Re: windows update failed using ISA firewall client

From: "Jim Harrison \(MSFT\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Mar 2006 15:27:05 -0800

Don't Ever "open all ports" for any reason.

Now that we have that out of the way, let's address your WSUS question.
Surfcontrol (like many other web filters) requires that you configure the ISA to "requires all users to authenticate".
(W)SUS can be configured so that it can respond to proxy authentication.
You have to set this in the server properties in (W)SUS manglement.
--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

<frogmanalien@xxxxxxxxx> wrote in message news:1142520107.039820.220560@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'm in a similar boat, having very little luck with any of the
solutions I've seen posted. I have a Server 2003 with ISA 2004 server
(with surf-control, as that may be relevant)- and a seperate 2000 box
running SUS (not WSUS). I am unable to get the SUS server to download
any updates from Microsoft, even all though I can happily surf the web
from the system (so the proxy works to some degree at least) and I can
actually download the www.msus...aucatalog1.cab file it attempts to
download from the SUS server itself.

The sync log shows:
Manual Sync Started- Thursday, March 16, 2006 2:33:16 PM Failed
Updates Added: None
Updates Removed: None
Reissued Update(s): None
Errors: Failed to download from URL
'http://www.msus.windowsupdate.com/msus/v1/aucatalog1.cab'. (Error
0x80072EFD: Unable to connect to the server.)
Sync Finished-Thursday, March 16, 2006 2:35:23 PM

Windows update log shows:
2006-03-16 11:39:32 1480 76c Misc WARNING: Send failed with hr =
80072efd.
2006-03-16 11:39:32 1480 76c Misc WARNING: SendRequest failed with hr =
80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-16 11:39:32 1480 76c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://update.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072efd
2006-03-16 11:39:32 1480 76c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072efd
2006-03-16 11:39:32 1480 76c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2006-03-16 11:39:32 1480 76c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072efd
2006-03-16 11:40:35 1480 76c Misc WARNING: Send failed with hr =
80072efd.
2006-03-16 11:40:35 1480 76c Misc WARNING: SendRequest failed with hr =
80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-16 11:40:35 1480 76c Misc WARNING: WinHttp:
SendRequestUsingProxy failed for
<http://update.microsoft.com/v6/microsoftupdate/redir/muredir.cab>.
error 0x80072efd
2006-03-16 11:40:35 1480 76c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error
0x80072efd
2006-03-16 11:40:35 1480 76c Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072efd
2006-03-16 11:40:35 1480 76c Misc WARNING: WinHttp:
ShouldFileBeDownloaded failed with 0x80072efd
2006-03-16 11:40:35 1480 76c Misc WARNING: DownloadFileInternal failed
for http://update.microsoft.com/v6/microsoftupdate/redir/muredir.cab:
error 0x80072efd
2006-03-16 11:40:35 1480 76c Report WARNING: Reporter failed to upload
events with hr = 80072efd.

Anyone got any bright ideas? I've temporarily (to test my theory) open
ALL ports to all traffic from the SUS box, so I'm not sure if there's
something squirreled away in there or if I'm barking up the wrong tree.

Thanks,

Chris

.

References:
- Re: windows update failed using ISA firewall client
  - From: Henk Steunenberg \(Ms\)
- Re: windows update failed using ISA firewall client
  - From: frogmanalien

Prev by Date: Re: windows update failed using ISA firewall client
Next by Date: Is there any way to go true isa server
Previous by thread: Re: windows update failed using ISA firewall client
Next by thread: different with fwc3.0 with fwc4.0
Index(es):
- Date
- Thread

Relevant Pages

Re: SUS
... > I have setup a SUS Server on win2k. ... 0-2.reg will not configure your machine to automatically download updates from ... critical updates or service packs that your machine needs. ... It will also ask you if you want to install them, ...
(microsoft.public.windows.server.general)
Re: Homegrown synchronization
... How do you trigger the application of the updates to the server ... The only problem I can see is that you might download the next ... production backend after an update is applied (and I'll probably ...
(microsoft.public.access.replication)
Re: Trend updates if server is unavailable
... the Security Server checks the ... If you define a source other than the Trend Micro ActiveUpdate Server ... for receiving updates, then all computers receiving updates must have access ... Use the ActiveUpdate server for the component download source. ...
(microsoft.public.windows.server.sbs)
Re: Trend updates if server is unavailable
... The clients do get their updates from ... Trend's ActiveUpdate server by default. ... If you define a source other than the Trend Micro ActiveUpdate Server ... Use the ActiveUpdate server for the component download source. ...
(microsoft.public.windows.server.sbs)
Re: Cant send/rec e-mail - ?reinstall?
... ** Your server has unexpectedly terminated the connection. ... Again, can use Internet OK, but can't update AdAware, SpyBot etc. (can't on ... > scan shortly after seeking/installing updates. ... >> download updates. ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)