WindowsUpdate fails with code 0x800A138F (actual 0xC00CE55F and 0x80070057)

  • Thread starter Thread starter Fry-kun
  • Start date Start date
F

Fry-kun

whenever i try to check for new updates, i get the error
0x800A138F from the site itself, and the following in
windowsupdate.log:
Success IUENGINE Querying software update catalog
from https://v4.windowsupdate.microsoft.com/getmanifest.asp
Error IUENGINE loadXML: line 1, pos 1, End
element was missing the character '>'.
(Error 0xC00CE55F)
Success IUENGINE cata
Error IUENGINE Querying software update catalog
from
https://v4.windowsupdate.microsoft.com/getmanifest.asp
(Error 0x80070057: The parameter is incorrect.)

This is happening on 2 of my computers, one is desktop,
one is laptop... not sure how to proceed with debugging
the problem...
already tried most of the stuff from
http://www.updatexp.com/0x800A138F.html, nothing seems to
help :(
 
Fry-kun, I am getting this same message. Windows update has worked
fine for years and now suddenly i cant use it at all anymore. I am
using XP but I am getting the EXACT same text in my error logs as you
have displayed below.

I dont remember doing anything special to have caused this to "break".

Can anyone help?
 
Try connecting to https://v4.windowsupdate.microsoft.com (this should work
if your problem is with caching)

Try the steps at http://v4.windowsupdate.microsoft.com/troubleshoot/ under
"Error 0x800A138F displayed during Scan, 0x800C00008 shows in Windows
Update.log"

Try deleting temp internet files (cookies, etc.) under Tools/Internet
Options

Try deleting everything in Program Files\Windows Update\V4 except iuhist.xml

If none of these work, please post the error # given in your winnt\Windows
Update.log
 
Kari,

Thank you for the response you have left. I also had this same very issue.
I initially tried the various suggestions that was posted under the update
troubleshooter. None of these suggestions worked for me. As far as the MSN
Update suggestion is concerned (Suggestion 5), I was not able to locate the
MSN Update on the site. I even did a www.google.com search for it. From
what it looks like to me, it use to be on the site, but not anymore. The
first suggestion didn't apply to me or the company I work for as we have no
such software that would be installed separately from Windows/IE.
Suggestions 2 through 4 dealing with Language Setting, System Date/Time, and
the security setting in the Advanced tab of the Internet options, all 3 of
these settings were set accordingly.

After doing some looking around for the issue that may have been posted and
a possible resolution posted, I found this post.

I performed each of the 2 additional tasks that you mentioned, though not
sure if it was just one of the 2 tasks or both tasks together that did it,
but the issue at hand has been resolved for me. Please have these 2
suggestions added to the list of 5 suggestions in the troubleshooter item as
you pointed above.
 
What were the 2 additional suggestions that worked for you?
Also to verify the log error that you were experiencing was indeed:

0xc00cE55F and 0x80070057?



--
Thanks,
Lucy [MS]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Trying https://v4.windowsupdate.microsoft.com results in
the page with "Checking for the latest version of the
Windows Update software..." being stuck.
I have neither NetOp nor a Lynx device, so 2nd suggestion
doesn't apply.
Deleted all temp internet files (even the randomized
folders inside Content.IE5), cookies and history - no
luck. The error codes are exactly the same as before.
if you want to see the log again, here it is:
2003-12-08 11:58:15 19:58:15 Success IUENGINE
Starting
2003-12-08 11:58:15 19:58:15 Success IUENGINE
Determining machine configuration
2003-12-08 11:58:15 19:58:15 Success IUENGINE
Determining machine configuration
2003-12-08 11:58:18 19:58:18 Success IUENGINE
Querying software update catalog from
https://v4.windowsupdate.microsoft.com/getmanifest.asp
2003-12-08 11:58:18 19:58:18 Error IUENGINE
loadXML: line 1, pos 1, End element was missing the
character '>'.
(Error 0xC00CE55F)
2003-12-08 11:58:18 19:58:18 Success IUENGINE
cata
2003-12-08 11:58:18 19:58:18 Error IUENGINE
Querying software update catalog from
https://v4.windowsupdate.microsoft.com/getmanifest.asp
(Error 0x80070057: The parameter is incorrect.)
2003-12-08 11:58:29 19:58:29 Success IUENGINE
Shutting down



by the way, all of the above tricks are described at
http://www.updatexp.com/0x800A138F.html, and like i said
before, none of those helped me :(

anything else you can suggest? a tracer? a debugger? i'm
all for it if you tell me what to look for ;)

-----Original Message-----
Try connecting to https://v4.windowsupdate.microsoft.com (this should work
if your problem is with caching)

Try the steps at
http://v4.windowsupdate.microsoft.com/troubleshoot/ under
 
As Kari mentioned, the log error code in the log file is "0x800C00008", and
the error code that came up on the Update screen was "0x800A138F". I had 3
systems fail out of a total 18 systems that I ran the windows update.
Here's what I did:

System 1 Failure: (0x800C00008)

Suggestion 6: Deleted Cookies and Files in the Internet Options

Suggestion 7: Deleted all files (including the temp folder with all of it's
files and folders) EXCEPT "iuhist.xml" in "C:\Program
Files\WindowsUpdate\V4" folder

Ran Scan, it worked

System 2 Failure: (0x800C00008)

Did Suggestion 7

Ran Scan, didn't work

Did Suggestion 6

Ran Scan, it worked.

System 3 Failure: (0x800C00008)

Did Suggestion 6

Ran Scan, it worked.

--
Ronald R. Dodge, Jr.
Production Statistician
Master MOUS 2000

Lucy said:
What were the 2 additional suggestions that worked for you?
Also to verify the log error that you were experiencing was indeed:

0xc00cE55F and 0x80070057?



--
Thanks,
Lucy [MS]

This posting is provided "AS IS" with no warranties, and confers no rights.


Ronald Dodge said:
Kari,

Thank you for the response you have left. I also had this same very issue.
I initially tried the various suggestions that was posted under the update
troubleshooter. None of these suggestions worked for me. As far as the MSN
Update suggestion is concerned (Suggestion 5), I was not able to locate the
MSN Update on the site. I even did a www.google.com search for it. From
what it looks like to me, it use to be on the site, but not anymore. The
first suggestion didn't apply to me or the company I work for as we have no
such software that would be installed separately from Windows/IE.
Suggestions 2 through 4 dealing with Language Setting, System Date/Time, and
the security setting in the Advanced tab of the Internet options, all 3 of
these settings were set accordingly.

After doing some looking around for the issue that may have been posted and
a possible resolution posted, I found this post.

I performed each of the 2 additional tasks that you mentioned, though not
sure if it was just one of the 2 tasks or both tasks together that did it,
but the issue at hand has been resolved for me. Please have these 2
suggestions added to the list of 5 suggestions in the troubleshooter
item
as
you pointed above.
 
Hi,

I was almost worried when I read Ronald Dodge's previous post about
solving CE55F + 80075 problems... only to find out later it was
different error codes. So I still have hope, since I'm experiencing
also for 1,5 week this same problem. This topic is also available in
microsoft.public.windowsupdate group. At the moment solving this
problem seems to be nono. It's now in the hands of Microsoft to
provide necessary steps to fix this one.

_
Petri


Trying https://v4.windowsupdate.microsoft.com results in
the page with "Checking for the latest version of the
Windows Update software..." being stuck.
I have neither NetOp nor a Lynx device, so 2nd suggestion
doesn't apply.
Deleted all temp internet files (even the randomized
folders inside Content.IE5), cookies and history - no
luck. The error codes are exactly the same as before.
if you want to see the log again, here it is:
2003-12-08 11:58:15 19:58:15 Success IUENGINE
Starting
2003-12-08 11:58:15 19:58:15 Success IUENGINE
Determining machine configuration
2003-12-08 11:58:15 19:58:15 Success IUENGINE
Determining machine configuration
2003-12-08 11:58:18 19:58:18 Success IUENGINE
Querying software update catalog from
https://v4.windowsupdate.microsoft.com/getmanifest.asp
2003-12-08 11:58:18 19:58:18 Error IUENGINE
loadXML: line 1, pos 1, End element was missing the
character '>'.
(Error 0xC00CE55F)
2003-12-08 11:58:18 19:58:18 Success IUENGINE
cata
2003-12-08 11:58:18 19:58:18 Error IUENGINE
Querying software update catalog from
https://v4.windowsupdate.microsoft.com/getmanifest.asp
(Error 0x80070057: The parameter is incorrect.)
2003-12-08 11:58:29 19:58:29 Success IUENGINE
Shutting down



by the way, all of the above tricks are described at
http://www.updatexp.com/0x800A138F.html, and like i said
before, none of those helped me :(

anything else you can suggest? a tracer? a debugger? i'm
all for it if you tell me what to look for ;)

__
Petri Hildén
 
Sorry for any confusion that I may have caused, but as I mentioned, I went
by Kari's post as Kari mentioned how to solve the issue with the vary error
code I got. It was only as I was searching, I found Kari's post listed in
this thread, of which Kari's post may have been a bit misleading cause of
the different error code (in the "C:\WINNT\Windows Update.log" file) from
the error codes that's posted in the thread's subject line. I replied back
to Kari's message initially for thanking Kari for the post with the solution
initially, which then after Lucy responded to my post, I replied back with
what I have done and what steps were taken.

Yesterday was the first chance I had to update 18 systems on the production
floor in nearly 3 months since the operators were all working 5 - 10 hour
days and our busy season has for the most part come to an end (July -
November). Yes, there was a day in the middle of the season that I had a
chance to do the windows update and I took the opportunity as we have
quarterly inventory (which isn't really the most money efficient thing given
we have cycle counting in place, but the owners requires it).
 
Hi Fry-Kun, Partybob,


Regarding this error..... Is it possible to get a trace route from you guys?
What ISP are you using?
 
The info I've received is this: Go to Control Panel, Administrative Tools,
Local Security Policy, Local
Policies, Security Options and scroll down to System Cryptography: Use FIPs
compliant algorithms... and set to Disabled. This seems to fix the issue
for most people receiving this error.
 
As I explained in the microsoft.public.windowsupdate posting
"0x800A138F with 0xC00CE55F error - solved"
(this error might be related to the locally enforced Schannel (SSL/TLS)
encryption level.

The MsWinUpdate-servers cannot handle a strong 168-bit 3DES only
Cipher/algorithm anymore. As of early december 2003 they work with 128-bit
RC4 maximum.

On W2K there is no Security Policy item called
"System Cryptography: Use FIPs compliant algorithms".
That seems to be on XP only.

On W2K (and NT4) with strong "128-bit"/"US domestic crypto", the policy to
enforce strong 3DES encryption might have been set with a Registry hack.
That should be undone then, if you still want to use the WU service.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHAN
NEL\Ciphers\RC4 128/128]
"Enabled"=dword:ffffffff

See next MSKB article for background info. The contents are valid for NT 4,
NT 5.0 (W2K) and NT 5.1 (XP, and likely W2K3 too):

How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in
Schannel.dll:
http://support.microsoft.com/default.aspx?scid=kb;en;245030&FR=1&PA=1&SD=HSCH

I wonder how SChannel Ciphers get selectively enabled/disabled in W2K
without a Registry hack.
Maybe some server security management tool (IIS admin ? SQL2k FIPS-140 ?)
does that implicitly ?

Fred

"Kari [MSFT]" <[email protected]> schreef in bericht
| The info I've received is this: Go to Control Panel, Administrative Tools,
| Local Security Policy, Local
| Policies, Security Options and scroll down to System Cryptography: Use
FIPs
| compliant algorithms... and set to Disabled. This seems to fix the issue
| for most people receiving this error.
| --
| Kari
| This posting is provided "AS IS" with no warranties, and confers no
rights.
| | > Hi,
| >
| > I was almost worried when I read Ronald Dodge's previous post about
| > solving CE55F + 80075 problems... only to find out later it was
| > different error codes. So I still have hope, since I'm experiencing
| > also for 1,5 week this same problem. This topic is also available in
| > microsoft.public.windowsupdate group. At the moment solving this
| > problem seems to be nono. It's now in the hands of Microsoft to
| > provide necessary steps to fix this one.
| >
| > _
| > Petri
| >
| >
| > On Mon, 8 Dec 2003 12:03:53 -0800,
| >
| > >Trying https://v4.windowsupdate.microsoft.com results in
| > >the page with "Checking for the latest version of the
| > >Windows Update software..." being stuck.
| > >I have neither NetOp nor a Lynx device, so 2nd suggestion
| > >doesn't apply.
| > >Deleted all temp internet files (even the randomized
| > >folders inside Content.IE5), cookies and history - no
| > >luck. The error codes are exactly the same as before.
| > >if you want to see the log again, here it is:
| > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > >Starting
| > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > >Determining machine configuration
| > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > >Determining machine configuration
| > >2003-12-08 11:58:18 19:58:18 Success IUENGINE
| > >Querying software update catalog from
| > >https://v4.windowsupdate.microsoft.com/getmanifest.asp
| > >2003-12-08 11:58:18 19:58:18 Error IUENGINE
| > >loadXML: line 1, pos 1, End element was missing the
| > >character '>'.
| > > (Error 0xC00CE55F)
| > >2003-12-08 11:58:18 19:58:18 Success IUENGINE
| > >cata
| > >2003-12-08 11:58:18 19:58:18 Error IUENGINE
| > >Querying software update catalog from
| > >https://v4.windowsupdate.microsoft.com/getmanifest.asp
| > >(Error 0x80070057: The parameter is incorrect.)
| > >2003-12-08 11:58:29 19:58:29 Success IUENGINE
| > >Shutting down
| > >
| > >
| > >
| > >by the way, all of the above tricks are described at
| > >http://www.updatexp.com/0x800A138F.html, and like i said
| > >before, none of those helped me :(
| > >
| > >anything else you can suggest? a tracer? a debugger? i'm
| > >all for it if you tell me what to look for ;)
| >
| > __
| > Petri Hildén
|
|
 
I tried almost everything, including below suggestion. What's left.
Reïnstall?

Fred said:
As I explained in the microsoft.public.windowsupdate posting
"0x800A138F with 0xC00CE55F error - solved"
(this error might be related to the locally enforced Schannel (SSL/TLS)
encryption level.

The MsWinUpdate-servers cannot handle a strong 168-bit 3DES only
Cipher/algorithm anymore. As of early december 2003 they work with 128-bit
RC4 maximum.

On W2K there is no Security Policy item called
"System Cryptography: Use FIPs compliant algorithms".
That seems to be on XP only.

On W2K (and NT4) with strong "128-bit"/"US domestic crypto", the policy to
enforce strong 3DES encryption might have been set with a Registry hack.
That should be undone then, if you still want to use the WU service.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHAN
NEL\Ciphers\RC4 128/128]
"Enabled"=dword:ffffffff

See next MSKB article for background info. The contents are valid for NT 4,
NT 5.0 (W2K) and NT 5.1 (XP, and likely W2K3 too):

How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in
Schannel.dll:
http://support.microsoft.com/default.aspx?scid=kb;en;245030&FR=1&PA=1&SD=HSCH

I wonder how SChannel Ciphers get selectively enabled/disabled in W2K
without a Registry hack.
Maybe some server security management tool (IIS admin ? SQL2k FIPS-140 ?)
does that implicitly ?

Fred

"Kari [MSFT]" <[email protected]> schreef in bericht
| The info I've received is this: Go to Control Panel, Administrative Tools,
| Local Security Policy, Local
| Policies, Security Options and scroll down to System Cryptography: Use
FIPs
| compliant algorithms... and set to Disabled. This seems to fix the issue
| for most people receiving this error.
| --
| Kari
| This posting is provided "AS IS" with no warranties, and confers no
rights.
| | > Hi,
| >
| > I was almost worried when I read Ronald Dodge's previous post about
| > solving CE55F + 80075 problems... only to find out later it was
| > different error codes. So I still have hope, since I'm experiencing
| > also for 1,5 week this same problem. This topic is also available in
| > microsoft.public.windowsupdate group. At the moment solving this
| > problem seems to be nono. It's now in the hands of Microsoft to
| > provide necessary steps to fix this one.
| >
| > _
| > Petri
| >
| >
| > On Mon, 8 Dec 2003 12:03:53 -0800,
| >
| > >Trying https://v4.windowsupdate.microsoft.com results in
| > >the page with "Checking for the latest version of the
| > >Windows Update software..." being stuck.
| > >I have neither NetOp nor a Lynx device, so 2nd suggestion
| > >doesn't apply.
| > >Deleted all temp internet files (even the randomized
| > >folders inside Content.IE5), cookies and history - no
| > >luck. The error codes are exactly the same as before.
| > >if you want to see the log again, here it is:
| > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > >Starting
| > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > >Determining machine configuration
| > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > >Determining machine configuration
| > >2003-12-08 11:58:18 19:58:18 Success IUENGINE
| > >Querying software update catalog from
| > >https://v4.windowsupdate.microsoft.com/getmanifest.asp
| > >2003-12-08 11:58:18 19:58:18 Error IUENGINE
| > >loadXML: line 1, pos 1, End element was missing the
| > >character '>'.
| > > (Error 0xC00CE55F)
| > >2003-12-08 11:58:18 19:58:18 Success IUENGINE
| > >cata
| > >2003-12-08 11:58:18 19:58:18 Error IUENGINE
| > >Querying software update catalog from
| > >https://v4.windowsupdate.microsoft.com/getmanifest.asp
| > >(Error 0x80070057: The parameter is incorrect.)
| > >2003-12-08 11:58:29 19:58:29 Success IUENGINE
| > >Shutting down
| > >
| > >
| > >
| > >by the way, all of the above tricks are described at
| > >http://www.updatexp.com/0x800A138F.html, and like i said
| > >before, none of those helped me :(
| > >
| > >anything else you can suggest? a tracer? a debugger? i'm
| > >all for it if you tell me what to look for ;)
| >
| > __
| > Petri Hildén
|
|
 
Guus,

If you checked all things already that are mentioned at
http://v4.windowsupdate.microsoft.com/troubleshoot/
and
http://www.updatexp.com/0x800A138F.html
and
http://www3.telus.net/dandemar/0x800A138F.htm
then I have a question:

Do you get an xml-file back when you point your IE to:
https://v4.windowsupdate.microsoft.com/getmanifest.asp
?

Fred

"Guus Ellenkamp" <[email protected]> schreef in bericht
| I tried almost everything, including below suggestion. What's left.
| Reïnstall?
|
| "Fred" <[email protected]> schreef in bericht
| | > As I explained in the microsoft.public.windowsupdate posting
| > "0x800A138F with 0xC00CE55F error - solved"
| > (| > this error might be related to the locally enforced Schannel (SSL/TLS)
| > encryption level.
| >
| > The MsWinUpdate-servers cannot handle a strong 168-bit 3DES only
| > Cipher/algorithm anymore. As of early december 2003 they work with
| 128-bit
| > RC4 maximum.
| >
| > On W2K there is no Security Policy item called
| > "System Cryptography: Use FIPs compliant algorithms".
| > That seems to be on XP only.
| >
| > On W2K (and NT4) with strong "128-bit"/"US domestic crypto", the policy
| to
| > enforce strong 3DES encryption might have been set with a Registry hack.
| > That should be undone then, if you still want to use the WU service.
| >
| >
|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHAN
| > NEL\Ciphers\RC4 128/128]
| > "Enabled"=dword:ffffffff
| >
| > See next MSKB article for background info. The contents are valid for NT
| 4,
| > NT 5.0 (W2K) and NT 5.1 (XP, and likely W2K3 too):
| >
| > How to Restrict the Use of Certain Cryptographic Algorithms and
Protocols
| in
| > Schannel.dll:
| >
|
http://support.microsoft.com/default.aspx?scid=kb;en;245030&FR=1&PA=1&SD=HSCH
| >
| > I wonder how SChannel Ciphers get selectively enabled/disabled in W2K
| > without a Registry hack.
| > Maybe some server security management tool (IIS admin ? SQL2k FIPS-140
?)
| > does that implicitly ?
| >
| > Fred
| >
| > "Kari [MSFT]" <[email protected]> schreef in bericht
| > | > | The info I've received is this: Go to Control Panel, Administrative
| Tools,
| > | Local Security Policy, Local
| > | Policies, Security Options and scroll down to System Cryptography: Use
| > FIPs
| > | compliant algorithms... and set to Disabled. This seems to fix the
| issue
| > | for most people receiving this error.
| > | --
| > | Kari
| > | This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | | > | > Hi,
| > | >
| > | > I was almost worried when I read Ronald Dodge's previous post about
| > | > solving CE55F + 80075 problems... only to find out later it was
| > | > different error codes. So I still have hope, since I'm experiencing
| > | > also for 1,5 week this same problem. This topic is also available in
| > | > microsoft.public.windowsupdate group. At the moment solving this
| > | > problem seems to be nono. It's now in the hands of Microsoft to
| > | > provide necessary steps to fix this one.
| > | >
| > | > _
| > | > Petri
| > | >
| > | >
| > | > On Mon, 8 Dec 2003 12:03:53 -0800,
| > | >
| > | > >Trying https://v4.windowsupdate.microsoft.com results in
| > | > >the page with "Checking for the latest version of the
| > | > >Windows Update software..." being stuck.
| > | > >I have neither NetOp nor a Lynx device, so 2nd suggestion
| > | > >doesn't apply.
| > | > >Deleted all temp internet files (even the randomized
| > | > >folders inside Content.IE5), cookies and history - no
| > | > >luck. The error codes are exactly the same as before.
| > | > >if you want to see the log again, here it is:
| > | > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > | > >Starting
| > | > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > | > >Determining machine configuration
| > | > >2003-12-08 11:58:15 19:58:15 Success IUENGINE
| > | > >Determining machine configuration
| > | > >2003-12-08 11:58:18 19:58:18 Success IUENGINE
| > | > >Querying software update catalog from
| > | > >https://v4.windowsupdate.microsoft.com/getmanifest.asp
| > | > >2003-12-08 11:58:18 19:58:18 Error IUENGINE
| > | > >loadXML: line 1, pos 1, End element was missing the
| > | > >character '>'.
| > | > > (Error 0xC00CE55F)
| > | > >2003-12-08 11:58:18 19:58:18 Success IUENGINE
| > | > >cata
| > | > >2003-12-08 11:58:18 19:58:18 Error IUENGINE
| > | > >Querying software update catalog from
| > | > >https://v4.windowsupdate.microsoft.com/getmanifest.asp
| > | > >(Error 0x80070057: The parameter is incorrect.)
| > | > >2003-12-08 11:58:29 19:58:29 Success IUENGINE
| > | > >Shutting down
| > | > >
| > | > >
| > | > >
| > | > >by the way, all of the above tricks are described at
| > | > >http://www.updatexp.com/0x800A138F.html, and like i said
| > | > >before, none of those helped me :(
| > | > >
| > | > >anything else you can suggest? a tracer? a debugger? i'm
| > | > >all for it if you tell me what to look for ;)
| > | >
| > | > __
| > | > Petri Hildén
| > |
| > |
| >
| >
|
|
 
Kari said:
The info I've received is this: Go to Control Panel, Administrative Tools,
Local Security Policy, Local
Policies, Security Options and scroll down to System Cryptography: Use FIPs
compliant algorithms... and set to Disabled. This seems to fix the issue
for most people receiving this error.

Hi all,
just wanted to inform you that I've had exactly the same problem
(Error Code 0xC00CE55F in "Windows Update.log") and that the above tip
solved it!!! I'm using Windows XP Professional SP1.

Thanks a lot, I wasn't able to use WU for about 4 weeks...
Could it possibly be the "Advanced Networking Pack" including IPv6 and
other stuff that could have caused the security option change?

Regards,
Christoph
 
Back
Top