Fiddler web debugging proxy : install Fiddler on windows 7

about fiddler

http://fiddler2.com/

In short , you can debug HTTP/S sessions with fiddler

before installing fiddler , install .net framework which is required to use fiddler.

I installed dotNetFx40_Full_setup.exe. ( .net framework 4 )

install fiddler (fiddler4setup.exe )

run fiddler ( just click fiddler icon )

enable HTTPS decryption

GUI -> Tools -> Fiddler Options -> HTTPS

enable “Decrypt HTTPS traffic”

trace a specific web browser’s HTTP/S session

click “Any process” and then drop “+” icon to the IE GUI

trace IE’s HTTP/S sessions.

Windows 7 : Windows Update : error = 0xC8000247 ( HP pavilion desktop )

Windows update service has not worked after replacing an old HDD with a new one due to HDD failure.I have installed Windows 7 Pro 32bit into the new HDD using the recovery media shipped with HP. ( I replaced 320GB HDD with 500GB HDD )

Windows update service is running , however I can’t apply patches.



The following is the WindowsUpdate.log when issuing updates with CLI

Do the update with CLI

C:\Windows\system32>wuauclt.exe /detectnow

WindowsUpdate.log ( C\Windows\WindowsUpdte.log )

1084694AU###########  AU: Initializing Automatic Updates  ########### 1084694DtaStorFATAL: Failed to initialize datastore, error = 0xC8000247 1084694AgentWARNING: GetServiceList failed with error 0xc8000247. 1084694AUWARNING: QueryRegisteredProvider failed with error 0xc8000247 1084694AU  # Approval type: Scheduled (User preference) 1084694AU  # Scheduled install day/time: Every day at 15:00 1084694AU  # Auto-install minor updates: Yes (User preference) 1084694AU  # Will interact with non-admins (Non-admins are elevated (User preference)) 1084694AU  # Power management is turned off through policy 1084694DtaStorFATAL: Failed to initialize datastore, error = 0xC8000247 1084694AUFATAL: Failed to get session from datastore, error = 0xC8000247 1084694AUFATAL: Failed to Unserialize from data store, error = 0xC8000247 1084694AU  # WARNING: Exit code = 0xC8000247 1084694AU###########  AU: Uninitializing Automatic Updates  ########### 1084694AUWARNING: InitAUComponents Failed, will restart AU in 30 mins, error = 0xC8000247 1084694AUAU Restart required....

When googling this issue , I've found that this might be corrected by installing "Intel Rapid Storage Technology Driver".
In my case , I could solve this issue after installing "Intel Rapid Storage Technology Driver" which I downloaded from HP site.
You will find the driver for HP desktop by just googling “HP pavilion model name driver”.

After installing the driver.

Windows Vista and later : Network Connectivity Status Indicator (NCSI)

[ what’s NCSI ]

NCSI probes Internet connectivity automatically and determines whether Internet connectivity is available or not based on NSCI probing results.
This function has been implemented Windows Vista and later.

About NCSI
Vista : http://technet.microsoft.com/en-us/library/cc766023::(WS.10).aspx
7 and 2008 R2 : http://technet.microsoft.com/en-us/library/ee126135(WS.10).aspx

[ How does NCSI check Internet connectivity ? ]

NCSI checks Internet connectivity by using two methods.

1.  GET ncsi.txt file via HTTP and check the string in that file

access to http://www.msftncsi.com/ncsi.txt and check ncsi.txt containing “Microsoft NCSI”

perform DNS lookup for www.msftncsi.com
access to www.msftncsi.com and GET ncsi.txt and then check ncsi.txt containing “Microsoft NCSI”

performs DNS lookup

# dig @DNSServer www.msftncsi.com ; <<>> DiG 9.8.0-P1 <<>> @DNSServer www.msftncsi.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24246 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.msftncsi.com.              IN      A ;; ANSWER SECTION: www.msftncsi.com.       2103    IN      CNAME   newncsi.glbdns.microsoft.com. newncsi.glbdns.microsoft.com. 300 IN    CNAME   ncsi.glbdns.microsoft.com. ncsi.glbdns.microsoft.com. 300  IN      A       207.46.61.90

access to www.msftncsi.com

# wget http://www.msftncsi.com/ncsi.txt

check that file containing “Microsoft NCSI”

# cat ncsi.txt Microsoft NCSI#

There are no line terminators in this file.

# file ncsi.txt ncsi.txt: ASCII text, with no line terminators

2.  perfom DNS resolution and check the answer

performs DNS look up for dns.msftncsi.com and confirm whether the IP matches 131.107.255.255 or not.
If the IP matches 131.107.255.255 , NCSI determines that your PC has correct Internet connectivity.
If not , NSCI determines  your PC has wrong Internet connectivity.

DNS lookup for dns.msfncsi.com

# dig @DNSServer dns.msftncsi.com ; <<>> DiG 9.8.0-P1 <<>> @DNSServer dns.msftncsi.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16747 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dns.msftncsi.com.              IN      A ;; ANSWER SECTION: dns.msftncsi.com.       30      IN      A       131.107.255.255

[ if NCSI probing fails ]

On “Windows button -> Control Panel -> Network and Internet -> Network and Sharing Center” ,
You will see red X mark between network and internet icon as below.

Note that this situation will happen even though your PC has actually internet connectivity.

For example:

- can’t resolve DNS lookup for www.msftncsi.com - can’t get right cnsi.txt ( www.msftncsi.com/ncsi.txt ) - can’t get the correct DNS reply ( dns.msftncsi.com =131.107.255.255 )

If you have internet connectivity for sure , but see the above red X mark , try the followings.

- turn off Anti Virus tool if you have installed it - perform DNS lookup for dns.msftncsi.com with nslookup command - check ncsi.txt containing “Miscosoft NCSI” into that file manually using CLI or something

[ How to turn off NCSI probing ]

regedit ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

To disable this functions , set EnableActiveProbing to 0
Default value is 1 ( enabled probing )

[ How frequently does NCSI probe ? ]

I built fake www.msftncsi.com to check NCSI probing interval.

|------------ internet Client – SW ---- DNS                 |---- fake Web server ( Apache respond to ncsi.txt containing “M$” )

- Client performs DNS lookup for www.msftncsi.com
- DNS returns the fake web server’s address
 Except for www.msftncsi.com query , DNS returns correct answers.
- Client accesses to the fake Web server
- fake web server respond to ncsi.txt
- NCSI determines there’s no internet connectivity even though there’s internet connectivity.

the content of nsci.txt

# cat /var/www/ncsi.txt M$

M$ not MS :)

NCSI probing misunderstands my PC does not have Internet connectivity even though there’s Internet connectivity.

Here’s an access.log of fake web server.
Seen from access.log , polling interval does not seem to be fixed.

23:27:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:28:23 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:28:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:29:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:30:43 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:32:33 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:34:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:38:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:44:13 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:52:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 279 "-" "Microsoft NCSI"

I don’t like this function :(