RE: ISA server 2003 and microsoft update

Hello Alessandro,

Thank you for posting here.

According to your description, I understand that your internal clients
unable to access Microsoft Update. If I have misunderstood the problem,
please don't hesitate to let me know.

First please let me know that: Can you access other Internet web sites from
internal clients?

Based on my research, I suggest we try the following steps to see if we can
resolve this issue:

1. From the screenshot you have only 12 SBS rules. By default the CEICW
will create 22 SBS rules in ISA. I strongly suggest you run the CEICW to
configure the ISA server on SBS:

a. On the SBS 2003 Server open the Server Management console. Go to
Standard Management\To Do List.

b. Click the "Connect to the Internet" link.

c. When navigating to the Firewall page, select "Enable firewall" and click
Next.

d. On the "Services Configuration" page, select all the items and then
click Next.

e. On the "Web Services Configuration" page, make sure "Allow access to the
entire Web site from the Internet" is selected. If you select "Allow access
to only the following Web site services from the Internet", make sure all
items in the list are selected. Click Next.

f. On the "Web Server Certificate" page, choose to create a new Web server
certificate and then type the public domain name (your public DNS name)
that you will use to access OWA and RWW (for example, if your public domain
name that you use to access the sites is www.xyz.com, you should type
www.xyz.com as the new certificate name).

g. Go through the remaining steps.

Then, check if you have 22 SBS rules in the ISA server.

2. Please ensure the clients IE web proxy settings is properly:

a. Open the IE on the client computer

b. Open Internet Options, select Connections tab, click LAN settings button

c. Tick the option "Use a proxy server for your LAN", input SBS internal IP
(192.168.16.2), and port 8080 (by default), and uncheck Automatically
detect settings

d. Click OK three times to finish.

3. Please try to install the ISA server 2004 firewall client on the client
computers:

On the workstation, please access \\SBSServerName\mspclnt\, then run
setup.exe.

If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:

1. Run command "ipconfig /all > c:\ipconfig_sbs.txt" and "route print >
c:\route_sbs.txt" on SBS, send the files c:\ipconfig_sbs.txt and
c:\route_sbs.txt to me at v-terliu@xxxxxxxxxxxxx

2. Run command "ipconfig /all > c:\ipconfig_client.txt" and "route print >
c:\route_client.txt" on problematic client, send the files
c:\ipconfig_client.txt and c:\route_client.txt to me at
v-terliu@xxxxxxxxxxxxx

3. Please capture screenshots on the error messages and send the pictures
to me at v-terliu@xxxxxxxxxxxxx

4. Please help to gather the ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/tools/isainfo.zip

2) Extract all files to a folder on ISA server.

3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.

4) Please send these files to me at v-terliu@xxxxxxxxxxxxx

5. Please also help to gather the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing clients so that I
can filter the data.

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: HAL9000 <alessandro.tirinnanzi@xxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: ISA server 2003 and microsoft update
| Date: Tue, 20 May 2008 07:48:18 -0700 (PDT)
| Organization: http://groups.google.com
| Lines: 18
| Message-ID:
<ff6a6428-dc54-408d-9f95-e7efc0bb25e4@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 85.42.57.100
| Mime-Version: 1.0
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: 7bit
| X-Trace: posting.google.com 1211294899 10020 127.0.0.1 (20 May 2008
14:48:19 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Tue, 20 May 2008 14:48:19 +0000 (UTC)
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: a23g2000hsc.googlegroups.com; posting-host=85.42.57.100;
| posting-account=2c8dtQoAAAA4F_6sdCDXBFzEFjoy0BSs
| User-Agent: G2/1.0
| X-HTTP-Via: 1.1 SACEA-X226
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;
SLCC1;
| .NET CLR 2.0.50727; .NET CLR 3.0.04506; FDM;
WWTClient2),gzip(gfe),gzip(gfe)
| Bytes: 1686
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed0
0.sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!nntp.giganews.co
m!postnews.google.com!a23g2000hsc.googlegroups.com!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:108505
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi all,
| I have a SBS 2003 R1.
| It's some day that all my clients can't connect to microsoft update.
| for exemple a vista client gives this error code when tries to connect
| to microsoft update
| "WindowsUpdate_80072EFD"
| I'm quite sure is the ISA server that blocks this connection to the
| microsoft update
|
| this is the frewall policy of my isa server
| http://img258.imageshack.us/img258/7723/regolefirewallhg1.gif
|
| Is there something wrong??
|
| thanks all for any ideas!
|
| Alessandro
|
|

.