Jump to content

"Unable to access update server" after Win10 Anniversary Update


Recommended Posts

Malwarebytes update was working fine (although very slowly) before the Win10 Anniversary Update.  Now, its database appears to be stuck, showing date 2016.02.16.06.  The app logs show an error code of "0", and failures updating the various databases:

------------------

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 9/28/2016 1:47 AM, SYSTEM, SORCERER, Manual, 0,
Update, 9/28/2016 1:47 AM, SYSTEM, SORCERER, Manual, Domain Database, Failed, Unable to access update server, 2016.2.16.8, 2016.9.27.6,
Update, 9/28/2016 1:47 AM, SYSTEM, SORCERER, Manual, Remediation Database, Failed, Unable to access update server, 2016.2.12.1, 2016.9.21.1,
Error, 9/28/2016 10:02 AM, SYSTEM, SORCERER, Manual, 0,
Update, 9/28/2016 10:02 AM, SYSTEM, SORCERER, Manual, Remediation Database, Failed, Unable to access update server, 2016.2.12.1, 2016.9.21.1,

(end)

------------------

My system is Win10 with the Anniversary update, also running Norton Security Suite (Comcast/Xfinity build).  I've already done the clean uninstall / reinstall.  I also saw a previous thread about update server access problems, and added mbamscheduler and mbamservice to the Norton firewall rules - Windows firewall rules are not accessible due to Norton.  Mbam.exe and mbamresearch rules were already present in Norton upon reinstall.

If you need any further system info or other details, please let me know.  Thanks!

 

Addition.txt

CheckResults.txt

FRST.txt

Link to post
Share on other sites

16 minutes ago, Firefox said:

Hello and Welcome to Malwarebytes :)

Let's try this first....

Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
Please let us know how it goes.

Thank You,

Firefox

Thanks for the reply.  I've already done the clean removal process (before creating the topic).  It didn't correct the issue, so I downloaded the mbamcheck and Farbar tools and attached their logs.  Are you saying I need to do clean removal again?

Malwarebytes is showing as version 2.2.1.1043 / Build Date: 3/10/2016 4:06 PM

Link to post
Share on other sites

48 minutes ago, AdvancedSetup said:

Please try doing a full disk check on your hard drive. Let us know if you need help with that or if it makes any difference.

 

Thanks for the reply.  I actually ran a System File Check after I upgraded to the Win10 Anniversary edition (Version 1607, Build 14393.187).  SFC found no errors.

Or are you suggesting to run chkdsk?

I've tried the MBAM updater several times today, with varying results.  I think I may have finally gotten all the various databases updated (one by one), but just received another error code "0 - unable to access update server".  I'm not sure if I'm still missing any updates.  I've attached an export of the Daily Protection Log to this message, if that will help.

Daily Protection Log 2016-09-28.txt

Link to post
Share on other sites

  • Root Admin

All CHKDSK scan logs are stored in the Event Logs.

In order to do a FULL disk check one must select the /r switch to Locates bad sectors and recovers readable information.

The following article shows how to run the Full Disk Check with the /r switch.

How to Scan & Fix Hard Drives with CHKDSK in Windows 10

How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10

Basically from an elevated admin command prompt you'd type:  CHKDSK   C:   /R

Then press the Enter key, then press the Y key to run after a restart. Then restart your computer and let it run.

Then attach the log results here.

 

Next, run a temporary file cleaner.

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Link to post
Share on other sites

9 hours ago, AdvancedSetup said:

(edit)

Then attach the log results here

Thanks for the info about chkdsk.  I found the logs in Event Viewer, and attached them here.  Chkdsk1 is the scan run through File Explorer (Properties / Tools / Error Checking), and Chkdsk2 is the command-line scan, with the /r switch.

I also copied the text from the TFC and created a log from that.

I rebooted, and tried another MBAM update.  I'm now showing database version v2016.09.29.01.  It looks like I finally got the IP Database update, which kept failing yesterday.  I've also attached two MBAM Protection logs - the final from yesterday, and the one just created.

Any manual update request still takes much longer than before.  In fact, the MBAM update process has gotten much slower with the last couple of program updates.  It now takes several minutes just to check the database versions, then about a minute to download, then a while to install depending on the size of the update.  Is that normal?  Then, if you initiate a scan, the program automatically runs the update check again, and you get to wait several more minutes before the scan actually begins...  (That last bit is just a gripe with the program design, not necessarily a problem.)

Thanks again for your help.

Chkdsk1.txt

Chkdsk2.txt

Daily Protection Log 2016-09-28-Final.txt

Daily Protection Log 2016-09-29.txt

TFC Log.txt.txt

Link to post
Share on other sites

  • Root Admin

I know the db size does fluctuate and the region of the world you're in varies and scripts try to determine where you're located in order to get you to the closest server. However sometimes that detection is wrong and you may get sent to a server that is much slower. Not much can be done about that as it's automated from the CDN (Content Delivery Network).


As long as it's updating without failures that's a bit more important. Personally I don't run manual scans or manual updates. I set mine to auto update every 4 hours. Haven't paid much attention to how it it takes to download. When I do check it periodically it's always up to date. I do a scheduled scan once a week, but mainly because I set it for testing and feedback in support. With live protection from MBAM and my antivirus as well as some other security practices, I don't see the need to do a real scan more than maybe once a month for myself. Of course depending on what you do with your computer and what type of sites you may visit on a frequent basis then a daily scan might be good for you.

If there is something else I can assist you with please let me know. At this time just don't think there is much we can do about a slow update process.

The log says you did have a failure to update due to unable to reach the server. That would need some network testing and possibly network sniffing to determine why or what prevented the connection to the update server.

 

 

Link to post
Share on other sites

4 hours ago, AdvancedSetup said:

I know the db size does fluctuate and the region of the world you're in varies and scripts try to determine where you're located in order to get you to the closest server. However sometimes that detection is wrong and you may get sent to a server that is much slower. Not much can be done about that as it's automated from the CDN (Content Delivery Network).


As long as it's updating without failures that's a bit more important. Personally I don't run manual scans or manual updates. I set mine to auto update every 4 hours. Haven't paid much attention to how it it takes to download. When I do check it periodically it's always up to date. I do a scheduled scan once a week, but mainly because I set it for testing and feedback in support. With live protection from MBAM and my antivirus as well as some other security practices, I don't see the need to do a real scan more than maybe once a month for myself. Of course depending on what you do with your computer and what type of sites you may visit on a frequent basis then a daily scan might be good for you.

If there is something else I can assist you with please let me know. At this time just don't think there is much we can do about a slow update process.

The log says you did have a failure to update due to unable to reach the server. That would need some network testing and possibly network sniffing to determine why or what prevented the connection to the update server.

Thanks again for looking into this for me.  But just to be clear - the slow update process had started before the Win10 Anniversary Update, and still continues when the program actually reaches the update servers.  The errors and update failures have never happened before, and didnt start until after the Win10 update.

I also remembered that while trying to download the mbam-clean and mbam-install programs (from the direct links in the sticky FAQ post here on the forum), I had to restart them several times as the downloads would time before connecting.  That issue may or may not be connected, but just FYI.

I only have the free MBAM version.  I just use it as a backup to Norton, and scan once every week or two.  Someone who has the premium version, with auto-updates and scheduled scanning probably wouldn't notice errors like this.  Just thought I'd bring them to the team's attention, in case the Win10 update (or something else) has created an issue.

Thanks again for the help - I appreciate it.

 

Link to post
Share on other sites

  • Root Admin

Yes, there is not doubt that the Windows 10 AU brought a lot of problems. If you search on Google you'll find thousands of pages of complaints and programs that used to work that no longer work, etc. Reddit has admin pages full of varying different complaints.

Just one example that I too ran into with an external 8TB drive. Rolling back fixed it. To this day I'm still not running updates. I've disabled the service until Microsoft reaches a point where these type of errors are actually fixed.

https://www.reddit.com/r/sysadmin/comments/4vycur/windows_10_anniversary_update_deleted_a_whole/

For the slowness as you explain I've never had personally. You're speaking of just normal file downloads which makes no sense as they're not associated any differently than other programs when downloading. Not until ran or fully downloaded would software possibly treat it differently.

I don't have any evidence that Windows 10 either before or after the AU, changes download speeds for web browser downloads.

I'll check with our QC Team and see if they have any reports they're working on with regards to that but I wouldn't think so.

 

Link to post
Share on other sites

  • Root Admin

Windows 10 Anniversary Update Deleted a Whole Physical Disk
https://www.reddit.com/r/sysadmin/comments/4vycur/windows_10_anniversary_update_deleted_a_whole/

Windows 10 Anniversary Update ... we're screwed
https://www.reddit.com/r/sysadmin/comments/4zpbx7/windows_10_anniversary_update_were_screwed/

Workarounds for Windows 10 Anniversary Removed GPOs
https://www.reddit.com/r/sysadmin/comments/4w0saz/workarounds_for_windows_10_anniversary_removed/

The case against Windows 10 Anniversary Update grows
http://www.infoworld.com/article/3104389/microsoft-windows/the-case-against-windows-10-anniversary-update-grows.html

One Year Later: Did Microsoft Listen to Windows 10 Complaints?
http://www.howtogeek.com/264273/one-year-later-did-microsoft-listen-to-windows-10-complaints/

Stuck installing the Windows 10 Anniversary Update? Here we show you the most common problems and how to fix them.
http://www.windowscentral.com/windows10-anniversary-update-common-problems-how-fix

Microsoft fixes Windows 10's Anniversary Update freezing
http://www.pcworld.com/article/3114706/windows/microsoft-fixes-windows-10s-anniversary-update-freezing.html

Microsoft fixes PowerShell problem caused by Windows 10 Anniversary update
http://www.zdnet.com/article/microsoft-fixes-powershell-problem-caused-by-windows-10-anniversary-update/

Watchdog On Three: Windows 10 #FAIL - are you due compensation?
http://www.bbc.co.uk/bbcthree/item/f6660f2c-6c38-4522-b77a-c0e5e85f9858

 

Link to post
Share on other sites

  • 2 weeks later...

I'm still unable to update on 2 separate computers.  I saw several other newer threads with similar update problems.  Is there any new information about what is happening?

------------------

Latest Daily Protection Log:

Error, 10/9/2016 9:32 PM, SYSTEM, SORCERER, Manual, 0,

Update, 10/9/2016 9:32 PM, SYSTEM, SORCERER, Manual, Malware Database, Failed, Unable to access update server, 2016.9.30.15, 2016.10.9.8,

(end)

------------------

I also saw the instructions about pinging the update servers.  Here is what I got, using the admin command prompt:

nslookup  data-cdn.mbamupdates.com

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32> nslookup  data-cdn.mbamupdates.com
Server:  cdns02.comcast.net
Address:  75.75.76.76

Non-authoritative answer:
Name:    vip0x062.ssl.hwcdn.net
Address:  205.185.208.98
Aliases:  data-cdn.mbamupdates.com
          data-cdn.mbamupdates.com.akadns.net


ping   data-cdn.mbamupdates.com

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping   data-cdn.mbamupdates.com

Pinging vip0x062.ssl.hwcdn.net [205.185.208.98] with 32 bytes of data:
Reply from 205.185.208.98: bytes=32 time=19ms TTL=57
Reply from 205.185.208.98: bytes=32 time=22ms TTL=57
Reply from 205.185.208.98: bytes=32 time=21ms TTL=57
Reply from 205.185.208.98: bytes=32 time=23ms TTL=57

Ping statistics for 205.185.208.98:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 23ms, Average = 21ms

Link to post
Share on other sites

7 hours ago, AdvancedSetup said:

Thanks for the reply.  The link returned:

v2016.10.11.07

I tried it with and without MBAM running, and got the same number each time.  I just tried to update, and the Malware database downloaded, and now matches that number.  As you can see from the Protection log below, the program was still showing the Sept 30 database upon startup.  And each time I check for updates, the update process takes about 5 minutes (checking, downloading, installing).  I realize I'm on the free version, but that seems like a long time compared to every other program I use and update.

--------------

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 10/11/2016 9:59 AM, SYSTEM, SORCERER, Manual, Malware Database, 2016.9.30.15, 2016.10.11.7,

(end)
--------------

Unfortunately, I ran CCleaner yesterday, and forgot to un-check MBAM in its cleaning options.  I lost my previous log files.  I don't know the status of the other internal databases (IP, Remediation, Domain, etc...).  Is there a way to check the version number on those?

Link to post
Share on other sites

  • Root Admin

They are all tied to the same update. Knowing which is which really doesn't tell even support much without us looking it up too.

You can run our mbam-check program to get a log of them.

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post


As for how  long it takes, sorry not much we can do about it. That is pretty much controlled by your download speed and the connection to the update server. On average it takes mine about 20 seconds to complete but I'm typically on at 100Mbps

 

Link to post
Share on other sites

LOL - It took me 5 tries to connect to data-cdn.mbamupdates.com.  The connections kept timing out.  I'm using Comcast/Xfinity cable internet, and I get download speeds typically in the 90Mbps range.

When the program finally downloaded, I ran it as administrator.  It immediately ran an application error "unable to start correctly (0x0000022), and Norton Security Suite alerted to a Heuristic violation of mbamcore.dll - "Heur.AdvML.B".  It has quarantined that program (even though it ran fine a couple of weeks ago when I started this topic):

-------------------

Filename: mbamcore.dll
Threat name: Heur.AdvML.BFull Path: c:\users\chuck\appdata\local\temp\7z70622bac\mbamcore.dll

____________________________


On computers as of 10/11/2016 at 11:35:01 AM

Last Used 10/11/2016 at 11:37:02 AM

Startup Item:  No

Launched:  No

Threat type:  Heuristic Virus. Detection of a threat based on malware heuristics.

____________________________


mbamcore.dll Threat name: Heur.AdvML.B

Few Users:  Hundreds of users in the Norton Community have used this file.

Mature:  This file was released 2 years 7 months ago.

High:  This file risk is high.

____________________________


Source: External Media

Source File:  mbamcore.dll

____________________________

File Actions

File: c:\users\chuck\appdata\local\temp\7z70622bac\ mbamcore.dll Removed
____________________________


File Thumbprint - SHA:
990ca3dc5dacf44b1e557d4e503ce2cd1aab24666a7915dbcfc16cd7af7814bf
File Thumbprint - MD5:
Not available

Link to post
Share on other sites

  • Root Admin

Potentially due to connection breaking and then a file not being valid Norton triggered on it. Might need/want to add exclusions to Norton for MBAM (let me know if you need more information on that).

As for connections keep breaking you'd probably need to bring it up with your ISP.

Link to post
Share on other sites

Yes, if you could please list all the program and file exclusions that should be listed in Norton Security Suite, I would appreciate it.  I don't see a master list in the FAQ.  I've added a few things based on other forum posts, but I'd like to make sure all the necessary pieces are listed in Norton.

MBAMNorton.jpg

Link to post
Share on other sites

  • Root Admin

Please exclude the following files from your Antivirus Software for your version of Windows:

For 32-bit versions of Windows XP, Windows Vista, Windows 7 & Windows 8 & Windows 10:

  • C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamdor.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbampt.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe


 
For 64-bit versions of Windows Vista, Windows 7 & Windows 8 & Windows 10:

  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware \mbamscheduler.exe


Note: If you are using a software firewall besides the built in Windows Firewall, you'll need to exclude MBAM.EXE, MBAMSERVICE.EXE and MBAMRESEARCH.EXE from it, as well.
 
Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

Please let us know if you need more help.

Thanks,

221-Exclusions-2016-03-31_6-14-39.png

Link to post
Share on other sites

  • 5 weeks later...

Hi - Just wanted to follow up on this issue.  On Tuesday, I received the latest Win10 update (Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3200970)).  The MBAM problem I was having now appears to have corrected itself, and the program is behaving like it used to.  Update checks now only take around 30 seconds, and the databases are updating themselves (all of them, instead of only one or two at a time).

Just to be sure, could someone take a look at my MBAM-check log to confirm that the program is fully updated?  I'd appreciate it.  I also attached Protection Logs from the udpate and scan process, FYI.

MBAMProtectionLog11112016.txt

MBAMProtectionLog11102016.txt

CheckResults.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.