did you configure any settings for windows update in group policy? If so set everything back to not configured
One of the major achievements of Microsoft is backwards compatibility. However sometimes we come across things that manage to not work on newer OS.... in this case 32-bit Windows Server 2008 SP2 was the latest OS that could run it. I would only need this for less than a year but I'd really really want to have the OS updated during that time...... So x86 2k8SP2 (not R2) was installed, fully updated until ESU started including all listed requirements for ESU bypass. I hoped to get it updated beyond that with the 2008/Vista bypass. .NET bypass was not enabled. Hoorays echoed around the house and fists were pumped when WSUS listed 17 new updates needed by the ancient machine. Thanks to the team for such a great script! After ESU bypass, on the 2k8SP2 side several updates were installed: KB4537767 (2020-02 IE 9), KB4537810 (2020-02 monthly), KB4537822 (2020-02 monthly), KB5016129 (2022-07 servicing stack). Plus four .NET updates failed... Everything looked good. Except after the reboot, searching for new updates fails with 0x8007000E. In windowsupdate.log: WARNING: File open failed. Error 2 WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab are not trusted: Error 0x80070002 Whoops. Running the setup script again, there is only option 4 to uninstall esu patcher, option 5 to uninstall esu suppressor is missing completely..... It seems this error starts after installing the 2022-07 servicing stack update KB5016129. Strangely I could not find anyone having this same error or maybe nobody just had shared this error from the log file publicly? Anyone have ideas what to do without reinstalling everything - it is a *major* process to get everything installed for this. It looks like something after KB5016129 invokes WU selfupdate and that fails? As a test installed 2k8 SP2 on a VM because it takes hours and hours of work to get everything re-installed on the real machine and I need to involve other people for that as well. This time .NET updates were not even attempted but I installed manually the four .NET updates that had failed on the real machine. The WSUS error 0x8007000E didn't go away. Tried to remove + reinstall all 3 functions of Bypass ESU and 0x8007000E still. Probably the wsus3setup.cab error is totally unrelated to the .NET update and now I am stumped.
One possible cause of this might be that the relevant certificate is either missing or expired. The puzzle is to figure out which one, and where to find it and get it properly installed. Usually the 6.x variants of windows will automatically fetch some of the needed certs but if this system did not have internet at the time it was needed, the fetch would not happen.
The service does not run in safe mode. So follow instructions, reboot to normal mode, and that should restart the service.
The service does not run in normal mode. The safe mode was used to to install Win7_WU_ESU_Patcher. So when i try to run windows update I received an error (Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer.). In addition I discovered that in windows services (services.msc) there is not the windows update service!!!
BypassESU-v12 is working since I installed kb5022509 but Win7_WU_ESU_Patcher is not working. I tried sfc /scannow which found that Windows Resource Protection did not find any integrity violations. I did exactly what is described in ReadMe.txt for windows 7 x64!!!
I've been out of the loop but I thought Server 2008 R2 support ended on January of 2023. When was it extended to 2024 or was this always the case? I have this applied on an old Home Server 2011 Box (built on 08 R2) and logged in today to see it was still receiving updates just last week.
Usually, this error is corrected in the registry - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost (see details on the Internet) , for example, add the value to the netsvcs key: the name of your service (for example, wuauserv) and restart the computer. ... but: "there is not the windows update service!!!"... where did it go? until 2023-01 was, and then disappeared? ... miracles.
Exclude the relevant files in your Bitdefender https://forums.mydigitallife.net/th...dates-eligibility.80606/page-363#post-1782089
Interesting idea. I checked the "Computer" certificate store and the "Windows update" "Service" certificate store. All Microsoft certificates are up-to-date/same. Only differences are in Verisign certificates - doesn't sound like MS would use those for WUAU. The file "wsus3setup.cab" is signed; root CA is Microsoft, certificate expired 2021 but is in the certificate stores. Signing CA "Microsoft Update Signing CA 1.1" certificate expired 2021 and couldn't be found on certificate stores on either a working Server 2008 R2 or this problem Server 2008 SP2. Countersignature signing CA is "Microsoft Time-Stamp PCA" ("Microsoft Time-Stamp PCA 2010" for SHA-2, expires 2025) which also expired 2021 and couldn't be found on either working or not working Windows certificate stores. Lastly, the file signature itself expired 2013. I suspect that validity times are simply ignored. Viewing the certificates involved displays "This certificate is OK." for all. So I guess the certificates are OK. The dependency updates were installed before running installer, like SHA-2 support which I assume could cause issues with signatures. Inspecting "wsus3setup.cab" on a working 2008 R2, the signatures are different. Root CA is MS 2011 and not 2010; issuing CA is MS Signing CA 2.2 and not 1.1. I actually installed manually all the updates, including .NET, successfully. But I would really prefer this to work with WSUS server A common theme in this very long thread seems to be of user error. The same things repeat again and again, such as not disabling antivirus. And it is frustrating to try to find useful information in the sea of... let's just say not useful (to me) posts. Several of my 2008 R2 machines are working excellent with v11/v12 of the bypass so again a big thank you to everyone involved! It is just this 2008 SP2 machine that is giving me trouble.
I agree 100%. I used the proxy to update my Acer Aspire Win7 Premium 32/64 laptop for Jan & Feb 2023 updates. Closed unneeded programs & any security monitoring software FIRST. Then updated following instructions. Included several restarts & WU turned OFF. Flawless. Then I followed instructions to remove proxy & installed v12 bypass & wsus update. I chose option 3. Restarted. Then fired up WU & it gave me 2 more security related updates before the Mar 2023 full updates arrived. WU gave me the Win7 embedded & 2008 R2 versions. Following advice I hid the 2008 R2 updates & then updated, restarted & with all security software OFF. Flawless again. Restarted & checked WU. The 2008 R2 versions disappeared. Now I have received a couple of security updates since then with 2 weeks left before Apr 2023 monthly updates. Thanks to all who worked hard to give us this extended security for Win7. Do Not Forget to turn your security software back on when updates are done.
If I understand correctly if you start mmc.exe, add the certificates snap-in and look under Trusted Root Certification Authorities you will not have: Microsoft Root Certificate Authority 2011 If so you should install the attached certificate, the included certmgr.exe comes from the Win7 SDK. (It would probably be best not to trust a random guy on the internet when installing a root certificate). But this is the way I do it on embedded machines with no internet access... The file needs to be run with full admin access (launch cmd.exe by rightclicking and selecting run as administrator). The correct command with both the EXE and certificate in the same folder would be: certmgr.exe -add MicRooCerAut2011_2011_03_22.crt -s -r localMachine root
Talking about a new install of the latest Windows 7 Client MSDN ISO of 2011 (en_windows_7_enterprise_with_sp1_x64_dvd_u_677651.iso), Instead of going through the hours to install all updates via Windows update since then, can I install Simplix pack first, then do everything after "after full update to january 2023 stop windows update service" to get post 2023-01 updates via Windows Update as Windows Server 2008 R2? After that install ".NET 4 ESU Bypass" from "BypassESU-v12_u" to also get .NET updates from Windows update?