Is there a specific port I need to open on ISA server to allow Windows Automatic Updates to work? None of my clients ever download the updates automatically. What setting(s) should I change to allow it to work?
I checked the log files, but didn't see any rules that denied it. If I go to Windows Update through the web browser it works, but the automatic updates does not download.
Here is the error in the System Log of one of my clients behind the firewall.
Unable to connect: Windows is unable to connect to the Automatic Updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Enable all fields in the log files and then run windows update. You should see what protocol rule and site and content rule is allowing or denying the requests.
Remember this problem doesn't happen when Windows Updates is accessed through the browser, just the Automatic Updates which is accessed on a time interval by wupdmgr.exe.
It could be, if the user account used by the autodownload doesn't have access to the protocol via a bandwidth rule. That's why the log files are so important to solving the problem.
Tom ,I'm looking over these logs and I'm not seeing anything that gives any hint of Automatic Updates. I'm not really sure if bandwidth rules are the problem or what. It just seems like the client never gets out to the internet, but I have no way of knowing where it got stopped.
Do you know what time the automatic updates take place? If so, you should be able to match up that time with the time in the logs. You probably can match up the time in the Event Viewer and assume that when the error in the Event Viewer appeared, that is about the time the automatic update was attempted.
First, is there any reason why my log files' time stamps are all a few hours off? I just visited isaserver.org at 9:27AM, and then the log says I visited it at 14:27. Any idea?
Well I've looked at the log files at the appropriate time, and I don't see anything even accessing windowsupdate.microsoft.com at those times. If the client is SNAT will it show up in the logs?
Thanks again Tom for your help. It is very much appreciated.