whichever
one I want to the C drive.

Weirdest problem I've ever seen.
Click to expand...

Perhaps XP has developed an identity crisis and wishes it was Linux or
something :)

Well, one thing that might be different is your TCP/IP properties, do both
installs get automatic settings from DHCP or is one using some older or
fixed settings. It is not impossible that DHCP is giving you a different DNS
server than it used to have and the new one is "Poisoned". I know you said
you tried the actual numeric IP but what the heck, if it ain't on your
network or PC it could be outside.

How about trying firefox to see if it's something within IE? Seems to me if
it does it with FF too then you are at least going down towards the
networking side of things, firewall(s) router or something that's got upset.

Charlie
 
Charlie Tame said:
Well, one thing that might be different is your TCP/IP properties, do both
installs get automatic settings from DHCP or is one using some older or
fixed settings. It is not impossible that DHCP is giving you a different DNS
server than it used to have and the new one is "Poisoned". I know you said
you tried the actual numeric IP but what the heck, if it ain't on your
network or PC it could be outside.
Click to expand...

All settings are automatic.
I double checked all of the network settings, IP addresses, etc. and
everything was identical to this build I'm using now.
I even tried an IP flush and renew and hard reset the modem.
How about trying firefox to see if it's something within IE? Seems to me if
it does it with FF too then you are at least going down towards the
networking side of things, firewall(s) router or something that's got upset.

Charlie
Click to expand...

I tried with Firefox but had the same problem.
That makes me think it's something embedded in the core of the OS.
Perhaps it's to do with the changes Microsoft made earlier this year to the
update process? but that doesn't necessarily explain why I can't load
www.microsoft.com either.

I've found an 0870 number for Microsoft support for security issues and as
Windows Update is related to security, hopefully they'll be able to help...
 
I have a 4 port router with a hardware firewall.
I don't have a 'network' as such - just this 1 machine.
Click to expand...

First, most NAT devices are just routers, not firewalls - NAT does not
make the device a firewall.

Second, you have a network, a real network, even with 1 PC.
This is how I installed Windows (3 times now using SP2 slipstream and a
standard CD)
Click to expand...

Have you tried it without the Slip-streamed CD or one that is confirmed
to work properly?
1. I physically disconnect the lan cable
Good

2. Format the disk
Click to expand...

Did you delete the partitions? Did you reboot after deleting them, did
you use the BOOT FROM CD METHOD or some other method?
3. Install Windows XP Pro
4. Start Windows
Click to expand...

Did you check to see if the Windows XP Firewall was running? Did you
disable File/Printer sharing?
5. Connect lan cable
Click to expand...

Do you have any ports forwarded inbound in your router?
6.Click on Windows Update

At the point I connect the lan cable I already have 2 firewalls in place -
my hardware firewall and the windows firewall.
Click to expand...

You have a NAT and Windows XP firewall based on your description, not
two firewalls. The NAT router would be all that you need in most normal
instances, and unless you are forwarding inbound ports needed to
compromise your PC, it's safe, even without the Windows Firewall.
This is the same way I have alyways installed Windows on this machine and
it has worked *every* time.
Click to expand...

Were you using the Slip-Streamed CD each of those times? This specific
slip-streamed CD? If not, then you made a bad CD.
I fail to see what else I can do to make it any safer.
Click to expand...

You didn't provide all of those details before, when you posted, so it
was assumed that you didn't have at least the NAT solution. The NAT, as
long as you only did Windows Update, would be enough to secure your
machine.
 
Leythos said:
First, most NAT devices are just routers, not firewalls - NAT does not
make the device a firewall.
Click to expand...
Agreed.
Mine however does contain a hardware firewall.
Second, you have a network, a real network, even with 1 PC.
Click to expand...
Agreed.
I was emphasising that I only have 1 PC and the Ghost images are all stored
on this machine, albeit on a different drive to the one the OS is installed
on.
Have you tried it without the Slip-streamed CD or one that is confirmed
to work properly?
Click to expand...
Yes.
As I explained in an earlier post I have tried it with my slipstream CD and
also my original XP Pro disk. Same problem for each build.
Besides, the slipstream CD is confirmed to work properly - it's the same CD
I used to create this working build.
Did you delete the partitions? Did you reboot after deleting them, did
you use the BOOT FROM CD METHOD or some other method?
Click to expand...
Yes. I used Recovery Console to delete all partitions (using DISCPART),
create 2 new partitions and format them.
Then I rebooted from CD and proceeded to install Windows
Did you check to see if the Windows XP Firewall was running? Did you
disable File/Printer sharing?
Click to expand...
The Windows Firewall is enabled by default on all network connections - I
double checked to make sure it was.
No I did not disable File and Printer Sharing.
That will have no relevance on the issue of not being able to connect to
Windows Update and in the years I have been building PCs, this option has
alwas been enabled on my systems and I have *never* been infected with a
virus or been hacked/hijacked.
Do you have any ports forwarded inbound in your router?
Click to expand...
No. The router/modem is completely default. I have hard reset it to rule out
any issues there.
You have a NAT and Windows XP firewall based on your description, not
two firewalls. The NAT router would be all that you need in most normal
instances, and unless you are forwarding inbound ports needed to
compromise your PC, it's safe, even without the Windows Firewall.
Click to expand...
As explained above, my router has a hardware firewall.
Were you using the Slip-Streamed CD each of those times? This specific
slip-streamed CD? If not, then you made a bad CD.
Click to expand...
Exactly the same slipstream CD
You didn't provide all of those details before, when you posted, so it
was assumed that you didn't have at least the NAT solution. The NAT, as
long as you only did Windows Update, would be enough to secure your
machine.
Click to expand...
Apologies but I didn't consider them relevant to the issue.
I know that my system is secure and there is no possibility of infection the
way I install Windows.
I am convinced the problem is OS based, bearing in mind I am using exactly
the same hardware and ISP for both builds.

As an aside, I have just spent 2 hours on the phone with MS tech support and
they tried everything I've already tried and a few other things but they were
unable to resolve it.
They are completely dumbfounded as to why I can't load www.microsoft.com or
www.windowsupdate.com but I can however load www.office.microsoft.com.
They are going to call me back tomorrow after investigating some more stuff.
 
Well I've made some progress...

I decided to swap out my 4 port router for a different adsl modem (the free
Voyager one from BT) and Windows Update worked fine.

So, the problem is something to do with my router and Windows.

This is all very strange considering I have done a hard reset on my 4 port
router and there are absolutely no settings in it that are specific to my ISP
or PC build.
So I can only assume it's something to do with the way it interacts with the
Windows Firewall/Windows Update.
But, that doesn't explain how the router is able to work with the existing
build and did the first time I created it, without making any changes to the
router or Windows...
Perhaps it's something to do with the changes made to the Windows Update
process since I last installed Windows?

All very strange.

So the good news is there's nothing wrong with the new build.
The bad news is I still don't know why the new build won't work with my
router.
 
I asked the MS tech (when he called me back today) if it could have anything
to do with MTU settings and he said most likely because the Windows Update
site uses a different MTU setting to other sites.
Shame he didn't mention that yesterday when we spent 2 hours trying to
resolve the problem...

So I'm going to have a play with the MTU settings and see if I can get the
router to work.
I seem to remember a setting of 1458 is required so I'll try with that first.
 
Brogan said:
All settings are automatic.
I double checked all of the network settings, IP addresses, etc. and
everything was identical to this build I'm using now.
I even tried an IP flush and renew and hard reset the modem.


I tried with Firefox but had the same problem.
That makes me think it's something embedded in the core of the OS.
Perhaps it's to do with the changes Microsoft made earlier this year to the
update process? but that doesn't necessarily explain why I can't load
www.microsoft.com either.
Click to expand...


Are you by any chance trying to install the Google toolbar at the same time?
It has been associated with that symptom. Try removing it.

Otherwise, you obviously need to trace or simulate the HTTP requests
to refine your symptom description in order to figure out what is really
happening. E.g. you could simulate IE's request using telnet 80
or trace it using netcap or Ethereal.

I've found an 0870 number for Microsoft support for security issues and as
Windows Update is related to security, hopefully they'll be able to help...
Click to expand...


My experience is that they might not want to diagnose the problem
but keep suggesting larger hammers until you are forced to rebuild.
I had a case where the only problem symptom was an inability of their
Windows Update Catalog service to recognize that the logged on
user had administrator authority. I characterize that by saying
I had a stuck door. Their ultimate solution for my "stuck door"
was to reinstall windows, analogously rebuild my house.
Some of their larger "hammers" resulted in sufficient damage
that it was necessary to rebuild.


Good luck

Robert Aldwinckle
---
 
Brogan said:
I asked the MS tech (when he called me back today) if it could have
anything
to do with MTU settings and he said most likely because the Windows Update
site uses a different MTU setting to other sites.
Shame he didn't mention that yesterday when we spent 2 hours trying to
resolve the problem...

So I'm going to have a play with the MTU settings and see if I can get the
router to work.
I seem to remember a setting of 1458 is required so I'll try with that
first.
Click to expand...

I am still having trouble with this :)


I mean I am glad you found something but there are a couple of things I am
at a loss with...

If it's MTU why would the router choose to block a specific PC from specific
sites, I mean you'd assume that unless you changed the MTU since the
original install they it would be at it's default value, or at least the SP2
value if that is different.

I was actually going to ask last night (but forgot) if you had tried
changing the router port connections around just to see if there was some
configuration error when the two machines first negotiated a connection but
I suppose unless you actually force a reset to factory the router might
remember the MAC address and simply "Remember". I mean maybe the router
"Remembers" the last used MTU for MAC no xxxx but that had been altered
during first negotiations and so did not match the default after new
install. What I guess this would mean is a hard reset on the router then
install XP and literally start from switch on for both... if it worked then
perhaps I could understand it :)

I dunno if there's a way to force a renegotiation.

Charlie
 
Charlie Tame said:
I am still having trouble with this :)
Click to expand...
Me too... :)
I mean I am glad you found something but there are a couple of things I am
at a loss with...

If it's MTU why would the router choose to block a specific PC from specific
sites, I mean you'd assume that unless you changed the MTU since the
original install they it would be at it's default value, or at least the SP2
value if that is different.
Click to expand...
I did change the MTU setting on my exisitng build but not just after
installing Windows.
It was much later and because I was having problems with other sites, not
Windows Update.
That's why I never really considered it - especially considering Windows
Update has *always* worked with the default MTU settings for both the router
and NIC.
What seems to have happened is since I created my existing build 12 months
ago, Microsoft has changed the MTU rate on their sites which now necessitates
me changing the MTU on my NIC as soon as I have installed Windows.
I was actually going to ask last night (but forgot) if you had tried
changing the router port connections around just to see if there was some
configuration error when the two machines first negotiated a connection but
I suppose unless you actually force a reset to factory the router might
remember the MAC address and simply "Remember". I mean maybe the router
"Remembers" the last used MTU for MAC no xxxx but that had been altered
during first negotiations and so did not match the default after new
install. What I guess this would mean is a hard reset on the router then
install XP and literally start from switch on for both... if it worked then
perhaps I could understand it :)

I dunno if there's a way to force a renegotiation.

Charlie
Click to expand...
I had already done a hard reset on the router before connecting it to the
new build but it still didn't work.
For some reason, my 4 port router doesn't work too well now with the
'default' MTU settings on Windows and the Windows Update site. It has never
had this problem before so it must be due to changes at Microsoft's end.
My other single port modem however has no problem.
I'll check out the specs of both and see if I can adjust the 4 port router
to match the other modem.

Paul
 
Robert Aldwinckle said:
Are you by any chance trying to install the Google toolbar at the same time?
It has been associated with that symptom. Try removing it.
Click to expand...
No - standard install of XP Pro SP2.
Otherwise, you obviously need to trace or simulate the HTTP requests
to refine your symptom description in order to figure out what is really
happening. E.g. you could simulate IE's request using telnet 80
or trace it using netcap or Ethereal.
Click to expand...
See my other posts - it seems to be a problem with the changed MTU rate on
Microsoft's sites.
My NIC/router doesn't like the new settings.
My experience is that they might not want to diagnose the problem
but keep suggesting larger hammers until you are forced to rebuild.
I had a case where the only problem symptom was an inability of their
Windows Update Catalog service to recognize that the logged on
user had administrator authority. I characterize that by saying
I had a stuck door. Their ultimate solution for my "stuck door"
was to reinstall windows, analogously rebuild my house.
Some of their larger "hammers" resulted in sufficient damage
that it was necessary to rebuild.

Good luck

Robert Aldwinckle
Click to expand...
Unfortunately for them this was a brand new install so they couldn't resort
to that approach.
And I use Ghost to take images of my build so no matter how much damage is
done, it takes 30 seconds to fix by Ghosting the image back on to the disk.
All credit to the tech - he did try to resolve the issue for 2 hours and
called me back the next day to resume trouble shooting, by which time I had
fixed it myself.

Paul
 
Back
Top