Re: Windows Update v5 issues and workaround
From: Phillip Windell (_at_.)
Date: 01/20/05
- Next message: Carlos: "Windows Media and Real Player streaming could not work due to Kerboros authentication"
- Previous message: Phillip Windell: "Re: Windows Update v5 issues and workaround"
- In reply to: Tom Bokman: "Re: Windows Update v5 issues and workaround"
- Next in thread: Gary: "Re: Windows Update v5 issues and workaround"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 19 Jan 2005 18:07:28 -0600
"Tom Bokman" <TomBokman@discussions.microsoft.com> wrote in message
news:E0C4351C-FE18-4B12-BC49-6011339DC1D2@microsoft.com...
> Well, Phillip if you're so smart, then it should be easy for you explain
why
> it works for my secureNAT clients but not Web proxy clients. Just tell me
> what I need to change to make it work for Web Proxy clients. I'm
> listening!!!!!
If it helps, I will re-create what the article says on my system
tomorrow,...it is too late to mess with today for me. I run ISA2000
only,..so that is all I can test with. I have no means to test with ISA2004
but the principles are the same. The article mentioned earlier gives the
process for both versions.
I have users who are not allowed Internet Access at all, but this process
would allow them to anonymously get to the Windows Update Sites while still
denying them access to anywhere else on the Internet. This would verify
that is works properly.
All this boils down to is allowing Anonymous access to *certain* places on
the Internet while forcing Authentication for everything else,..it would be
done the same for any similar situation, not just Windows Update.
Here are some things to check on your system in the meantime.......
Right-click on the Servername of the ISA in the ISA MMC. Choose Properties,
and choose Outgoing Web Requests. Disable the "Ask unauthenticated users
for identification". Your Site and Content Rules and your Protocol Rules
will *already* force authentication where you require it,...so you don't
need to force it here.
The "WU Protocol Rule" you created (that was mentioned in the article) would
have the "Applies To:" set to "Any Request" But your other Protocol Rules
will still authenticate as you are already doing.
The WU Site & Content Rule that uses the Windows Update Destination Set
(described in the article) would have the "Applies To:" set to "Any
request". But your other S&C Rules will still authenticate as you are
already doing.
You have to verify that you created all the Rules exactly as the article
describes and did not deviate from it or leave any detail out. I cannot see
your rules from here and I cannot verify from here if you have any other
rules that may be causing a conflict of some sort. I also can not verify
from here if your clients are properly configured as Web Clients, Firewall
Clients, or SecureNat Clients,...only you can verify that.
Here is the article's link again,..
Troubleshooting Windows Update v.5 Authentication Issue
http://www.microsoft.com/technet/prodtechnol/winxppro/support/updateauthen.mspx
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com
- Next message: Carlos: "Windows Media and Real Player streaming could not work due to Kerboros authentication"
- Previous message: Phillip Windell: "Re: Windows Update v5 issues and workaround"
- In reply to: Tom Bokman: "Re: Windows Update v5 issues and workaround"
- Next in thread: Gary: "Re: Windows Update v5 issues and workaround"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
