When I click "check for new foobar2000 versions" I get "Update check failure: Network authentication error (80090326)"
When I click "check for updated components" I get "Could not check for updates: Network authentication error (80090326)"
I saw a reddit post (https://www.reddit.com/r/foobar2000/comments/f23ix9/as_of_this_evening_trying_to_check_for_updates_or/) with the same issue.
Does anybody else get the same error messages?
I'm using foobar2000 on Win 7.
Works fine for me.
I guess it can happen if you use some proxy or vpn.
I'm not using a proxy or VPN.
Windows 7 doesn't support TLS 1.2 by default which seems to now be required by the server. You can enable the feature by importing the attached reg file and rebooting.
Thank you very much for the reg fix, Case :)
I am using Windows 8 with a clean installation and I already use the regfix but I still have problems
Are you really still on Windows 8 and not on 8.1? TLS 1.2 should work by default on 8.1 at least once it's up-to-date. And no one should be on regular 8, wasn't it abandoned long ago?
Having this new problem myself on a Win7 64bit PC when checking for foobar2000 updates etc.
Oddly I have a WinXP VM running on the same PC with foobar2000 installed and that checked for the updates and help menu functions without any similar problem.
Where/how exactly do you have to import that registry file to fix the problem? Do you just have to use the "Merge" context menu option or does it need to be installed to a specific location?
The update check works on XP because foobar is coded not to use any encryption with the checks on that OS. The traffic goes through plain HTTP.
The default merge option is all you need to do to set the registry settings right. But it requires specific update to be present to function - I'd recommend just fully updating the OS to the last patch.
Thanks for the info.
My Win7 PC is already as up to date as it can be.
Raziel: there is a Microsoft Support article about this issue here: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi (https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi)
When executed, the reg file Case gave you will insert the Client entries mentioned at the end of the article under "Enable TLS 1.1 and 1.2 on Windows 7 at the SChannel component level." I'm assuming you have Windows 7 with SP1 applied. I do too (albeit 32-bit), and have no problems with the update checks with the fix applied.
I just noticed this issue on my Windows 7 PC as well... today...
I used the reg fix above and restarted my PC it seems to have worked... but I will note that under internet options --> advanced TLS 1.2 is enabled anyway.... strange....
I just noticed this issue on my Windows 7 PC as well... today...
I used the reg fix above and restarted my PC it seems to have worked... but I will note that under internet options --> advanced TLS 1.2 is enabled anyway.... strange....
Those settings are for Internet Explorer; web browsers have their own network protocol implementations that don't depend on the registry entries referenced above.
For me it was unfair to abandon Windows 8, it is a good system, the performance is a little higher than 8.1, In windows 8.1 the menus go a little slower, certain settings are not available but in Windows 8 I can access easily, and if We considered the RTM version of 8.1 worked very badly and you had to wait for some updates to be able to install certain libraries ... Windows 8 had a very short life and a strong criticism of users even more than Vista. That's why I still use Windows 8, and I don't use Windows 10 because of several compatibility issues, forced updates and telemetry stuff
I forgot to say that since Windows 8.1 removed some options of Windows update and privacy
Just to confirm: I added the TLS 1.2 registry fix and the foobar2000 updates check now working correctly on my Windows 7 64bit PC.
Thanks for the help and information provided here.
Cannot fix error on Windows 7 SP 1 (6.1.7601 x64)
Installed KB3140245 from Windows Catalog, added TLS 1.2 registry fix, rebooted, error still has not cleared.
I'm probably missing something else?
If you already installed KB3140245, also apply the "Easy Fix" referenced in the article--it has a "Download" button which should result in "MicrosoftEasyFix51044.msi" being downloaded to your PC, then execute that. This adds the "DefaultSecureProtocols" registry subkey.
Finally, check manually in your registry if the following two keys appear--these are different than the above, and are the ones contained in Case's attachment; they must be present for the authentication to work, and may have been blocked the first time by a permissions or AV issue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
DWORD name: DisabledByDefault
DWORD value: 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
DWORD name: DisabledByDefault
DWORD value: 0
Add manually if they are missing. Restart--back in business?
@sveakul I did all that before I posted. Both registry fixes have been applied and checked. I tried temporarily disabling the firewall as a way to check if it had any impact, it didn't. That's why I say there's maybe some other patch involved that this machine doesn't have applied.
That's why I say there's maybe some other patch involved that this machine doesn't have applied.
The only prerequisite the KB article mentions is necessary is SP1, which of course you have. I'm out of ideas on why you're still having the problem, maybe something farther upstream in your ISP is causing the issue.
Did you disable the following cipher suites in the registry by accident?
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Just because TLS 1.2 is enabled doesn't necessarily mean the secure handshake can be established.
I tried setting a custom SSL Cipher Suite Order though gpedit.msc > Administrative Templates > Network > SSL Configuration Settings, then turned SCHANNEL EventLogging to verbose
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"EventLogging"=dword:00000007
In the Event Viewer it seems the foobar2000 update check requests produce this event log:
An SSL client handshake completed successfully. The negotiated cryptographic parameters are as follows.
Protocol: TLS 1.1
CipherSuite: 0xc013
Exchange strength: 256
I couldn't figure out how the registry tree under SCHANNEL is supposed to look like (or how the hell it could have gotten broken). But I see keys Ciphers, CipherSuites, Hashes, KeyExchangeAlgorithms all empty, no subkeys or entries. This seems suspicious, I would expect to see stuff under here. If so, if anyone has a good configuration (Windows 7 SP1 x64) and is kind enough to share, maybe I could nab it?
Thanks for the help!
But I see keys Ciphers, CipherSuites, Hashes, KeyExchangeAlgorithms all empty, no subkeys or entries. This seems suspicious, I would expect to see stuff under here.
FWIW, those 4 keys are all empty on my system as well.
In the Event Viewer it seems the foobar2000 update check requests produce this event log:
An SSL client handshake completed successfully. The negotiated cryptographic parameters are as follows.
Protocol: TLS 1.1
CipherSuite: 0xc013
Exchange strength: 256
Don't think that's the connection to foobar2000.com/.org. According to SSL Labs the server doesn't support TLS 1.1, or the CipherSuite listed in the event log.
I've seen network appliances like F5's BIG-IP iSeries downgrade the TLS protocol so it's possible you have some kind of appliance/proxy that's preventing TLS 1.2 negotiation (assuming you truly do have it enabled).
A Wireshark capture might be the only definitive way to rule anything else out.
Oh hey, this was an old one. Years ago, I followed instructions to enable the new protocols that were added but 'disabled by default' in KB3140245 from 2016. Then, the instructions I read said to delete those keys entirely, instead of changing the disabled flag. I guess it either worked for a while or it worked never and I didn't test it properly. Thanks for the regpatch. FB2k needs to be restarted to apply it, obviously.
Windows 7 doesn't support TLS 1.2 by default which seems to now be required by the server. You can enable the feature by importing the attached reg file and rebooting.
Thank you so much! It worked!
I have the same problem. Foobar 1.5.2 and Windows 7_64 SP1 Home Premium
When I click "check for new foobar2000 versions" or "check for updated components" I get "Update check failure: Network authentication error (80090326)"
That's what i did:
Windows update kb3140245-x64 was installed
MicrosoftEasyFix51044 was applied
TLS_1.2.reg file (from Reply #3) with rebooting
but all without success
In the registry it looks like this now:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
DefaultSecureProtocols DWORD 0x00000a00 (2560)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
SecureProtocols DWORD 0x00000a80 (2688)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
DisabledByDefault DWORD 0 (0)
Please help who knows the solution
Install a supported version of Windows. I’d rather recommend that than anything else.
Version 1.5.1 seems to be behaving oddly for me. Updating components works fine, but when checking for new fb2k versions the progress window opens and immediately closes. There's no error message. I installed it as a portable version for checking. I didn't happen across a similar problem with my main fb2k install before upgrading to 1.5.2.
Ignore the above. 1.5.1 was opening a new browser tab when checking for an updated fb2k version and I didn't notice. Idiot of the day award goes to me.
1.5.1 is updating normally.
Version 1.5.2 is checking for component updates and new fb2k versions normally.
I'm running XP.
Don't get too cocky. If it's not capable of doing TLS 1.2, what else do you think it'll be doing instead? I'll leave you to mull that one over for a moment.
It's always opened a browser, or browser tab, to download the installer when there's a new fb2k version, hasn't it? I forgot to check because the browser didn't steal focus.
Don't get too cocky. If it's not capable of doing TLS 1.2, what else do you think it'll be doing instead? I'll leave you to mull that one over for a moment.
Are you wanting me to mull over fb2k successfully checking for component updates and downloading and installing them automatically, or is there some other mulling I should be doing? :)
I did have a Network authentication error (80090328) issue a year or so ago, but Peter fixed it.
https://hydrogenaud.io/index.php?topic=116601.0
Well, yes, it has. It also has to use the same API to update components. Thankfully, they're hashed and signed by the server, so you don't have to worry about them being transmitted in cleartext, like they always were before we rolled out TLS support. Maybe we should make Windows 7 do cleartext update interface as well, to make things easier for more people who are apparently otherwise prevented from installing Windows 10.
Refinement to replay #25
Immediately after installing Foobar 1.5.2 portable (into an empty folder), function "Chesk for updated components" works without error with message "No updatable components present".
Error 80090326 occurs after installing any additional component, for example foo_dsp_xgeq, and then checking for component updates.
"Check for new Foobar versions" works with error in any case.
What are your settings in Prefs/Networking? You may be dealing with some proxy issue and/or Windows permissions. I run Foobar 1.5.2 portable out of C:\Foobar, and never had any updating issues after applying Case's patch. I am using Windows 7 SP1 32-bit, and I do not use UAC.
Prefs/Networking = No proxy
UAC disabled
Foobar 1.3.2 works with such settings, and versions 1.4.0, 1.4.8 and 1.5.2 give an error
1.4.0 was the first to start enforcing HTTPS. You're welcome to keep using 1.3.2 forever, I guess. But most of my components won't serve updates to you, even if they do work with 1.3.
I can use the latest available version (now it's 1.5.2) and update manually. At the same time version 1.3.2 portable can be used to check for updates.
Сan't find anything better.
Windows 7 doesn't support TLS 1.2 by default which seems to now be required by the server. You can enable the feature by importing the attached reg file and rebooting.
Awesome, thx for the help, worked like a charm (Windows 7)
Apparently, this is also a problem with Wine or CrossOver on macOS, and not easily fixed.
Did you disable the following cipher suites in the registry by accident?
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Just because TLS 1.2 is enabled doesn't necessarily mean the secure handshake can be established.
Hi I sniffed the network and I only have
ecdhe_ecdsa ... aes128 sha256
ecdhe_ecdsa ... aes256 sha384
for ecdhe_rsa and dhe_rsa I don't have gcm ciphers inside
Cipher Suites (21 suites)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
And server returned a fatal alert then connection end here.
I'm using win7 x64
I found that the foobar2000's website is using rsa certificate but I only have gcm with dsa.
Ahh!?? There might be something wrong with system.
Anyone know the cipher update patch?
2021-09-25 13:54
I found that I need kb3042058 to support rsa with gcm. Let's see will it solve the problem.
Now problem solved
Cipher Suites (26 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)