As I explained in the microsoft.public.windowsupdate posting
"0x800A138F with 0xC00CE55F error - solved"
(this error might be related to the locally enforced Schannel (SSL/TLS)
encryption level.
The MsWinUpdate-servers cannot handle a strong 168-bit 3DES only
Cipher/algorithm anymore. As of early december 2003 they work with 128-bit
RC4 maximum.
On W2K there is no Security Policy item called
"System Cryptography: Use FIPs compliant algorithms".
That seems to be on XP only.
On W2K (and NT4) with strong "128-bit"/"US domestic crypto", the policy to
enforce strong 3DES encryption might have been set with a Registry hack.
That should be undone then, if you still want to use the WU service.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHAN
NEL\Ciphers\RC4 128/128]
"Enabled"=dword:ffffffff
See next MSKB article for background info. The contents are valid for NT 4,
NT 5.0 (W2K) and NT 5.1 (XP, and likely W2K3 too):
How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in
http://support.microsoft.com/default.aspx?scid=kb;en;245030&FR=1&PA=1&SD=HSCH
I wonder how SChannel Ciphers get selectively enabled/disabled in W2K
without a Registry hack.
Maybe some server security management tool (IIS admin ? SQL2k FIPS-140 ?)
does that implicitly ?
Fred
"Kari [MSFT]" <
[email protected]> schreef in bericht
| The info I've received is this: Go to Control Panel, Administrative Tools,
| Local Security Policy, Local
| Policies, Security Options and scroll down to System Cryptography: Use
FIPs
| compliant algorithms... and set to Disabled. This seems to fix the issue
| for most people receiving this error.
| --
| Kari
| This posting is provided "AS IS" with no warranties, and confers no
rights.
| | > Hi,
| >
| > I was almost worried when I read Ronald Dodge's previous post about
| > solving CE55F + 80075 problems... only to find out later it was
| > different error codes. So I still have hope, since I'm experiencing
| > also for 1,5 week this same problem. This topic is also available in
| > microsoft.public.windowsupdate group. At the moment solving this
| > problem seems to be nono. It's now in the hands of Microsoft to
| > provide necessary steps to fix this one.
| >
| > _
| > Petri
| >
| >
| > On Mon, 8 Dec 2003 12:03:53 -0800,
| >
| > >Trying
https://v4.windowsupdate.microsoft.com results in
| > >the page with "Checking for the latest version of the
| > >Windows Update software..." being stuck.
| > >I have neither NetOp nor a Lynx device, so 2nd suggestion
| > >doesn't apply.
| > >Deleted all temp internet files (even the randomized
| > >folders inside Content.IE5), cookies and history - no
| > >luck. The error codes are exactly the same as before.
| > >if you want to see the log again, here it is:
| > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > >Starting
| > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > >Determining machine configuration
| > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > >Determining machine configuration
| > >2003-12-08 11:58:18 19:58:18 Success IUENGINE
| > >Querying software update catalog from
| > >
https://v4.windowsupdate.microsoft.com/getmanifest.asp
| > >2003-12-08 11:58:18 19:58:18 Error IUENGINE
| > >loadXML: line 1, pos 1, End element was missing the
| > >character '>'.
| > > (Error 0xC00CE55F)
| > >2003-12-08 11:58:18 19:58:18 Success IUENGINE
| > >cata
| > >2003-12-08 11:58:18 19:58:18 Error IUENGINE
| > >Querying software update catalog from
| > >
https://v4.windowsupdate.microsoft.com/getmanifest.asp
| > >(Error 0x80070057: The parameter is incorrect.)
| > >2003-12-08 11:58:29 19:58:29 Success IUENGINE
| > >Shutting down
| > >
| > >
| > >
| > >by the way, all of the above tricks are described at
| > >
http://www.updatexp.com/0x800A138F.html, and like i said
| > >before, none of those helped me
| > >
| > >anything else you can suggest? a tracer? a debugger? i'm
| > >all for it if you tell me what to look for
| >
| > __
| > Petri Hildén
|
|