Hi, > Hi Everyone, >> >> if anyone within MSFT could contact me on- or off-list about this issue >> I would be very grateful. >> >> we run a reasonably large on-campus deployment of ISATAP for Windows >> clients in areas where native IPv6 is not possible. This has worked fine >> for years and still is. I'm well aware of all the pros and cons of >> ISATAP and I don't want a religious debate about using tunnels right now. >> >> A couple of months ago we started hearing about stray Windows update >> issues on Windows 8.1 hosts that had ISATAP connectivity. If the host >> has native IPv6, VPN-tunneled IPv6 or no IPv6 at all it works just fine. >> >> The issue has now become more prevalent (also with Windows 7) and I had >> the chance to debug this issue. The client displays an error code >> 80072F76 (unknown error) > > I'm happy to report that the MSRC (Microsoft Security Response Center) > followed up on this and Windows Update for ISATAP hosts is fixed since > at least September 17th. According to them the fix is not final yet, but > I can confirm that all our issues are resolved.
We are getting reports that this has been broken for at least four weeks, again. ISATAP clients are broken, normal native clients work fine. It is harder to trace from the outside this time since they are using HTTPS this time. WindowsUpdate.log says 2015-07-24 07:09:51:479 936 e80 DnldMgr Contacting regulation server for 2 updates. 2015-07-24 07:09:51:494 936 e80 IdleTmr WU operation (Regulator Refresh) started; operation # 177; does use network; is at background priority 2015-07-24 07:09:51:557 936 e80 EP Got 7971F918-A847-4430-9279-4A52D1EFE18D redir Client/Server URL: "https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx"; 2015-07-24 07:09:51:573 936 e80 PT WARNING: Cached cookie has expired or new PID is available 2015-07-24 07:09:51:838 936 bd4 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 4. 2015-07-24 07:09:59:133 936 e80 IdleTmr WU operation (CAgentProtocolTalker::GetCookie_WithRecovery) started; operation # 178; does use network; is at background priority 2015-07-24 07:09:59:894 936 e80 WS WARNING: Nws Failure: errorCode=0x803d0000 2015-07-24 07:09:59:894 936 e80 WS WARNING: Fehler bei der Kommunikation mit dem Endpunkt bei "https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx";. 2015-07-24 07:09:59:894 936 e80 WS WARNING: In der Antwort des Servers fehlt der HTTP-Header für den Inhaltstyp. 2015-07-24 07:09:59:894 936 e80 WS WARNING: MapToSusHResult mapped Nws error 0x803d0000 to 0x80240439 2015-07-24 07:09:59:894 936 e80 WS WARNING: Web service call failed with hr = 80240439. 2015-07-24 07:09:59:894 936 e80 WS WARNING: Current service auth scheme='None'. 2015-07-24 07:09:59:894 936 e80 WS WARNING: Proxy List used: '(null)', Bypass List used: '(null)', Last Proxy used: '(null)', Last auth Schemes used: 'None'. 2015-07-24 07:09:59:894 936 e80 WS FATAL: OnCallFailure failed with hr=0X80240439 The german error message in the middle says "Missing Content-Type HTTP header". I don't see a Content-Type header when trying with curl at all, but again the headers are vastly different between IPv4/native IPv6 on one side and ISATAP on the other. % sudo curl -I --interface eth0 -k https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx HTTP/1.1 400 Bad Request Cache-Control: private Content-Length: 0 Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Fri, 24 Jul 2015 06:31:31 GMT % sudo curl -4 -I --interface eth0 -k https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx HTTP/1.1 400 Bad Request Cache-Control: private Content-Length: 0 Server: Microsoft-IIS/8.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Fri, 24 Jul 2015 06:31:50 GMT % sudo curl -I --interface is0 -k https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx HTTP/1.1 200 OK Content-Length: 0 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Fri, 24 Jul 2015 06:32:00 GMT I will try to reactivate my Microsoft case I had back then. Regards, Bernhard
