@tristanleboss Good find. Anyone that hasn’t already manually installed the cert, can you go to the link tristan posted and see if enabling “Update Root Certificates” works? @Old_Bill, can you confirm if it’s disabled on your comp?
(I tried disabled it, then removed the certificate manually, which stopped MSN from working; then I enabled it again, and then it worked, so this is now the likely problem.)
I’m not sure how to confirm that it is disabled, but I can see it in windows components wizard
If it’s unchecked, it’s disabled. You need to tick the box next to it.
But the thing is if it only (updates) certificates then I think it is no use. Because I didn’t (update) DST Root CA X3, I (installed) it.
If I remember, it does download a package with certificates (it doesn’t update only the ones you have on your machine) so, it’s possible that it adds the missing certificate.
Well I hope so. I tried to remove DST Root CA X3 more than once to test if it works or not. But for some reason it keeps coming back at it own. So I hope someone else tries that.
Also one more thing, one of my friends tried to install DST Root CA X3 and MSN still didn’t work for him. If he did it right that means missing certificates is not everyone’s problem in XP. And that means if someone tries the Windows Components Wizard way and it doesn’t work then I think that doesn’t mean it didn’t install anything.
Personnaly, because we don’t have a lot of ressources, I’m not sure spending more time trying to make Messenger works on Windows XP is a good idea.
Espescially as it seems the problem doesn’t come from Messenger but from Windows XP itself.
Well let’s not put all of our focus on it, but I do say it is worth it. I’ve been told by some that they want to use MSN in XP again.
In terms of historical preservation (which is my main concern when it comes to reviving MSN), I believe support on XP and earlier is quite important. That covers significant 4 year stretch (at least) of its usage history (between the release of MSN Messenger 5.0 and the release of Windows Vista), including the versions of Windows Messenger that came built-in to XP SP2 and SP3.
I don’t know how much that lines up with the goals of Escargot, but I think there’s value in supporting that. Unfortunately it could require a slightly different server configuration and require multiple IP addresses, to the best of my (admittedly limited) internet/networking knowledge.
My server supports all versions of MSN (up to 7.5, if you don’t count the preliminary and very hacky 8.x “support”) on all of the versions of Windows that they were originally intended to run on, so I know it’s possible. But I realised I couldn’t use SNI to make that happen, so it does require a minimum of 4 IPs addresses, which can start to add up in cost when hosted on a proper server. I also required my own certificates for all of the relevant (HTTPS) domains that MSN uses, though I didn’t have to update the built-in root certificates or anything, I just added matching certs on the clients and server for the eight or so domains that it needed.
(Edit: I also personally prefer to leave the actual MSN Messenger clients unpatched, but that’s not necessarily an issue that I’m steadfast on, as long as the clients are preserved somewhere in their original form, even if they have to be modified to use Escargot.)
I agree with you.
The only problem I see is a resource problem. Indeed, for now, it seems we are a few developers out there but only Valtron can do python coding and so update Escargot. I think we all try to help as much as we can.
Allowing Valtron to focus on Escargot may be a better idea. I imagine that like us he can probably allocate only a limited time working on Escargot as he probably have a life, a job, other projects. I’m also considering the fact that he will not dedicate his whole life to the Escargot server and that one day, he may be bored; as he have no commitment, you have to take into consideration this day can be tomorrow.
Managing a project like the Escargot server - driven by passion, enthousiam, … - would more than any other type of project need to take ressources and goals into consideration. Many project of this kind unfortunately fail because resources are not carefully managed and end up fading into oblivion without reaching any goals.
There is no roadmap for the Escargot server but, maybe implementing a HTTP gateway, supporting WLM 8.x, are probably more interesting on a preservation purpose than spending hours debuging Windows XP configuration issue.
I agree with your points, it is a matter of resources, and maybe any one of us (especially valtron since he’s the one doing most of the programming) could get bored or too busy to work on it any more. It is a hobbyist project after all, and that’s why I took so long to write mine (I’m not the world’s best programmer, and I had to work on it when I had the time and energy to give to it).
In terms of making it work on XP (and earlier), it’s very simple if you have the server set up to not use SNI. I’m not saying Escargot should be rearchitected and moved to another server, but I’m suggesting it for future reference, in case it’s decided that this earlier support is important. The problem, of course, is that not many small scale server providers offer that many IP addresses for one server, and when they do it’s not likely to be cheap.
I tested on Amazon EC2, and that seemed to work ok, but it costs about $0.40 per day just for the IP addresses required, or about $11 per month. It doesn’t sound like much, but when you add in other server costs that adds up over time, and for a spare time hobby project it might not be acceptable. I was testing with the free version, so I only had to pay for those IP addresses, but if you have to pay for the rest of the server too it could cost double or more per month.
It would be nice if there was a way to make the current implementation work with older OSs, but I’m not sure it’s possible, resources I saw online when I was looking at SNI as an option simply say that XP and earlier cannot support it.
Some projects handle these kind of small issues by creating bounties: when people want a side problem/feature, they put money in it. This allow the developer to get some bucks.
But, sooner or later, XP will be totally unable to connect the Internet and so will be the fate for Vista/7/8/8.1… one day. Protocol will evolve (IP, HTTP 2, SSL…) and browser will not support XP anymore (for now, IE and Chrome are already not supported anymore).
The problem with XP is that, because of its long life, there is many different configuration… We could offer people to support XP but only on a fresh up to date install of an original SP3 copy.
Additionnaly, it would be a good idea to have a support tool: an executable that people encountering a problem launch on their computer. This executable would:
This program should be coded in a way that it can log as many steps and errors as possible. Every call to a function should have its return value checked for conformity and logged.
Btw, a japanese guy made a root certificate updater for XP with the latest certficates available from MS for Windows 10:
rootsupd201705.zip (496.7 KB)
@enhanox If Caddy (the server i’m using to proxy http/s) gets a non-SNI request, it goes to the “default” (first) https site configured, which I made sure in my case is m1.escargot (ergo if you go to https://escargot.log1p.xyz on XP, you’ll get a certificate error). So that takes care of XP for up to 7.5 for sure (barring people not having the certificate installed, but that’s been solved in this thread), and for 8+, it’ll probably be fine too since with the patched msidcrl, everything goes to m1.escargot. And anyway, if you get ssl certs yourself using certbot, you can ask it to sign a single cert for multiple domains, so you won’t need multiple IPs.
Tristan is right though, as soon as TLS 1.0 gets removed from Caddy, I myself will probably give up on XP entirely (though of course others are free to do https a different way).
(btw @tristanleboss: even an up-to-date SP3 might not work out of the box, because as we found from Bill, that “Update Root Certificates” option might not be enabled by default. Though on the XP I torrented it was.)
TBH, I wanted to get XP working more for myself because it was driving me crazy to figure out what was wrong, so it was no problem at all. Definitely more fun than pouring through the XML mess of 8+. 
There is some instruction on how to create this rootsupd.exe file here: Root Certificates and Revoked Certificates for Windows XP - Windows XP - MSFN
But, I think the best is an automatic updater by the same guy: Root Certificates and Revoked Certificates for Windows XP - Page 3 - Windows XP - MSFN
@tristanleboss How’s this for starters? Escargot Troubleshooter (#28) · Issues · Escargot / Escargot Server · GitLab 
@valtron Ok, whatever works for you, I understand why you’re doing things the way you are, and that’s cool
Ah ah, that’s a real good work! Congratulations!
Would be interesting to test it on a buggy Windows XP 
As it turns out, one of the fixes in this thread fixed my problem with XP, it’s just that MSN 7.5 doesn’t work while 7.0 does. How odd.
7.5 works for me in XP, it is just weird how everyone has a different problem.
It’s never ending… all Windows XP installations are different… 3 service packs, thousands of updates, various settings, years of service… even when it was Microsoft maintaining Messenger, there was people having problems…
it must be something with how much people updated already. my windows xp os was updated to a point that there are no more left to download. there was a skype update in windows update for windows xp but i think that isn’t needed. so I didn’t install it. windows essentials security update probably isn’t needed anymore as Microsoft cut off support for the old one of that too. Microsoft probably took it off altogether. Make sure all updates are installed and all certificates as well.