×

Loading...
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

@Florida

help:windows 系统专家 和 cisco router 专家请进请进(windows update error)

bobo123(bobo)
本文发表在 rolia.net 枫下论坛有台CISCO ROUTER 接了几台WINDOWS 2000 机器,现在这几台机器 windows update 是出现了错误,错误代码是0x800C0008
以下是windows update log 的内容:
005-03-23 10:07:59 15:07:59 Success IUENGINE Shutting down
2005-03-23 10:22:23 15:22:23 Success IUCTL Downloaded iuident.cab from http://www.windowsupdate.com/v4/ to C:\Program Files\WindowsUpdate\V4
2005-03-23 10:22:23 15:22:23 Success IUCTL Current iuengine.dll version: 5.4.3790.21
2005-03-23 10:22:23 15:22:23 Success IUCTL Current iuctl.dll version: 5.4.3790.20
2005-03-23 10:22:23 15:22:23 Success IUENGINE Starting
2005-03-23 10:22:24 15:22:24 Success IUENGINE Determining machine configuration
2005-03-23 10:22:24 15:22:24 Success IUENGINE Determining machine configuration
2005-03-23 10:22:38 15:22:38 Error IUENGINE Querying software update catalog from https://v4.windowsupdate.microsoft.com/getmanifest.asp (Error 0x800C0008)

ROUTER 的配置如下:

!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$.Z0p$446Tig2fzhHyA3WSPxA7n/
!

ip subnet-zero
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.2
ip dhcp excluded-address 10.10.10.7
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
!
!
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
no cdp enable
hold-queue 32 in
!
interface Ethernet1
no ip address
duplex auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip mtu 1492
ip nat outside
ip inspect myfw out
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname x@dsl.ca
ppp chap password 7 xxxxxxxxxxxxxx
ppp pap sent-username x@dsl.ca password 7 xxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 10.10.10.7 8080 interface Dialer1 8080
ip nat inside source static tcp 10.10.10.2 3389 interface Dialer1 3389
ip nat inside source static tcp 10.10.10.2 1433 interface Dialer1 1433
ip nat inside source static tcp 10.10.10.2 443 interface Dialer1 443
ip nat inside source static tcp 10.10.10.2 20 interface Dialer1 20
ip nat inside source static tcp 10.10.10.2 80 interface Dialer1 80
ip nat inside source static tcp 10.10.10.2 21 interface Dialer1 21
ip nat inside source static tcp 10.10.10.2 25 interface Dialer1 25
!
!
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 111 permit tcp any any eq smtp
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq ftp-data
access-list 111 permit tcp any any eq 443
access-list 111 permit tcp host 216.x.x.x any eq 1433
access-list 111 deny tcp any any eq 1433
access-list 111 permit tcp host 216.x.x.x any eq 3389
access-list 111 deny tcp any any eq 3389
access-list 111 permit tcp any any eq 8080
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end更多精彩文章及讨论,请光临枫下论坛 rolia.net
(#2197174@0)
Last Updated: 2005-3-23
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / IT技术讨论 / help:windows 系统专家 和 cisco router 专家请进请进(windows update error) -bobo123(bobo); 2005-3-23 {5161} (#2197174@0)
    本文发表在 rolia.net 枫下论坛有台CISCO ROUTER 接了几台WINDOWS 2000 机器,现在这几台机器 windows update 是出现了错误,错误代码是0x800C0008
    以下是windows update log 的内容:
    005-03-23 10:07:59 15:07:59 Success IUENGINE Shutting down
    2005-03-23 10:22:23 15:22:23 Success IUCTL Downloaded iuident.cab from http://www.windowsupdate.com/v4/ to C:\Program Files\WindowsUpdate\V4
    2005-03-23 10:22:23 15:22:23 Success IUCTL Current iuengine.dll version: 5.4.3790.21
    2005-03-23 10:22:23 15:22:23 Success IUCTL Current iuctl.dll version: 5.4.3790.20
    2005-03-23 10:22:23 15:22:23 Success IUENGINE Starting
    2005-03-23 10:22:24 15:22:24 Success IUENGINE Determining machine configuration
    2005-03-23 10:22:24 15:22:24 Success IUENGINE Determining machine configuration
    2005-03-23 10:22:38 15:22:38 Error IUENGINE Querying software update catalog from https://v4.windowsupdate.microsoft.com/getmanifest.asp (Error 0x800C0008)

    ROUTER 的配置如下:

    !
    version 12.3
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    no logging buffered
    enable secret 5 $1$.Z0p$446Tig2fzhHyA3WSPxA7n/
    !

    ip subnet-zero
    ip dhcp excluded-address 10.10.10.1
    ip dhcp excluded-address 10.10.10.2
    ip dhcp excluded-address 10.10.10.7
    !
    ip dhcp pool CLIENT
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    lease 0 2
    !
    !
    ip inspect name myfw cuseeme timeout 3600
    ip inspect name myfw ftp timeout 3600
    ip inspect name myfw rcmd timeout 3600
    ip inspect name myfw realaudio timeout 3600
    ip inspect name myfw smtp timeout 3600
    ip inspect name myfw tftp timeout 30
    ip inspect name myfw udp timeout 15
    ip inspect name myfw tcp timeout 3600
    ip inspect name myfw h323 timeout 3600
    !
    !
    !
    !
    !
    !
    !
    interface Ethernet0
    ip address 10.10.10.1 255.255.255.0
    ip nat inside
    ip tcp adjust-mss 1452
    no cdp enable
    hold-queue 32 in
    !
    interface Ethernet1
    no ip address
    duplex auto
    pppoe enable
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface Dialer1
    ip address negotiated
    ip access-group 111 in
    ip mtu 1492
    ip nat outside
    ip inspect myfw out
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname x@dsl.ca
    ppp chap password 7 xxxxxxxxxxxxxx
    ppp pap sent-username x@dsl.ca password 7 xxxxxxxxxx
    ppp ipcp dns request
    ppp ipcp wins request
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip http server
    no ip http secure-server
    ip nat inside source list 102 interface Dialer1 overload
    ip nat inside source static tcp 10.10.10.7 8080 interface Dialer1 8080
    ip nat inside source static tcp 10.10.10.2 3389 interface Dialer1 3389
    ip nat inside source static tcp 10.10.10.2 1433 interface Dialer1 1433
    ip nat inside source static tcp 10.10.10.2 443 interface Dialer1 443
    ip nat inside source static tcp 10.10.10.2 20 interface Dialer1 20
    ip nat inside source static tcp 10.10.10.2 80 interface Dialer1 80
    ip nat inside source static tcp 10.10.10.2 21 interface Dialer1 21
    ip nat inside source static tcp 10.10.10.2 25 interface Dialer1 25
    !
    !
    access-list 23 permit 10.10.10.0 0.0.0.255
    access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    access-list 111 permit tcp any any eq smtp
    access-list 111 permit tcp any any eq ftp
    access-list 111 permit tcp any any eq www
    access-list 111 permit tcp any any eq ftp-data
    access-list 111 permit tcp any any eq 443
    access-list 111 permit tcp host 216.x.x.x any eq 1433
    access-list 111 deny tcp any any eq 1433
    access-list 111 permit tcp host 216.x.x.x any eq 3389
    access-list 111 deny tcp any any eq 3389
    access-list 111 permit tcp any any eq 8080
    access-list 111 permit icmp any any administratively-prohibited
    access-list 111 permit icmp any any echo
    access-list 111 permit icmp any any echo-reply
    access-list 111 permit icmp any any packet-too-big
    access-list 111 permit icmp any any time-exceeded
    access-list 111 permit icmp any any traceroute
    access-list 111 permit icmp any any unreachable
    access-list 111 permit udp any eq bootps any eq bootpc
    access-list 111 permit udp any eq bootps any eq bootps
    access-list 111 permit udp any eq domain any
    access-list 111 permit esp any any
    access-list 111 permit udp any any eq isakmp
    access-list 111 permit udp any any eq 10000
    access-list 111 permit tcp any any eq 1723
    access-list 111 permit tcp any any eq 139
    access-list 111 permit udp any any eq netbios-ns
    access-list 111 permit udp any any eq netbios-dgm
    access-list 111 permit gre any any
    access-list 111 deny ip any any
    dialer-list 1 protocol ip permit
    !
    control-plane
    !
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    transport preferred all
    transport output all
    stopbits 1
    line aux 0
    transport preferred all
    transport output all
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    login local
    length 0
    transport preferred all
    transport input all
    transport output all
    !
    scheduler max-task-time 5000
    end更多精彩文章及讨论,请光临枫下论坛 rolia.net
    • Does this have anything to do with Cisco? Doubt it. -raymondo(raymondooo); 2005-3-23 (#2197704@0)
      • 就是CISCO ROUTER 问题,或许是ROUTER 配置有问题,因为 -bobo123(bobo); 2005-3-23 {125} (#2197876@0)
        我刚把CISCO ROUTER 从DSL MODEM 里拆卸下来,替成用一台机器连接DSL MODEM ,其它机器则通过这台机器上网,那么可以进行WINDOWS UPDATE.
        • Seems HTTPS cannot go thru... -canadiantire(轮胎-M.I.N.K.); 2005-3-23 (#2197899@0)
    • check this out -swimmingfish2000(向前看); 2005-3-23 {5105} (#2197987@0)
      本文发表在 rolia.net 枫下论坛The 0x800C0008 error can indicate a problem with the SSL connection to
      our servers. We have found that one of the most common causes of the
      problem is the date/time being far enough off that the SSL connection
      will be disallowed. There are a number of other things that have been
      known to cause the problem. In the error page that we present, a
      decision was made to only show the top cause. We do have a
      Troubleshooter article that can be found under the Get Help and support
      link on the site. I have an excerpt from that article below along with a
      little more information.

      Please try the following steps one at a time to see if any of these can
      resolve the problem. Since you indicated that these are newly built
      systems and I could assume that they were built similarly that the first
      suggestion would not apply and you have already tried number 3. To
      assist in helping to troubleshoot this issue please let me know if one
      of these suggestions can resolve the problem.

      Thank you,

      Rob Satterwhite
      Windows Update Support Mgr

      Suggestion 1:

      Temporarily disabling antivirus and firewall programs while you use
      Windows Update may solve this problem. Be sure to enable them again when
      you complete the update process. Some customers have also resolved this
      issue by disabling or uninstalling Internet acceleration software.

      Suggestion 2:

      The error may occur because the language-setting in Internet Explorer is
      missing. To add a language, in Internet Explorer, select
      Tools-->Internet Options, and click the "Languages" button. Add a
      language to the list if empty.

      Suggestion 3:

      Check the system time. SSL will not function if the system time is more
      than 100 days off.

      Check your date and time setting by following these steps:


      1. Click on Start, Settings, Control Panel.

      2. Open the Date/Time item.

      3. Verify that you have the correct date and time configured on your PC


      Suggestion 4:



      Double-check a few settings in IE.

      1. In IE, click on Tools, and select Internet Options from the
      drop-down menu..

      2. Click on the Security tab. Verify that the Internet Zone is
      selected and then click the Custom Level button.

      3. Under the ActiveX controls and plug-ins section make sure that you
      have either "Enable" or "Prompt" set for these items:

      a. Download signed ActiveX controls

      b. Run ActiveX controls and plug-ins

      c. Script ActiveX controls marked safe for scripting

      4. Click on the Content tab and click the Certificates button.

      5. Select the Trusted Root Certification Authorities tab.

      6. Check for a certificate called "Microsoft Root Authority".

      7. Double-click on it to open it's properties.

      8. On the General tab, make sure that the Valid from dates are correct.
      It should be "1/10/1997 to 12/31/2020"

      9. On the Certification Path tab, under the Certificate Status section,
      make sure it says "This certificate is OK."

      10. Click OK, and now find a certificate called "NO LIABILITY
      ACCEPTED".

      11. On the General tab, make sure that the Valid from dates are
      correct. It should be "5/11/1997 to 1/7/2004"

      12. On the Certification Path tab, under the Certificate Status
      section, make sure it says "This certificate is OK." Click OK. Click
      the Close button.

      13. Click Ok, and now find a certificate called "GTE CyberTrust Root".
      You may have more than one of these with the same name. You need to
      check the one that has an Expiration date of 2/23/2006.

      14. On the General tab, make sure that the Valid from dates are
      correct. It should be "2/23/1996 to 2/23/2006"

      15. On the Certification Path tab, under the Certificate Status
      section, make sure it says "This certificate is OK."

      16. Next, click on the Advanced tab.

      17. Scroll down the list and make sure there are check marks in the
      boxes next to:

      a. Use HTTP 1.1

      b. Use SSL 2.0

      c. Use SSL 3.0

      18. Close all open browsers, then connect to the Windows Update site
      and see if it works.



      Suggestion 5:



      Please disable the options to check for certificate revocation in
      Internet Explorer:



      1. Open Internet Explorer

      2. Click "Tools."

      3. Click "Internet Options" from the drop down menu.

      4. Click the "Advanced" tab.

      5. Scroll down to the Security Section.

      6. Unselect "Check for publisher's certificate revocation."

      7. Unselect "Check for server certificate revocation."

      8. Click OK.

      9. Close all Internet Explorer windows, and try Windows Update again.



      Suggestion 6:



      You might also be able to resolve this issue by deleting all of the
      content in Program Files\Windowsupdate and Program
      Files\Windowsupdate\V4 except for the iuhist.xml file located in Program
      Files\Windowsupdate\V4.



      Suggestion 7:



      One customer performed an MSN Messenger update, which fixed his
      0x800c0008 Windows Update issue as well. Correlation not yet determined
      but an avenue to check if you have MSN Messenger installed.更多精彩文章及讨论,请光临枫下论坛 rolia.net
    • --> -canadiantire(轮胎-M.I.N.K.); 2005-3-23 (#2197997@0)
    • 问题解决了,具体不知道什么原因,可能和TCP 包有一定的关系,和ROUTER 也有关系. -bobo123(bobo); 2005-3-23 {132} (#2198247@0)
      我从网络上下DR.TCP 软件, 在那里设置了
      TCP RECEIVE WINDOW:13900
      Dialup(RAS MTU):1450
      Adapter MTU:1450

      然后重新启动机器就可以了.
      • should be the MTU not match, usually cisco router has default MTU as 1500 but it may have problem if any device in the middle has a smaller MTU (maybe your ADSL modem) -avacao(吃草的大老虎白白胖胖); 2005-3-25 (#2201483@0)
        • yes.usually this problem is caused by MTU mismatch -coolrabbit(coolrabbit); 2005-3-30 (#2210998@0)

More Topics

  • 脑洞大开,突发奇想,用力来传播信息
  • 看大家讨论日语,俺也正在认真学习。其实语言问题应该是很快也很容易就解决的,可能比自动驾驶来的还快。TREK里面,全宇宙的人都在大脑里安装了UNIVERSAL TRANSLATOR,外星人之间相互交流无障碍。废话少说,看视频。。。加上个MIC和耳机,不同国家的人就可以无障碍交流。
  • 肉脸真有搞 IT 的?Linux 把俄国中国伊朗踢出去了好像肉脸 IT 没啥感觉似的
  • 请问web developer和software developer技术上有什么区别?
  • Elon Musk 带着川普总统奔向火星了。
    • 枫下论坛主坛工作学习IT技术讨论