Link to home
Start Free TrialLog in
Avatar of Marka Mekapse
Marka MekapseFlag for United States of America

asked on

Windows update not working or able to access any Microsoft website.

i have this VERY bizarre problem and have scoured the internet to find a solution but no luck.  i have just built out 9 servers with Win 2K3 Ent.

here is what it isn't - a firewall issue, a clock issue on the bios and the OS, an internet issue

this is what i am able to do - i can go to Microsoft update via IP address only.  any website that has Microsoft.com does not display but EVERY other website in the world works.  

help!  :)
Avatar of AndrewDizon
AndrewDizon

try using firefox instead of IE
Avatar of Don
Conficker virus rings a bell here, are you also blocked from antivirus sites?
Also check your hosts file (system32-->drivers--> etc) and make sure you don't have any bad hosts listed.  
I agree with all comments above you have been invaded with some sort of malware or the like. Try malwarebytes.org and download their software if its there it will find it, it is a great tool to have and free. If firefox works then it is just a workaround and some customers don't mind but if they do and you don't fix this, then reload may be the next step.
I've had situations where IE would work for two weeks and it would come back, the only thing I've found that would do the trick is malwarebytes and I use different anti-virus products but when it comes to this sort of thing, well it works....
Hope this helps, let us know.
If you cant get to malwarebytes.org use filehippo.com


http://www.filehippo.com/search?q=malware
good point dstewartjr, sometimes those little suckers wont let you download the software because it thinks you are trying to kill it:-).
Have you verified that its not a dns issue. Do an nslookup and try www.microsoft.com, then do a reverse lookup.
just to note firefox will not help here as MS do not support it for the Automatic Updates website.
There is a roundabout solution by manually entering the IP addresses for www.microsoft.com and www.windowsupdate.com into your hosts / lmhosts file in the system32/drivers/etc directory.

This sounds like something has just corrupted your hosts file in the first place. Can you run a ping from the command prompt to confirm that the address resolution works?

one set of valid IP addresses are :  (there are closer IP's to you depending on yoru location, but these will work)

www.microsoft.com 65.55.21.250
www.windowsupdate.com 207.46.18.94

Cheers.
RB.
Avatar of Marka Mekapse

ASKER

hi everyone and thank you for your comments


i ping 65.55.21.250 and get request time out.
i have added the entry into my hosts file (one of the first things i did) to "glue" the ip to the name.  still no luck

below are pings and nslookups

i can view all other websites with the exception of Microsoft.com or any other Microsoft site.








C:\Documents and Settings\administrator.ITEA>nslookup microsoft.com
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Non-authoritative answer:
Name:    microsoft.com
Addresses:  207.46.232.182, 207.46.197.32


C:\Documents and Settings\administrator.ITEA>ping 65.55.21.250

Pinging 65.55.21.250 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 65.55.21.250:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\administrator.ITEA>ping update.microsoft.com
Ping request could not find host update.microsoft.com. Please check the name and
 try again.

C:\Documents and Settings\administrator.ITEA>ping windowsupdate.com
Ping request could not find host windowsupdate.com. Please check the name and tr
y again.

C:\Documents and Settings\administrator.ITEA>ping microsoft.com
Ping request could not find host microsoft.com. Please check the name and try ag
ain.

C:\Documents and Settings\administrator.ITEA>nslookup microsoft.com
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Non-authoritative answer:
Name:    microsoft.com
Addresses:  207.46.197.32, 207.46.232.182


C:\Documents and Settings\administrator.ITEA>nslookup update.microsoft.com
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Non-authoritative answer:
Name:    www.update.microsoft.com.nsatc.net
Address:  207.46.21.123
Aliases:  update.microsoft.com, update.microsoft.com.nsatc.net


C:\Documents and Settings\administrator.ITEA>nslookup windowsupdate.microsoft.co
m
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Non-authoritative answer:
Name:    windowsupdate.microsoft.nsatc.net
Address:  207.46.18.94
Aliases:  windowsupdate.microsoft.com


C:\Documents and Settings\administrator.ITEA>nslookup windowsupdate.com
*** Can't find server name for address 209.67.147.20: Non-existent domain
Server:  UnKnown
Address:  209.67.147.20

Name:    windowsupdate.com


C:\Documents and Settings\administrator.ITEA>

Open in new window

can you post the results of ipconfig /all, please.
here ya go
Windows IP Configuration

   Host Name . . . . . . . . . . . . : Filer01
   Primary Dns Suffix  . . . . . . . : ITEA.LOCAL
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ITEA.LOCAL

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
2
   Physical Address. . . . . . . . . : 00-11-43-E9-4E-A1
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 209.67.147.16
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 209.67.147.1
   DNS Servers . . . . . . . . . . . : 209.67.147.20
                                       209.67.147.21

Open in new window

Why is you NIC IP address configured with a public IP address?
why is your default gateway and dns servers all pointing to public IP addresses?
 
dude, i can ping your workstation from the internet, what kinda setup do you have?
update

i also cant go to symantec.com

i ran the malware program above and it diddnt find anything
lets not discuss the configuration as of yet - if you want to discuss me turning off ICMP we can chat about that but i need to figure out why my machine is unable to get to microsoft update.  

i need to test all contingencies and if i put a public IP on the box that is my prerogative; it is for testing purposes only.  following me?   i am just trying to figure out this problem so i do appreciate any comments that would help me resolve my problem

thanks :)

NP, it just threw for a loop, not you everyday configuration, but I get your point.
Since you've added in the extra web site as another one you couldn't reach and you've indicated malwarebytes didn't find anything, then as a test install firefox as stated before it will not run windows updates but it will allow access to those other sites including microsoft web sites.
You should also go ahead and put your host file back to default, the main thing with that is to make sure there was nothing added or redirecting.
This should verify whether or not as I suspect something has corrupted IE or worse. It may no longer be there but at some point may have, don't know, but I've seen this problem before and it has almost always been in my experience, malware.
Conch

i reset my hosts file

this is the crazy thing - these servers were just built and went online on Wednesday; naturally, i wanted to  update them.

ive installed chrome, and firefox and have the same results.  its as if they are blocked! crazy  

thanks!
OK, thanks. Well let's see I will see if this makes any sense:-). You have a public facing IP and you installed a brand new machine live on the internet without any additional security updates or secutiry patches, hmmmm....were you ever able to go to windows updates? Do you control the dns server that you are pointing to or the router?
I don't know I'm either stuck with malware or dns issues of some sort.
i control the dns servers at the site but alternatively, i placed verizon's dns (4.2.2.2 and 4.2.2.1) and ended up with the same result.  

these servers were never able to get to microsoft update :(
ok, for grins and gigles were you able to activate this machine over the internet, do you have anything showing or popping up that this is not genuine ms product?
SOLUTION
Avatar of ConchCrawl
ConchCrawl
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
i thought you were onto something and googled the activation command line "oobe/msoobe /a".  when i run this command it tells me that the server is already activated.  

funny thing i was going to do so when i got these servers live - see picture below
activation.jpg
Means the copy you have doesn't require a license like MS Volume License, oh well.
that should say doesn't require activation
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
nice test dstewart, haven't seen that one before. The good news Is I'm not infected :-)
Me neither ; ^ )

But at this point based on everything I know at this point, I believe our friend here is. Unless someone has another take on this.
1. public facing IP
2. brand new machine live on the internet
3. without any additional security updates or secutiry patches
4. never was able to go to windows update

Reminds me of the days of Nimda, jeez what a nightmare that was. I had seen times when I would reload a new machine that nimda had infected and within minutes reinfect the machine before I could even get to the security updates on MS :-(.
great tool!  i am so pissed!  @#$%%%!!!!!!  i have the conficker virus.  i downloaded the conficker virus removal tool from Sophos and behold it found it!  

will be rewarding points shortly

Conch - thank you for hanging in there with me :)  i appreciate all of the advice

DS - thanks for the test - patching systems now

John
oh soot forgot no. 5: cannot go to certain security websites
Wow - glad we were right - sorry you got it - hope it resolves your problem
Been saying that all along : ^ )
 
ID:28643522
I'm still very surprised malwarebytes didn't catch it, first time I think I've seen that it couldn't catch conficker.