Author Topic: Avast Update Problems  (Read 24798 times)

0 Members and 1 Guest are viewing this topic.

PCSSL

  • Guest
Avast Update Problems
« on: February 09, 2007, 01:19:29 AM »
I was working at a customer's workplace yesterday who have been complaining about popups from avast after a few minutes of starting the computer, and throughout the day, saying the updates could not be downloaded.

There are approx 15 pc's all running avast, it has been installed but had not been updating at all for about 2 years. We manually installed 4.7, which brought the connection falure popups.

We spent a while trying to figure it out.

While avast is searching for an update, avast.setup runs in proceses. If you try run an update while it is running, or try change certain settings - avast will hang for 5-10 minutes, then it would come up with the error saying avast could not update. As soon as that popped up though, the updates would install.

The problem is that we can not get it to download automatically. Obviously asking someone in the building to manually update 15 computers, and the fact that it hangs and takes 5-10 minutes for each computer - isn't really possible.

We NEED it to be automatic.

We checked all proxy settings and they are all correct, in both avast and internet explorer.
We tried auto detect, and manually entering them - with no luck.

We ran tracert to the avast update site - what we found is that it connected with the business's server fine, but a few connections later (number 5) it timed out - yet still carried on and ended up connecting with the avast servers...

The avast servers file seems to be fine, and contains addresses of a bunch of servers.

I will try and find the error message being logged, my workmate wrote it down.

I did a search on it yesterday and found a lot of threads talking about proxy settings, but everything is configured correctly.

I am wondering if they are going to an off site server to do with the business which doesnt like avast?

Cheers

Hansch

  • Guest
Re: Avast Update Problems
« Reply #1 on: February 09, 2007, 04:18:00 PM »
I have also problems with Avast not connecting to the update server through a proxy (MS ISA SERVER). All settings - automatic, NTLM authentication or with a known good username and password do not work. It is a recent problem, and it probably has to do with changes in Avast or the update servers.


This is part of the log:


06.02.2007 17:53:03 package: GetPackages - set proxy for inet
06.02.2007 17:53:03 internet: SYNCER: Proxy company-dell-server:8080
06.02.2007 17:53:03 internet: SYNCER: Type: standard HTTP proxy (rfc2616,2617)
06.02.2007 17:53:03 internet: SYNCER: Auth: no authentication
06.02.2007 17:53:03 internet: SYNCER: Proxy l/p: internet/***
06.02.2007 17:53:03 general: InvalidateCurrent: invalidated server 'Download59 AVAST server' from 'main'
06.02.2007 17:53:03 general: SelectCurrent: selected server 'Download80 AVAST server' from 'main'
06.02.2007 17:53:03 package: GetPackages - set proxy for inet
06.02.2007 17:53:03 internet: SYNCER: Proxy company-dell-server:8080
06.02.2007 17:53:03 internet: SYNCER: Type: standard HTTP proxy (rfc2616,2617)
06.02.2007 17:53:03 internet: SYNCER: Auth: no authentication
06.02.2007 17:53:03 internet: SYNCER: Proxy l/p: internet/***
06.02.2007 17:53:03 general: InvalidateCurrent: invalidated server 'Download80 AVAST server' from 'main'
06.02.2007 17:53:03 general: SelectCurrent: selected server 'Download72 AVAST server' from 'main'
06.02.2007 17:53:03 package: GetPackages - set proxy for inet
06.02.2007 17:53:03 internet: SYNCER: Proxy company-dell-server:8080
06.02.2007 17:53:03 internet: SYNCER: Type: standard HTTP proxy (rfc2616,2617)
06.02.2007 17:53:03 internet: SYNCER: Auth: no authentication
06.02.2007 17:53:03 internet: SYNCER: Proxy l/p: internet/***
06.02.2007 17:53:03 general: InvalidateCurrent: invalidated server 'Download72 AVAST server' from 'main'
06.02.2007 17:53:03 general: SelectCurrent: selected server 'Download3 AVAST server' from 'main'
06.02.2007 17:53:03 package: GetPackages - set proxy for inet
06.02.2007 17:53:03 internet: SYNCER: Proxy company-dell-server:8080
06.02.2007 17:53:03 internet: SYNCER: Type: standard HTTP proxy (rfc2616,2617)
06.02.2007 17:53:03 internet: SYNCER: Auth: no authentication
06.02.2007 17:53:03 internet: SYNCER: Proxy l/p: internet/***
06.02.2007 17:53:03 general: InvalidateCurrent: invalidated server 'Download3 AVAST server' from 'main'
06.02.2007 17:53:03 general: SelectCurrent: unable to find any suitable server in 'main'
06.02.2007 17:53:03 general: progress end - 0
06.02.2007 17:53:03 general: progress thread end



Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Avast Update Problems
« Reply #2 on: February 10, 2007, 01:13:30 PM »
How about a firewall? Maybe it's blocking avast.setup from connecting to the servers?
The executable (avast.setup) changes from one version to another, so if the firewall stores a hash of the executable, it would detect a change and possibly block the access, even if it was allowed previously...

maleas

  • Guest
Re: Avast Update Problems
« Reply #3 on: May 22, 2007, 08:36:22 AM »
Hello all,

I can confirm this behaviour. Running avast home (free) for a couple of years, the problems just started this year. Seems like something has changed in the way automatic update works, just like PCSSL suggested. I will provide more info below:

NOTE that the setup mentioned below has *not* changed for the last 4 years. Plus, avast was operating just fine till the end of 2006, with regard to updates

* No personal firewalls are installed at all, on all lan computers. Most are Windows XP/2000 boxes, some Win98 boxes are around as well
* Proxy in the avast is set to "use internet explorer settings" (we use WPAD, web proxy autodiscovery protocol, for setting proxy ip and port)
* Access to the internet is provided by a dedicated proxy/firewall system. No access at all is allowed from to LAN to Internet
* All access to the Internet happens through the dedicated proxy/firewall system. That is (a) DNS requests (all lan pcs use the proxy/firewall as DNS server) and (b) HTTP/FTP access
* The proxy used is Squid 2.6.12+, running on port 3128 of the firewall
* In the web shield on some of the lan systems (not all) I have also included port 3128 in order for traffic via proxy to be scanned as well
* Automatic update fails consistently, the red informational window appears.
* Now the funny thing is that when the update fails, selecting manually Update -> Program Update (or VPS update) works like a charm!

I have enabled a debug-level logging in order to produce more results. Really hope this problem can be resolved, I'm too happy with avast to switch to something else.

In the meantime, pls do ask me if there is some more information I can provide.
« Last Edit: May 22, 2007, 09:32:17 AM by maleas »

maleas

  • Guest
Re: Avast Update Problems
« Reply #4 on: May 22, 2007, 09:45:52 AM »
In continuation of my previous email, pls find attached some logs

Log from a failed automatic update:
Code: [Select]
22.05.2007 09:39:18.000 1179815958 general Started: 22.05.2007, 09:39:18
22.05.2007 09:39:18.000 1179815958 general Running setup_av_pro-3e9 (1001)
22.05.2007 09:39:18.000 1179815958 system Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
22.05.2007 09:39:18.000 1179815958 system Computer WinName: PC3
22.05.2007 09:39:18.000 1179815958 system Windows Net User: SYSTEM
22.05.2007 09:39:18.000 1179815958 general Cmdline: /downloadpkgs /noreboot /updatenews /verysilent /nolog /limitcpu 
22.05.2007 09:39:18.000 1179815958 general DldSrc set to inet
22.05.2007 09:39:18.000 1179815958 general Operation set to INST_OP_UPDATE_GET_PACKAGES
22.05.2007 09:39:18.000 1179815958 general Old version: 3e9 (1001)
22.05.2007 09:39:18.000 1179815958 general SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
22.05.2007 09:39:18.000 1179815958 system Computer DnsName: PC3
22.05.2007 09:39:18.000 1179815958 system Computer Ip Addr: 192.168.0.150
22.05.2007 09:39:18.000 1179815958 internet SYNCER: Type: use IE settings
22.05.2007 09:39:18.000 1179815958 internet SYNCER: Auth: another authentication, use WinInet
22.05.2007 09:39:18.000 1179815958 package Part prg_av_pro-3e9 is installed
22.05.2007 09:39:18.000 1179815958 package Part vps-74200 is installed
22.05.2007 09:39:18.000 1179815958 package Part news-4b is installed
22.05.2007 09:39:18.000 1179815958 package Part setup_av_pro-3e9 is installed
22.05.2007 09:39:18.000 1179815958 package Part jrog-6 is installed
22.05.2007 09:39:18.000 1179815958 general Old version: 3e9 (1001)
22.05.2007 09:39:19.000 1179815959 file SetExistingFilesBitmap: 1024->145->145
22.05.2007 09:39:19.000 1179815959 general GUID: 0b772745-2fb4-44a5-b08f-60054c63fd14
22.05.2007 09:39:19.000 1179815959 general Server definition(s) loaded for 'main': 125 (maintenance:0)
22.05.2007 09:39:19.000 1179815959 general SelectCurrent: selected server 'Download90 AVAST server' from 'main'
22.05.2007 09:39:19.000 1179815959 package GetPackages - set proxy for inet
22.05.2007 09:39:19.000 1179815959 internet SYNCER: Type: use IE settings
22.05.2007 09:39:19.000 1179815959 internet SYNCER: Auth: another authentication, use WinInet
22.05.2007 09:39:41.000 1179815981 package ERROR:HttpGetWininet, catch returned 0x00002EFD
22.05.2007 09:40:02.000 1179816002 package ERROR:HttpGetWininet, catch returned 0x00002EFD
22.05.2007 09:40:02.000 1179816002 general InvalidateCurrent: invalidated server 'Download90 AVAST server' from 'main'
22.05.2007 09:40:02.000 1179816002 general SelectCurrent: selected server 'Download2 AVAST server' from 'main'
22.05.2007 09:40:02.000 1179816002 package GetPackages - set proxy for inet
22.05.2007 09:40:02.000 1179816002 internet SYNCER: Type: use IE settings
22.05.2007 09:40:02.000 1179816002 internet SYNCER: Auth: another authentication, use WinInet
22.05.2007 09:40:24.000 1179816024 package ERROR:HttpGetWininet, catch returned 0x00002EFD
22.05.2007 09:40:24.000 1179816024 general InvalidateCurrent: invalidated server 'Download2 AVAST server' from 'main'

[snip: avast tries to check a whole lot more update servers with the same results]

22.05.2007 10:26:53.000 1179818813 general SelectCurrent: selected server 'Download46 AVAST server' from 'main'
22.05.2007 10:26:53.000 1179818813 package GetPackages - set proxy for inet
22.05.2007 10:26:53.000 1179818813 internet SYNCER: Type: use IE settings
22.05.2007 10:26:53.000 1179818813 internet SYNCER: Auth: another authentication, use WinInet
22.05.2007 10:27:16.000 1179818836 package ERROR:HttpGetWininet, catch returned 0x00002EFD
22.05.2007 10:27:16.000 1179818836 general InvalidateCurrent: invalidated server 'Download46 AVAST server' from 'main'
22.05.2007 10:27:16.000 1179818836 general SelectCurrent: selected server 'Download202 AVAST server' from 'main'
22.05.2007 10:27:16.000 1179818836 package GetPackages - set proxy for inet
22.05.2007 10:27:16.000 1179818836 internet SYNCER: Type: use IE settings
22.05.2007 10:27:16.000 1179818836 internet SYNCER: Auth: another authentication, use WinInet
22.05.2007 10:27:39.000 1179818859 package ERROR:HttpGetWininet, catch returned 0x00002EFD
22.05.2007 10:27:39.000 1179818859 general InvalidateCurrent: invalidated server 'Download202 AVAST server' from 'main'
22.05.2007 10:27:39.000 1179818859 general SelectCurrent: unable to find any suitable server in 'main'
22.05.2007 10:27:39.000 1179818859 internet tried 125 servers to get file 'servers.def.vpu', but failed (0x20000004)
22.05.2007 10:27:39.000 1179818859 file GetNewerStampedFile:GetFileWithRetry failed: F:\TEMP\_av_proI.tm~a03900\onefile, servers.def.vpu, error: 0x20000004
22.05.2007 10:27:39.000 1179818859 package Download servers.def, servers.def.vpu failed with error 0x20000004.
22.05.2007 10:28:01.000 1179818881 package ERROR:HttpGetWininet, catch returned 0x00002EFD
22.05.2007 10:28:22.000 1179818902 package ERROR:HttpGetWininet, catch returned 0x00002EFD
22.05.2007 10:28:22.000 1179818902 general InvalidateCurrent: invalidated server 'Download202 AVAST server' from 'main'
22.05.2007 10:28:22.000 1179818902 general SelectCurrent: unable to find any suitable server in 'main'
22.05.2007 10:28:22.000 1179818902 internet tried 1 servers to get file 'servers.def', but failed (0x20000004)
22.05.2007 10:28:22.000 1179818902 file GetNewerStampedFile:GetFileWithRetry failed: F:\TEMP\_av_proI.tm~a03900\onefile, servers.def, error: 0x20000004
22.05.2007 10:28:22.000 1179818902 package Tried to download servers.def but failed with error 0x20000004.
22.05.2007 10:28:22.000 1179818902 general Err:Cannot connect to download202.avast.com (75.126.120.196:80).
22.05.2007 10:28:22.000 1179818902 package Transferred files: 0
22.05.2007 10:28:22.000 1179818902 package Transferred bytes: 0
22.05.2007 10:28:22.000 1179818902 package Transfer time: 0 ms
22.05.2007 10:28:22.000 1179818902 file NeedReboot=false
22.05.2007 10:28:22.000 1179818902 general Return code: 0x20000004 [Cannot connect to download202.avast.com (75.126.120.196:80).]
22.05.2007 10:28:22.000 1179818902 general Stopped: 22.05.2007, 10:28:22

And this is a log of a successful check/update operation, by manually selecting update from the avast icon:
Code: [Select]
22.05.2007 10:35:20.000 1179819320 general Started: 22.05.2007, 10:35:20
22.05.2007 10:35:20.000 1179819320 general Running setup_av_pro-3e9 (1001)
22.05.2007 10:35:20.000 1179819320 system Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
22.05.2007 10:35:20.000 1179819320 system Computer WinName: PC3
22.05.2007 10:35:20.000 1179819320 system Windows Net User: PC3\xxxx
22.05.2007 10:35:20.000 1179819320 general Cmdline: /stopstat /silent /noreboot 
22.05.2007 10:35:20.000 1179819320 general Operation set to INST_OP_[16]
22.05.2007 10:35:20.000 1179819320 general Old version: 3e9 (1001)
22.05.2007 10:35:20.000 1179819320 general SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
22.05.2007 10:35:20.000 1179819320 internet SYNCER: Type: use IE settings
22.05.2007 10:35:20.000 1179819320 internet SYNCER: Auth: another authentication, use WinInet
22.05.2007 10:35:20.000 1179819320 package Part prg_av_pro-3e9 is installed
22.05.2007 10:35:20.000 1179819320 package Part vps-74200 is installed
22.05.2007 10:35:20.000 1179819320 package Part news-4b is installed
22.05.2007 10:35:20.000 1179819320 package Part setup_av_pro-3e9 is installed
22.05.2007 10:35:20.000 1179819320 package Part jrog-6 is installed
22.05.2007 10:35:20.000 1179819320 general Old version: 3e9 (1001)
22.05.2007 10:35:21.000 1179819321 package Transferred files: 0
22.05.2007 10:35:21.000 1179819321 package Transferred bytes: 0
22.05.2007 10:35:21.000 1179819321 package Transfer time: 0 ms
22.05.2007 10:35:21.000 1179819321 file NeedReboot=false
22.05.2007 10:35:21.000 1179819321 general Return code: 0x20000001 [Nothing done]
22.05.2007 10:35:21.000 1179819321 general Stopped: 22.05.2007, 10:35:21

One note: as you can see, when the automatic update runs, it runs under the SYSTEM account, whereas when the user manually starts the update process, it seems (not sure here, you are the experts here) that it runs under the specific user account that started the update process.

So I was wondering, whether this is the same mechanism as used by avast say 8 months ago, because before that time it worked just fine.

Anyways, hope these help. If you need more information pls do not hesitate to ask me.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast Update Problems
« Reply #5 on: May 23, 2007, 04:17:56 AM »
So I was wondering, whether this is the same mechanism as used by avast say 8 months ago, because before that time it worked just fine.
The only difference between manual and auto updates is that in the former case, avast.setup is spawned directly by the application from which you invoked the update. In the auto-update case, however, avast.setup is executed by ashServ.exe, the avast service. The service runs under the LocalSystem account, i.e. not under the account you're currently loggen on.

In old versions, all avast.setup's were being executed by aswUpdSv.exe - the 'avast iAVS4 Control Service'. In build 4.7.357, this service lost much of its importance and is used only when invoking manual updates from non-administrative accounts...

avast.setup changes with every program update. That is, its MD5 checksum changes as well... You need to tell the firewall that you don't want to check the MD5 of this file, or at least update the stored MD5 hash to the one of the latest version.

For info about the IP addresses, please refer to the FAQ: http://www.avast.com/i_kat_81.html#idt_1366
The best things in life are free.

maleas

  • Guest
Re: Avast Update Problems
« Reply #6 on: May 23, 2007, 07:43:21 AM »
The only difference between manual and auto updates is that in the former case, avast.setup is spawned directly by the application from which you invoked the update. In the auto-update case, however, avast.setup is executed by ashServ.exe, the avast service. The service runs under the LocalSystem account, i.e. not under the account you're currently loggen on.

In old versions, all avast.setup's were being executed by aswUpdSv.exe - the 'avast iAVS4 Control Service'. In build 4.7.357, this service lost much of its importance and is used only when invoking manual updates from nonadministrative accounts...
Therefore, and if I understand correctly, what has changed over the last months is that in the automatic update case (which is the problematic one here), old versions of avast used the aswUpdSrv.exe service, whereas the newer versions utilize ashServ.exe for the same purpose.

The question in this case is: what became broken, with regard to auto-update, in the transition from aswUpdSrv.exe to ashServ.exe? IMHO this is a bug. How can this be filed as a bug for avast home, taking into account that I am an avast home free user? And can an even more verbose log be produced, to help the avast crew isolate this problematic behavior? Apologies for the questions, but manual update of the avast installations unfortunately is not an option.  :-\

Quote
avast.setup changes with every program update. That is, its MD5 checksum changes as well... You need to tell the firewall that you don't want to check the MD5 of this file, or at least update the stored MD5 hash to the one of the latest version.
Like I said in my first post here, there are no software firewalls installed (at least on most PCs that exhibit this odd problem). There is a central/"hardware" firewall and proxy combination, which I have installed and control as the network's administrator.

Last thing: as I said before, some LAN computers do update just fine. However I have yet not found what the systems with the problematic auto-update have in common  :-\
« Last Edit: May 23, 2007, 07:51:09 AM by maleas »

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Avast Update Problems
« Reply #7 on: May 23, 2007, 08:11:12 AM »
maleas

Quote
Last thing: as I said before, some LAN computers do update just fine. However I have yet not found what the systems with the problematic auto-update have in common

I cannot see where you gave this information before.  If you have a configuration where some of the machines do auto-update without problems and some do not then there is a clear need to identify the differences between the machines, for I'm sure you will agree - that logically there must be differences.

The error you are reporting, x2EFD, differs from the report of the original poster in this thread and has most recently been found to be associated with blocking of the machine in question from access to the network.  The most recent case was a block by a firewall.  I understand that you have told us that none of the machines have a software firewall but it would suggest a possible course of investigation between those machines that do auto-update and those that do not. 

maleas

  • Guest
Re: Avast Update Problems
« Reply #8 on: May 23, 2007, 09:22:18 AM »
Quote
Last thing: as I said before, some LAN computers do update just fine. However I have yet not found what the systems with the problematic auto-update have in common

I cannot see where you gave this information before.
You stand corrected, I had the false impression that I posted this piece of information in my previous posts...

Quote
If you have a configuration where some of the machines do auto-update without problems and some do not then there is a clear need to identify the differences between the machines, for I'm sure you will agree - that logically there must be differences.
I'd  agree, if

1) those same machines which now fail to auto-update, also failed to auto-update 6 months ago. This is not the case.

2) those same "problematic" machines failed also to manually update, which is also not the case.

Therefore, it feels as though this behaviour is strongly correlated to changes that might have taken place in the avast codebase over the course of the last 6-8 months...

Quote
The error you are reporting, x2EFD, differs from the report of the original poster in this thread and has most recently been found to be associated with blocking of the machine in question from access to the network.  The most recent case was a block by a firewall.  I understand that you have told us that none of the machines have a software firewall but it would suggest a possible course of investigation between those machines that do auto-update and those that do not. 
Stranger and stranger. If a software firewall was in place, I believe that blocking would affect both auto- as well as manual updating, iow both wouldn't work, which is not the case here.

I consider this to be an "interesting" problem (from a troubleshooter's point of view). Perhaps you could be so kind and continue this investigation with me? With any luck I'll be able to provide some more info to isolate this behaviour.

Key issue here is the way LAN PCs "find" the proxy/port to be used for Internet access. As I said this is provided automatically to client PCs via the WPAD protocol, which utilizes DHCP requests. It corresponds to the "Automatical detection" checkbox in control panel -> internet options -> Connections tab -> LAN options button. Plus, in all LAN PCs, Avast is configured to use "Auto Detect (use Internet Explorer Settings)".

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Avast Update Problems
« Reply #9 on: May 23, 2007, 11:08:23 AM »
Those who know me in this forum are very well aware that I have a "bee in my bonnet" on this update issue and yes, I do believe that the avast code is part of the problem.  By that I mean that there are conditions that cause problems to the the avast update process that the avast code could be more sensitive to or circumvent. 

We have seen a number of documented cases (quite a few now in this forum) where users experience regular failures of the automatic update but have no problems at all with a manual update.  These issues go back more than the few months you are considering.  We have also seen cases were users are unable to perform automatic or manual updates.   

If I were to characterize the responses they have been:

1) network configuration errors by the user
2) firewall configuration errors by the user
3) firewall updates blocking where they did not previously
4) updated avast programs no longer being permitted access by a firewall
5) suggestions that write access to the system defined temporary directory was not permitted

There are documented cases where problems 1-4 have been proved.  They become part of the folklore.  There have also been instances where uninstalling avast and re-installing seem to have removed the problem and where uninstalling and re-installing a firewall have been effective.  They were probably all examples of problems 1-4.  One interesting recent case was one where the firewall was restricting svchost service network access.  This was preventing certain DNS inquiries and, once permitted, the user reported that avast automatic updates functioned normally again.   

I cannot think of any case of (5) that I have ever believed was provable and several cases where it beggared belief.

There have been instances that are also (at least to a degree) chronic.  That is they occur for a while and  then the problem disappears.  I can think of one user who has reported the problem occurring, going away, coming back and then, alas, we heard no more from the user.  Maybe it went away or maybe he did.

I was able to find one reproducible instance with one of the folks I support.  This has become known as the "Microsoft Tuesday" issue where it appears that the Microsoft Automatic Windows update process can impair the ability of avast to perform its automatic update at startup.  This appears to more apparent when Microsoft updates are being distributed and when Microsoft is restricting access to its servers to prevent overload to them.  In this case the symptoms reported by avast always indicate a failure to write to the Windows defined temporary file directory.  We found that disabling the Windows Automatic Update service completely alleviated the problem for the avast automatic update at startup.   In the last case recently reported in this forum the user was asked to disable the Windows Automatic Update service.  Once that was done the avast automatic update at startup proceeded normally.   As soon as the Windows Automatic Update service was restored the avast automatic update at startup failed again. Unfortunately the user made the choice to switch to AVG rather than continue to investigate the problem.

I think that summarizes what I know of the problem.  It has not proved an easy one to track down and , not surprisingly, quite a few of the users who have experienced the issue do not have the time, interest or patience to work on diagnosis of the problem. 

I rather suspect there may be more than one contributing factor here, but it would be good to eliminate any that we can. I also believe that the avast development team demonstrate a healthy skepticism that any problem exists in the automatic update process that I confess I find frustrating - so there may not be much input from them on problem isolation.
« Last Edit: May 23, 2007, 11:10:54 AM by alanrf »

maleas

  • Guest
Re: Avast Update Problems
« Reply #10 on: May 23, 2007, 12:11:37 PM »
First and foremost, my sincere gratitude for your exemplary written and informative post! Being in tech support myself, I regret to admit that it is not every day that I see answers to bug reports/tickets of mine, of the same high level, even in paid services!

In the context of the specific problem I am experiencing now:

If I were to characterize the responses they have been:

1) network configuration errors by the user
2) firewall configuration errors by the user
3) firewall updates blocking where they did not previously
4) updated avast programs no longer being permitted access by a firewall
5) suggestions that write access to the system defined temporary directory was not permitted
Nice categorization and a solid one. (2) and/or (3) would be a definite possibility, if also manual update failed.

Quote
I was able to find one reproducible instance with one of the folks I support.  This has become known as the "Microsoft Tuesday" issue where it appears that the Microsoft Automatic Windows update process can impair the ability of avast to perform its automatic update at startup.  This appears to more apparent when Microsoft updates are being distributed and when Microsoft is restricting access to its servers to prevent overload to them.  In this case the symptoms reported by avast always indicate a failure to write to the Windows defined temporary file directory.  We found that disabling the Windows Automatic Update service completely alleviated the problem for the avast automatic update at startup.   In the last case recently reported in this forum the user was asked to disable the Windows Automatic Update service.  Once that was done the avast automatic update at startup proceeded normally.   As soon as the Windows Automatic Update service was restored the avast automatic update at startup failed again. Unfortunately the user made the choice to switch to AVG rather than continue to investigate the problem.
An interesting scenario and one I must add to the "test" cases I have in mind.

Quote
I think that summarizes what I know of the problem.  It has not proved an easy one to track down and , not surprisingly, quite a few of the users who have experienced the issue do not have the time, interest or patience to work on diagnosis of the problem. 
Indeed, I also believe the "update problem" can have a large number of different factors.

Quote
I rather suspect there may be more than one contributing factor here, but it would be good to eliminate any that we can. I also believe that the avast development team demonstrate a healthy skepticism that any problem exists in the automatic update process that I confess I find frustrating - so there may not be much input from them on problem isolation.

You have certainly provided me with a number of additional pointers to check for. Being stubborn as mule myself, I loathe giving up on a problem of this magnitude. Taking into account avast's positive facets, I prefer to work the problem through, instead of giving up. Uninstalling is an easy way out for many users, personally I consider it to be the equivalent of a nuke :)

I'm getting some packet captures from the firewall rig, to check what a problematic pc is sending. Plus, checking the different avast update options (direct/ie settings/manual specification) in order to narrow down the contributing factors.

Thank you once more and I hope we can continue this discussion with more data in hands.

maleas

  • Guest
Scenario 1
« Reply #11 on: May 23, 2007, 01:01:27 PM »
Ok, seems like I have some more data, that tend to point towards proxy settings used for the auto-update. In all the following, the same Windows XP SP2-equipped for the tests employed, to alleviate the possibility of different system configurations. Two scenarios are examined. Since there seems to be a maximum post length I will split these scenarios to different posts.

Scenario 1
=======
* Internet Options in the control panel are set to "Automatically detect Internet Explorer Settings". The WPAD protocol is used for the PC to discover the ip address and port of the LAN proxy server.

* In the avast options, the proxy is set to "Use Internet Explorer Settings" (hence, WPAD is used as well)

* File c:\program files\alwil software\avast4\setup\setup.ini contains the following portion with regard to proxy used:
Code: [Select]
[Common]
Tooltip=b?MTE3MDgzOTc1Mw==
ZeroFootprint=0
NetAcc=1
NetIP=gw.our.domain
NetPort=3128
NetUser=
NetPwd=
IMPORTANT NOTES:
1) NetAcc=1 above corresponds to use Internet Options from the Windows control panel.

2) There is also another file, data\avast4.ini which also has references to proxy. In that other file, no matter which choice I select for proxy, the following lines remain constant:
Code: [Select]
[...]
[Common]
[...]
ProxySettings=Autodetect
ProxyAddress=
ProxyPort=0
Don't know what this file is for.

With the previous in place, I get failed auto-update attempts as follows:
Code: [Select]
23.05.2007 09:34:03.000 1179902043 general Started: 23.05.2007, 09:34:03
23.05.2007 09:34:03.000 1179902043 general Running setup_av_pro-3e9 (1001)
23.05.2007 09:34:03.000 1179902043 system Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
23.05.2007 09:34:03.000 1179902043 system Computer WinName: USERX
23.05.2007 09:34:03.000 1179902043 system Windows Net User: SYSTEM
23.05.2007 09:34:03.000 1179902043 general Cmdline: /downloadpkgs /noreboot /updatenews /verysilent /nolog /limitcpu 
23.05.2007 09:34:03.000 1179902043 general DldSrc set to inet
23.05.2007 09:34:03.000 1179902043 general Operation set to INST_OP_UPDATE_GET_PACKAGES
23.05.2007 09:34:03.000 1179902043 general Old version: 3e9 (1001)
23.05.2007 09:34:04.000 1179902044 general SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
23.05.2007 09:34:04.000 1179902044 system Computer DnsName: USERX
23.05.2007 09:34:04.000 1179902044 system Computer Ip Addr: 192.168.0.248
23.05.2007 09:34:04.000 1179902044 internet SYNCER: Type: use IE settings
23.05.2007 09:34:04.000 1179902044 internet SYNCER: Auth: another authentication, use WinInet
23.05.2007 09:34:04.000 1179902044 package Part prg_av_pro-3e9 is installed
23.05.2007 09:34:04.000 1179902044 package Part vps-74200 is installed
23.05.2007 09:34:04.000 1179902044 package Part news-4b is installed
23.05.2007 09:34:04.000 1179902044 package Part setup_av_pro-3e9 is installed
23.05.2007 09:34:04.000 1179902044 package Part jrog-5 is installed
23.05.2007 09:34:04.000 1179902044 general Old version: 3e9 (1001)
23.05.2007 09:34:14.000 1179902054 file SetExistingFilesBitmap: 1024->145->145
23.05.2007 09:34:14.000 1179902054 general GUID: cd26144a-e208-4014-82ae-a705be6769d0
23.05.2007 09:34:15.000 1179902055 general Server definition(s) loaded for 'main': 125 (maintenance:0)
23.05.2007 09:34:15.000 1179902055 general SelectCurrent: selected server 'Download34 AVAST server' from 'main'
23.05.2007 09:34:15.000 1179902055 package GetPackages - set proxy for inet
23.05.2007 09:34:15.000 1179902055 internet SYNCER: Type: use IE settings
23.05.2007 09:34:15.000 1179902055 internet SYNCER: Auth: another authentication, use WinInet
23.05.2007 09:34:30.000 1179902070 package ERROR:HttpGetWininet, catch returned 0x00002EFD
23.05.2007 09:34:31.000 1179902071 package ERROR:HttpGetWininet, catch returned 0x00002EFD
23.05.2007 09:34:31.000 1179902071 general InvalidateCurrent: invalidated server 'Download34 AVAST server' from 'main'
23.05.2007 09:34:31.000 1179902071 general SelectCurrent: selected server 'Download91 AVAST server' from 'main'
23.05.2007 09:34:31.000 1179902071 package GetPackages - set proxy for inet
23.05.2007 09:34:31.000 1179902071 internet SYNCER: Type: use IE settings
23.05.2007 09:34:31.000 1179902071 internet SYNCER: Auth: another authentication, use WinInet
23.05.2007 09:34:33.000 1179902073 package ERROR:HttpGetWininet, catch returned 0x00002EFD
23.05.2007 09:34:33.000 1179902073 general InvalidateCurrent: invalidated server 'Download91 AVAST server' from 'main'
23.05.2007 09:34:33.000 1179902073 general SelectCurrent: selected server 'Download33 AVAST server' from 'main'
23.05.2007 09:34:33.000 1179902073 package GetPackages - set proxy for inet
23.05.2007 09:34:33.000 1179902073 internet SYNCER: Type: use IE settings
23.05.2007 09:34:33.000 1179902073 internet SYNCER: Auth: another authentication, use WinInet
23.05.2007 09:34:36.000 1179902076 package ERROR:HttpGetWininet, catch returned 0x00002EFD
23.05.2007 09:34:36.000 1179902076 general InvalidateCurrent: invalidated server 'Download33 AVAST server' from 'main'
23.05.2007 09:34:36.000 1179902076 general SelectCurrent: selected server 'Download42 AVAST server' from 'main'
23.05.2007 09:34:36.000 1179902076 package GetPackages - set proxy for inet
23.05.2007 09:34:36.000 1179902076 internet SYNCER: Type: use IE settings
23.05.2007 09:34:36.000 1179902076 internet SYNCER: Auth: another authentication, use WinInet
23.05.2007 09:34:39.000 1179902079 package ERROR:HttpGetWininet, catch returned 0x00002EFD
23.05.2007 09:34:39.000 1179902079 general InvalidateCurrent: invalidated server 'Download42 AVAST server' from 'main'
23.05.2007 09:34:39.000 1179902079 general SelectCurrent: selected server 'Download52 AVAST server' from 'main'
23.05.2007 09:34:39.000 1179902079 package GetPackages - set proxy for inet
23.05.2007 09:34:39.000 1179902079 internet SYNCER: Type: use IE settings
23.05.2007 09:34:39.000 1179902079 internet SYNCER: Auth: another authentication, use WinInet
23.05.2007 09:34:42.000 1179902082 package ERROR:HttpGetWininet, catch returned 0x00002EFD
23.05.2007 09:34:42.000 1179902082 general InvalidateCurrent: invalidated server 'Download52 AVAST server' from 'main'


[...]

23.05.2007 09:40:45.000 1179902445 general SelectCurrent: unable to find any suitable server in 'main'
23.05.2007 09:40:45.000 1179902445 internet tried 125 servers to get file 'servers.def.vpu', but failed (0x20000004)
23.05.2007 09:40:45.000 1179902445 file GetNewerStampedFile:GetFileWithRetry failed: C:\WINDOWS\TEMP\_av_proI.tm~a02472\onefile, servers.def.vpu, error: 0x20000004
23.05.2007 09:40:45.000 1179902445 package Download servers.def, servers.def.vpu failed with error 0x20000004.
23.05.2007 09:40:46.000 1179902446 package ERROR:HttpGetWininet, catch returned 0x00002EFD
23.05.2007 09:40:47.000 1179902447 package ERROR:HttpGetWininet, catch returned 0x00002EFD
23.05.2007 09:40:47.000 1179902447 general InvalidateCurrent: invalidated server 'Download82 AVAST server' from 'main'
23.05.2007 09:40:47.000 1179902447 general SelectCurrent: unable to find any suitable server in 'main'
23.05.2007 09:40:47.000 1179902447 internet tried 1 servers to get file 'servers.def', but failed (0x20000004)
23.05.2007 09:40:47.000 1179902447 file GetNewerStampedFile:GetFileWithRetry failed: C:\WINDOWS\TEMP\_av_proI.tm~a02472\onefile, servers.def, error: 0x20000004
23.05.2007 09:40:47.000 1179902447 package Tried to download servers.def but failed with error 0x20000004.
23.05.2007 09:40:47.000 1179902447 general Err:Cannot connect to download82.avast.com (75.126.53.173:80).
23.05.2007 09:40:47.000 1179902447 package Transferred files: 0
23.05.2007 09:40:47.000 1179902447 package Transferred bytes: 0
23.05.2007 09:40:47.000 1179902447 package Transfer time: 0 ms
23.05.2007 09:40:47.000 1179902447 file NeedReboot=false
23.05.2007 09:40:47.000 1179902447 general Return code: 0x20000004 [Cannot connect to download82.avast.com (75.126.53.173:80).]
23.05.2007 09:40:47.000 1179902447 general Stopped: 23.05.2007, 09:40:47

maleas

  • Guest
Scenario 2
« Reply #12 on: May 23, 2007, 01:04:09 PM »
Scenario 2
========

* Internet Options in the control panel are set to "Automatically detect Internet Explorer Settings". The WPAD protocol is used for the PC to discover the ip address and port of the LAN proxy server. No change from scenario 1 in that respect.

* In the avast options, the proxy is set to manual specification of proxy, with a proxy name of "gw.our.domain

* File c:\program files\alwil software\avast4\setup\setup.ini contains the following portion with regard to proxy used:
Code: [Select]
[Common]
Tooltip=b?MTE3MDgzOTc1Mw==
ZeroFootprint=0
NetAcc=2
NetIP=gw.our.domain
NetPort=3128
NetUser=
NetPwd=
IMPORTANT NOTES:
1) NetAcc=2 above corresponds, from what I concur, to specifically use proxy gw.our.domain:3128

With the previous in place, I get the following:
Code: [Select]
23.05.2007 10:16:39.000 1179904599 general Started: 23.05.2007, 10:16:39
23.05.2007 10:16:39.000 1179904599 general Running setup_av_pro-3e9 (1001)
23.05.2007 10:16:39.000 1179904599 system Operating system: WindowsXP ver 5.1, build 2600, sp 2.0 [Service Pack 2]
23.05.2007 10:16:39.000 1179904599 system Computer WinName: USERX
23.05.2007 10:16:39.000 1179904599 system Windows Net User: SYSTEM
23.05.2007 10:16:39.000 1179904599 general Cmdline: /downloadpkgs /noreboot /updatevps /verysilent /tray /limitcpu 
23.05.2007 10:16:39.000 1179904599 general DldSrc set to inet
23.05.2007 10:16:39.000 1179904599 general Operation set to INST_OP_UPDATE_GET_PACKAGES
23.05.2007 10:16:39.000 1179904599 general Old version: 3e9 (1001)
23.05.2007 10:16:39.000 1179904599 general SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
23.05.2007 10:16:39.000 1179904599 system Computer DnsName: USERX
23.05.2007 10:16:39.000 1179904599 system Computer Ip Addr: 192.168.0.248
23.05.2007 10:16:39.000 1179904599 internet SYNCER: Proxy gw.our.domain:3128
23.05.2007 10:16:39.000 1179904599 internet SYNCER: Type: standard HTTP proxy (rfc2616,2617)
23.05.2007 10:16:39.000 1179904599 internet SYNCER: Auth: no authentication
23.05.2007 10:16:39.000 1179904599 package Part prg_av_pro-3e9 is installed
23.05.2007 10:16:39.000 1179904599 package Part vps-74200 is installed
23.05.2007 10:16:39.000 1179904599 package Part news-4b is installed
23.05.2007 10:16:39.000 1179904599 package Part setup_av_pro-3e9 is installed
23.05.2007 10:16:39.000 1179904599 package Part jrog-5 is installed
23.05.2007 10:16:39.000 1179904599 general Old version: 3e9 (1001)
23.05.2007 10:16:40.000 1179904600 file SetExistingFilesBitmap: 1024->145->145
23.05.2007 10:16:40.000 1179904600 general GUID: cd26144a-e208-4014-82ae-a705be6769d0
23.05.2007 10:16:40.000 1179904600 general Server definition(s) loaded for 'main': 125 (maintenance:0)
23.05.2007 10:16:40.000 1179904600 general SelectCurrent: selected server 'Download207 AVAST server' from 'main'
23.05.2007 10:16:40.000 1179904600 package GetPackages - set proxy for inet
23.05.2007 10:16:40.000 1179904600 internet SYNCER: Proxy gw.our.domain:3128
23.05.2007 10:16:40.000 1179904600 internet SYNCER: Type: standard HTTP proxy (rfc2616,2617)
23.05.2007 10:16:40.000 1179904600 internet SYNCER: Auth: no authentication
23.05.2007 10:16:41.000 1179904601 general Used server: http://download207.avast.com/iavs4x
23.05.2007 10:16:41.000 1179904601 general Server definition(s) loaded for 'main': 125 (maintenance:0)
23.05.2007 10:16:41.000 1179904601 general SelectCurrent: selected server 'Download100 AVAST server' from 'main'
23.05.2007 10:16:41.000 1179904601 package GetPackages - set proxy for inet
23.05.2007 10:16:41.000 1179904601 internet SYNCER: Proxy gw.our.domain:3128
23.05.2007 10:16:41.000 1179904601 internet SYNCER: Type: standard HTTP proxy (rfc2616,2617)
23.05.2007 10:16:41.000 1179904601 internet SYNCER: Auth: no authentication
23.05.2007 10:16:42.000 1179904602 general Used server: http://download100.avast.com/iavs4x
23.05.2007 10:16:42.000 1179904602 general Used server: http://download100.avast.com/iavs4x
23.05.2007 10:16:42.000 1179904602 package Load C:\Program Files\Alwil Software\Avast4\Setup\prod-av_pro.vpu
23.05.2007 10:16:42.000 1179904602 package LatestPartInfo: jrog = jrog-6
23.05.2007 10:16:42.000 1179904602 package LatestPartInfo: news = news-4b
23.05.2007 10:16:42.000 1179904602 package LatestPartInfo: program = prg_av_pro-3e9
23.05.2007 10:16:42.000 1179904602 package LatestPartInfo: setup = setup_av_pro-3e9
23.05.2007 10:16:42.000 1179904602 package LatestPartInfo: vps = vps-74201
23.05.2007 10:16:43.000 1179904603 general Used server: http://download100.avast.com/iavs4x
23.05.2007 10:16:43.000 1179904603 package Part vps-74201 was set to be installed
23.05.2007 10:16:43.000 1179904603 package Removed obsolete file part-vps-74200.vpu
23.05.2007 10:16:43.000 1179904603 general Part of license key: W1181341H3600A1106
23.05.2007 10:16:43.000 1179904603 package FilterOutExistingFiles: 145 & 145 = 0
23.05.2007 10:16:43.000 1179904603 package FilterOutExistingFiles: 145 & 145 = 0
23.05.2007 10:16:43.000 1179904603 package IsFullOkay: vpsm-74201.vpu - not okay
23.05.2007 10:16:43.000 1179904603 package IsFullOkay: vpsm-74201.vpu - not okay
23.05.2007 10:16:43.000 1179904603 package IsFullOkay: vpsm-74201.vpu - not okay
23.05.2007 10:16:43.000 1179904603 package IsFullOkay: vpsm-74201.vpu - not okay
23.05.2007 10:16:44.000 1179904604 general Used server: http://download100.avast.com/iavs4x
23.05.2007 10:16:44.000 1179904604 package DldPackage: C:\Program Files\Alwil Software\Avast4\Setup\vpsm-74201.vpu, returned 0x00000000
23.05.2007 10:16:44.000 1179904604 package Removed obsolete file vpsm-74200.vpu
23.05.2007 10:16:57.000 1179904617 package vps: needs to be updated [074201]
23.05.2007 10:16:57.000 1179904617 package FilterOutExistingFiles: 145 & 145 = 0
23.05.2007 10:16:57.000 1179904617 package Transferred files: 5
23.05.2007 10:16:57.000 1179904617 package Transferred bytes: 21392
23.05.2007 10:16:57.000 1179904617 package Transfer time: 2765 ms
23.05.2007 10:16:58.000 1179904618 internet Sending stats 'http://download100.avast.com/cgi-bin/iavs4stats.cgi': 00000000 204
23.05.2007 10:16:58.000 1179904618 file NeedReboot=false
23.05.2007 10:16:58.000 1179904618 general Return code: 0x20000000 [Something done]
23.05.2007 10:16:58.000 1179904618 general Stopped: 23.05.2007, 10:16:58

That is the auto-update procedure on the same system is successful!

I will follow with a separate "conclusions (so-far)" post, to keep things tidy.

maleas

  • Guest
Re: Avast Update Problems
« Reply #13 on: May 23, 2007, 01:25:18 PM »
Conclusions so far:
1) The issue is not related to personal firewalls or the existence of the central firewall/proxy

2) The issue is (possibly) not related to the Windows update problem mentioned above.

My hunch is with the way avast code deals with Wininet and auto-proxy configuration. Being a non-programmer, I'll try to describe what I consider is going wrong. First though a mini explanation for this wpad thingie. There are a number of ways to configure a system/browser for a proxy server.

* The simplest is to specify the proxy address and port for each protocol you want to be proxied.

* The next more advanced way, is to use what is called Proxy configuration script. In this case, the browser/system is given the URL of a special javascript file. In order to select whether a connection should be direct or proxied and, in the latter case, which proxy:port should be used, the browser/system executes the javascript file in order to deduce what to do when given a URL to visit. Much more flexible option, yet the user still has to configure the system/browser with the URL of this proxy configuration file.

* And a yet more advanced way is via WPAD, web-proxy autodiscovery protocol. This utilizes the solution in the previous paragraph, automating the process of finding the URL of the proxy configuration file. The automation is performed via special DHCP and/DNS setup. More initial effort is required, but minimal intervention to client pc's is required. That is, only selecting "aytomatic proxy configuration" in internet options.

Windows (and IE/Firefox) can use either one of these three methods. In our case WPAD is used. I suppose that the way internet is accessed, when "use ie settings" in avast setup is selected, is somewhat abstracted. That is, regardless of the actual method to find the proxy:port used, in an ideal scenario avast would ask Win API for a file to be fetched and the Windows API would transparently utilize whichever method it is configured with, to just fetch the file.

Coupling the above mentioned observations with the fact that it has been some months since the auto-update (use ie settings) here is broken on some rigs, I'd say that this might be the area where avast code was changed, introducing this problematic behaviour in the process.

Really hope that what I've written above do make sense and, more importantly, *can* be utilized by alwil engineers to deduce the spot on the code that is responsible.

Feel free to contact me if I can provide more information. Like I said, I like toughies, it's so much more enjoyable when you "crack" one ;)
« Last Edit: May 23, 2007, 01:27:25 PM by maleas »

kubecj

  • Guest
Re: Avast Update Problems
« Reply #14 on: May 24, 2007, 01:29:49 PM »
In both cases, you're running setup under SYSTEM account.

If you use no-proxy or you manually specify proxy settings (using normal RFC obeying proxy), everything works.

If you have proxy which checks user credentials using NTLM (MS proprietary gizmo) it will refuse local SYSTEM account. Manual updates are running under your account and proxy will pass them.

I'd still stick to 'user's misconfiguration problems' for most cases of these problems, but I admit that our error messages and explanations are not as clear as they might be, but since there is many potential problems and we're just getting 'no connection' it's hard to be more specific.  :-\