Saturday, April 07, 2007

Ad-Aware SE Update Problem - Simply Fixed x2

Cookie Crumbs

So a few weeks ago I was going through my weekly cookie-cleaning process.

Download updates to Spybot Search & Destroy...scan...delete cookies.

Download updates to Ad-Aware SE...scan...delete cookies.

Download updates to AVG Anti-Spyware...scan...delete cookies.

Download updates to A-Squared Free...scan...delete cookies.

Yes, using four products is kinda overkill...but the overlap results in a very thorough scouring process, and even when ran in succession, each product picks up something the other didn't.

Only I ran into a hitch.

Failure!

My download of the Ad-Aware SE update failed.

When I clicked on the link to check for updates, it will download to 5% then fail.

At first I thought they had a server problem...but the problem has lasted for several weeks now.

None of my other programs had any problems hitting the net. Just Ad-Aware SE.

So I figured, maybe since I had installed LavaSoft's Ad-Aware 2007 Beta about that same time, maybe it was causing a conflict. So I uninstalled it. Still no update downloads.

So then I uninstalled Ad-Aware SE, downloaded it fresh, and reinstalled.

No dice.

Workaround One (but not my final solution)

My workaround was to manually download the Ad-Aware definition files updates, and unzip the file into the program's folder.

Problem (kinda) solved.

Only I really wasn't satisfied with that solution.

Sure it worked, but being a network/desktop support guy at work, I couldn't leave it alone.

Research Time

So I did some targeted Google searching and study and came up with quite a few forum reports about others suddenly running into this issue:

A review of all of them led to a number of different suggestions;

  1. Maybe the HOSTS file was hacked by malware preventing the download.
  2. Maybe a DNS cache flush would clear it up.
  3. The Lavasoft servers were being overwhelmed with update requests.
  4. AdAware had updated some of their DNS table references and some DNS servers were having problems resolving the correct location. Change to a different DNS server location.

Well, I was reasonably certain my pc hadn't been hacked by malware. My HOSTS file was pristine.

I flushed my XP system's DNS cache by running from a command-prompt session the following command: ipconfig /flushdns

That's usually a great troubleshooting tip I use at work frequently. However, no change here.

While I could see how the Lavasoft servers could be hammered every now and then, I wasn't buying that they would be off-line for weeks.

While some posters were scared to do those "highly technical" steps (not really) to change their provider's default DNS server, that wasn't the case with me. I have been very happy and not having any issues with my router's custom DNS server settings. I am using OpenDNS and am finding new reasons for loving it each month. I wasn't about to go back to my old settings. And since I had been getting Ad-Aware SE updates with no problems since I switched to OpenDNS, I didn't feel that was worth pursuing.

But I was kinda curious about this DNS thing some forum posters had mentioned.

The Lead

Back in November it appears that Lavasoft (back in November 2006) moved their update servers to some new IP addresses. At the time it seemed to take a while for "word" to spread to all the DNS servers about the IP address change.

It appears (based on information in forum posts) that Lavasoft may be having this issue again;

From this Smart Computing Q & A Board post:

Here's an answer from a technician from Lavasoft:

"Hi

We are working on a solution that will be released later today.
You can wait for that or change the DNS address. Use the DNS address that is closest to where you live (east?) as preferred and the other address (west) as your Alternate.

The update problems are a result of expired DNS records for our previous definition update servers.

Now, some Internet Service Providers DNS servers are routing erroneous domain requests to a custom webpage, rather than to the standard:

The domain you requested could not be found 404 error page.

This stops our updating service from functioning.

Kind regards,

Jona, Lavasoft Support"

And while it seems that Earthlink and their affiliates' DNS servers are having the most problems, there was this bit regarding OpenDNS specifically in this Netscape Windows Support thread:

For the curious, here's what was going on.

When Ad-Aware updates its definition file, it tries to fetch a new file via HTTP from download.lavasoft.de.edgesuite.net. That name disappeared from the DNS (It stopped resolving.) sometime on Friday, March 23rd.

In response, our nameservers began redirecting download.lavasoft.de.edgesuite.net to our typo-correction landing servers for users who have typo correction enabled (the default setting). Ad-Aware was able to connect to our landing servers, but it was (of course) unable to fetch a valid definition file from them.

On Monday, March 26th, after diagnosing the problem, we changed the configuration of our nameservers to prevent redirection of download.lavasoft.de.edgesuite.net. This causes Ad-Aware to try a second name, download.lavasoft.de, from which it can fetch a valid definition file.

There's one caveat: if you have a DNS search list, Ad-Aware may continue to have trouble.

The Test

I fired up Wireshark, and began a packet capture session. Then I launched Ad-Aware SE and ran the steps to get the update.

After it errored out, I stopped the packet capture and took a look.

Imagine my surprise to find the following two "info" lines in my packet capture:

Standard query A download.lavasoft.de.edgesuite.net

Standard query response, No such name

Yep. There was the pudding-proof.

Ad-Aware SE was attempting to resolve the update server's address at download.lavasoft.de.edgesuite.net and failing. So it errored out.

The Simple Fix

I didn't feel like doing any DNS changes (I really like OpenDNS) so I could just continue to manually download the updates, but I wanted something easier.

Luckily, I knew of a very simple solution that surprisingly hadn't been suggested in any of the forum posts I saw.

Lavasoft's CalamityJane had previously forum-posted the IP addresses that they use for their updates servers:

You could always see if the servers are up.

The are located at 82.99.19.xx and xx is 11 to 17

[Servers]
server0=82.99.19.11/public/defs.ref
server1=82.99.19.12/public/defs.ref
server2=82.99.19.13/public/defs.ref
server3=82.99.19.14/public/defs.ref
server4=82.99.19.15/public/defs.ref
server5=82.99.19.16/public/defs.ref
server6=82.99.19.17/public/defs.ref

So I just browsed to my HOSTS file located at C:\WINDOWS\system32\drivers\etc\HOSTS and opened it with notepad.

Then I added the following line into it: 82.99.19.11 download.lavasoft.de.edgesuite.net

I saved the HOSTS file, then relaunched Ad-Aware SE and tried an update.

Bam. Got the whole thing.

Problem solved, simply!

No DNS server changes, no more DNS flushing, no malware, nada.

The Ad-Aware SE updates are automatically flowing again!

Why did this work?

Simply put:

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS.

Since I knew the actual IP locations for the download server, and my Wireshark session told me what server name Ad-Aware SE was trying to query, I just manually matched up the two bits of information in the HOSTS file.

Then, since the system will check the HOSTS file first and go with whatever is there, it was able to make the connection before even trying to query a DNS sever.

For many users, this change is probably much easier and less "intrusive" than trying to locate a good DNS sever to use and then make those changes to either their PC or router.

The Final "Official" Word/Solution from Lavasoft

In the process of working through this post, I eventually stumbled across "The Official Word" from Lavasoft: "Error Retrieving Updates". Interrupts At 5% Download Completion.

Lavasoft's fix as of April 4th, 2007?

Download a new version of Ad-Aware se from this page: Solution For " Error Retrieving Updates. Interrupts At 5% Download Completion "

So to see if this really worked,

  1. I removed the line I had added to my HOSTS file and resaved it.
  2. I uninstalled my just recently downloaded version of Ad-Aware SE from my system.
  3. I reinstalled the newly "patched" Ad-Aware SE program installation file.
  4. I launched it and checked for updates.

It worked fine. Downloads flowed with no 5% error-outs.

So forget all my work on modifying the HOST file (unless you just want to) and grab the not-so-public fixed update file for Ad-Aware SE.

Items of Curiosity to Claus

First, I did happen to run another Wireshark packet capture during the new version's update process.

For comparisons, this new version of Ad-Aware SE is now using the DNS server name dlserver3.download.lavasoft.com where before it had been using download.lavasoft.de.edgesuite.net

On this pass it snagged the server IP address of 82.99.19.13

I'm sure they are still cycling through the IP's mentioned above in the post. This bitty change is what "officially resolves" (pun intended) the update problem!

Secondly, why doesn't Lavasoft just release this new version to all the download sites instead of still serving up the "old" version and making the "fixed" version so hard to find?

The MD5 sum for the Free version I just-now-as-I-post downloaded directly from their official "Free Download" link on this page was 0DBA00FC40C3468BBE474812299B0DF3 aawsepersonal.exe

The MD5 sum for the "fixed" version I just-now-as-I-post downloaded directly from their "solutions" link on this page was B88FA66F15BE61FB0538F78D3A620EC1 aawsepersonal.exe

The files are not the same. Is it because just a few users of specific ISP DNS servers are running into the problem? Wouldn't this version fix everyone's problems, including...say...new users to this fabulous Lavasoft product who happen to want to use this program, and don't yet realize that their ISP DNS server settings are about to crap-out the update experience for them? How quickly will they abandon this application and have a bad taste in their mouth because they got an "old" version and not the newer "fixed" one that works just fine?

It was a major pain in my rumpus to hunt down that "fixed" download file post. And it is not referenced anywhere clearly on the main Lavasoft pages for Ad-Aware where most non-technical users would likely first turn to seek help.

Thirdly, during this process, my "old" Ad-Aware SE Personal build was 1.06r1.

After the update it still displayed the version as 1.06r1, so the minor change they made to program in the call to a different DNS name didn't apparently justify a need to even slightly increment the version number.

Bummer.

From a professional troubleshooter's perspective I strongly think that was a bad decision; as that small bit of info might go a long way to help users who might be having this similar issue and are seeking help. Simply calling it 1.06r1a or 1.06r2 would have done the job nicely.

But that's just me.

Don't let my whining here get you down. Lavasoft's Ad-Aware SE is a great application and I really love it, even with these sudden update problems of late.

Bonus: Lavasoft's Ad-Aware 2007 Beta Testing

I've been testing their next-generation Ad-Aware 2007 (now at Beta Five with Beta Six coming on April 20th). It sports some MAJOR changes that I like quite a bit, and some things that I don't (which I am hoping get worked out during the beta process).

Download from FileHippo if you don't want to register at Lavasoft's Beta page (which is painless and I recommend doing if you really want to try it out).

Since it is still pretty "beta" at the moment, I don't want to post any specific comments evaluating its performance. It wouldn't seem fair while in development.

For now, suffice it to say I am looking forward to being (hopefully) impressed when the final version is released. I'm waiting to see how some current elements get included (or dropped) at final release time. I may speak more about that in a later post.

Hope all this this helps someone,

--Claus

14 comments:

Anonymous said...

Well I'm pleased to say that I also use OpenDNS and I've just downloaded the latest AdAware update without a hitch using the built-in facility, so obviously the problem has gone away.

Victor Delta said...

Great work - many thanks.

Anonymous said...

Excellent investigation. I use OpenDNS as well and I suspected that was the problem. I was looking for the server and IP to update my hosts file and found your blog. Thanks for the help.

Adam said...

wow...one hell of an investigation you put out there :)

Good job 8-)

Proud supporter of OpenDNS as well!

Macrocosm said...

Thanks pal. It worked!

Anonymous said...

Thank you much. Could not update with my laptop for some time, used the hosts file fix and no longer have to download the .zip file.

Thanks
Bob

Claus said...

You are very welcome!

Sometimes the simple solutions are the best.

Thanks for stopping in!

Baldeep said...

The Host File Fix is great.

Only take 1min to do.
Thanks.

I hate it when people blame it on my firewalls.

Anonymous said...

excellent! thank you very much.
regards, K. R.Fox

Anonymous said...

Thank you very much. All solved with such a simple line. Well done with your investigation.
Happy that there are people who can do something like that.

Regards
Ann

Claus said...

Hi Ann,

Thank you very much for sayng "thanks".

I'm happy my experience led to helping you!

--Claus

deesbree said...

Claus, I read your post after searching to fix my update problem. I don't know all the techie stuff you were saying to do to fix it. Can you give me an easy to understand way to fix my problem. Should I just remove the Ad-Aware out of my PC and reload the fixed version? If so can you post the link that I should download the new fixed version from and which one I should download.. thanks for your help, Denise

Claus said...

Denise,

If you are using Ad-Aware SE then I should probably explain to you that it is now no longer supporting automatic updates. Ad-Aware turned off their automatic updates for their "SE Personal" version, period.

I don't know if you knew that or not already.

The tips in this post worked perfectly in the past, but now will no longer fix current updating problems with the SE version.

If you want to keep using Ad-Aware SE version, then you will have to manually download the SE "DAT" file and manually install it yourself. This is the signature file that is used to scan against malware.

Please see this recent post on my blog: Ad-Aware SE Personal: No Longer Supported? Workaround!

I have pretty simple steps there to keep the SE version going a bit longer, and those steps are completely different from these.

If you don't want the hassles (which I can't say I blame most people for feeling) and if you have XP or Vista, what would probably best for you to do is to uninstall the "old" Ad-Aware SE version and then download and install the new Ad-Aware 2007 version instead.

LavaSoft Ad-Aware 2007 Free

It's a great product and assuming your system meets its minimal requirement, you may find it even better to use than the "SE" version! Automatic updates should work fine in that version.

Cheers!

sorindian said...

Excellent investigation. Joy to read.