Re: Microsoft Update
- From: "John" <a>
- Date: Mon, 2 Jun 2008 14:19:53 -0700
Ok, I just notice Jony's reply. The bottom of his reply says "... configure
the LAN proxy to the local server name". So I added proxy server in my IE7
browser "Use a proxy server for your LAN" setting. I can now access WU/MU
sites successfuly.
Out of curiosity, I removed the rule I created earlier today and Apply the
changes. With default policies or rules, I can still access WU/MU sites
without any problem.
"John" <a> wrote in message news:%23ous3aOxIHA.524@xxxxxxxxxxxxxxxxxxxxxxx
It looks like HTTPS requests to WU/MU update sites are denied (handled by
the Default Rule). I see quite a few Denied Connection in the "Action"
column. I don't understand why they're Denied access when the first rule
says it's allowed.
Btw, I only have 2 rules under Firewall Policy, one of them is the default
rule and it's at the bottom:
1) Order: 1
Microsoft/Windows Update
Action: Allow
Protocols: HTTP, HTTPS
From/Listener: Localhost
To: MS Update Domain Name Set
Condition: All Users
2) Order: Last
Name: Default rule
Action: Deny
Protocols: All Traffic
From/Listener: All Networks (and localhost)
To: All Networks (and localhost)
Condition: All Users
I created rule #1 and put it at the top. Rule #2 comes with the default
installation of ISA2006. Anything else you can think of?
"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:93BD93E3-B785-49BF-80E5-55EB7F804F28@xxxxxxxxxxxxxxxx
Watch the ISA log live monitoring while you try this connection.
if ISA is blocking anything, you'll see it there.
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"John" <a> wrote in message news:OBtuq3NxIHA.2292@xxxxxxxxxxxxxxxxxxxxxxx
Btw, with this new rule, I'm still getting Error number: 0x80072EFD.
"John" <a> wrote in message
news:%23nHb10NxIHA.1440@xxxxxxxxxxxxxxxxxxxxxxx
I've checked to be sure that I can't access any sites thru HTTP or
HTTPS.
Yes you're right, I can't access the internet other than
Microsoft/Windows
update sites. Although scanning for updates gives me an error message, I
can access WU/MU sites just fine. There must be a (default) predefined
set
of rules that let me access the site.
Anyway, my new access rule looks as follows:
Name: Microsoft/Windows Updates
Action: Allow
Traffic: HTTP,HTTPS
Source: Local Host
Destination: Microsoft Update Domain Name Set
Accepted user sets: All Users
Is this rule too loose or too restrictive? Feel free to correct the rule
if you think it is not correct.
Thanks again for your help.
"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:804FC557-9028-4763-AFF1-B39DE7BEA0EE@xxxxxxxxxxxxxxxx
The default configuration allows what the system policies allow;
nothing
more.
This does not include HTTP from ISA to external.
All you need to do is create an allow rule from local host to Windows
Update
for all users.
This will allow the ISA to reach WU/MU.
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"John" <a> wrote in message
news:eKinH0pwIHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
I thought the default configuration allows traffic between ISA box and
other
networks BUT does not allow traffic to pass through ISA box from one
network
to another. I was lead to believe that because I can get to the
internet
from my ISA2006 box. I just can't get Windows (or Microsoft) Update to
scan
for updates.
If that isn't true, could you give me an example of the rule?
Thank you.
"Jim Harrison (ISA SE)" <jmharr@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:B3D3ACF9-41D5-4B0E-A5C8-2F2605A4FC5B@xxxxxxxxxxxxxxxx
You have to configure rules to allow traffic to, from and across ISA.
By default, "none shall pass" (apologies to John Cleese).
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"John" <a> wrote in message
news:ubPkU2bwIHA.4912@xxxxxxxxxxxxxxxxxxxxxxx
I've just finished installing ISA2006 on Windows Server 2003. ISA
configuration is now at default (I haven't changed anything). It's got
2
NICs (internal/external). I can access the internet from ISA box.
Trying to get updates from Microsoft Update
http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
After a few seconds, I see:
[Error number: 0x80072EFD]
The website has encountered a problem and cannot display the page you
are
trying to view. The options provided below might help you solve the
problem.
For self-help options:
Frequently Asked Questions
Find Solutions
Windows Update Newsgroup
For assisted support options:
Microsoft Online Assisted Support (no-cost for Windows Update issues)
Read more about steps you can take to resolve this problem (error
number
0x80072EFD) yourself.
How exactly do I get updates for my ISA2006 box?
.
- Follow-Ups:
- Re: Microsoft Update
- From: Jony
- Re: Microsoft Update
- References:
- Re: Microsoft Update
- From: Jim Harrison \(ISA SE\)
- Re: Microsoft Update
- From: John
- Re: Microsoft Update
- From: John
- Re: Microsoft Update
- From: Jim Harrison \(ISA SE\)
- Re: Microsoft Update
- From: John
- Re: Microsoft Update
- Prev by Date: Re: Microsoft Update
- Next by Date: Re: Microsoft Update
- Previous by thread: Re: Microsoft Update
- Next by thread: Re: Microsoft Update
- Index(es):
Relevant Pages
|
Loading
