• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Windows Automatic Updates

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Windows Automatic Updates Page: [1]
Login
Message << Older Topic   Newer Topic >>
Windows Automatic Updates - 2.Jan.2003 7:41:00 PM   
wasserja

 

Posts: 56
Joined: 4.Dec.2002
Status: offline
Is there a specific port I need to open on ISA server to allow Windows Automatic Updates to work? None of my clients ever download the updates automatically. What setting(s) should I change to allow it to work?
Post #: 1
RE: Windows Automatic Updates - 3.Jan.2003 12:53:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi wasserja,

What rule is blocking the request? You'll be able to find this out in the Web Proxy and/or Firewall service logs.

Thanks!
Tom

(in reply to wasserja)
Post #: 2
RE: Windows Automatic Updates - 3.Jan.2003 6:41:00 PM   
wasserja

 

Posts: 56
Joined: 4.Dec.2002
Status: offline
I checked the log files, but didn't see any rules that denied it. If I go to Windows Update through the web browser it works, but the automatic updates does not download.

Here is the error in the System Log of one of my clients behind the firewall.

Unable to connect: Windows is unable to connect to the Automatic Updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Thanks for the help Tom.

(in reply to wasserja)
Post #: 3
RE: Windows Automatic Updates - 4.Jan.2003 2:34:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi wasserja,

Enable all fields in the log files and then run windows update. You should see what protocol rule and site and content rule is allowing or denying the requests.

Thanks!
Tom

(in reply to wasserja)
Post #: 4
RE: Windows Automatic Updates - 6.Jan.2003 3:34:00 PM   
wasserja

 

Posts: 56
Joined: 4.Dec.2002
Status: offline
Thanks Tom for the quick reply.

I have just enabled logging on all fields. The Automatic Updates runs nightly at 3:00AM. I'll let you know what happens when I find out.

Thanks again for your help.

(in reply to wasserja)
Post #: 5
RE: Windows Automatic Updates - 6.Jan.2003 4:47:00 PM   
zzz343

 

Posts: 764
Joined: 19.Feb.2002
From: World's 7th Nuclear Power
Status: offline
Hi Waseerja,

Set HTTP Redirector to "Send to requested web server" and let us know if it works.

(in reply to wasserja)
Post #: 6
RE: Windows Automatic Updates - 6.Jan.2003 4:54:00 PM   
wasserja

 

Posts: 56
Joined: 4.Dec.2002
Status: offline
That option is already set.

Thank you for the help.

Remember this problem doesn't happen when Windows Updates is accessed through the browser, just the Automatic Updates which is accessed on a time interval by wupdmgr.exe.

(in reply to wasserja)
Post #: 7
RE: Windows Automatic Updates - 6.Jan.2003 7:15:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi wasserja,

I suspect that its a permissions issue. But we'll know that when we see the requests in the Web Proxy log.

Thanks!
Tom

(in reply to wasserja)
Post #: 8
RE: Windows Automatic Updates - 6.Jan.2003 7:24:00 PM   
wasserja

 

Posts: 56
Joined: 4.Dec.2002
Status: offline
I do have bandwidth rules enabled. Perhaps that has something to do with it.

(in reply to wasserja)
Post #: 9
RE: Windows Automatic Updates - 7.Jan.2003 7:13:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi wasserja,

It could be, if the user account used by the autodownload doesn't have access to the protocol via a bandwidth rule. That's why the log files are so important to solving the problem.

HTH,
Tom

(in reply to wasserja)
Post #: 10
RE: Windows Automatic Updates - 7.Jan.2003 7:45:00 PM   
wasserja

 

Posts: 56
Joined: 4.Dec.2002
Status: offline
Well I have some log files here, but which part do you want to see?

(in reply to wasserja)
Post #: 11
RE: Windows Automatic Updates - 7.Jan.2003 9:12:00 PM   
wasserja

 

Posts: 56
Joined: 4.Dec.2002
Status: offline
Tom ,I'm looking over these logs and I'm not seeing anything that gives any hint of Automatic Updates. I'm not really sure if bandwidth rules are the problem or what. It just seems like the client never gets out to the internet, but I have no way of knowing where it got stopped.

(in reply to wasserja)
Post #: 12
RE: Windows Automatic Updates - 8.Jan.2003 3:39:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi wasserja,

Do you know what time the automatic updates take place? If so, you should be able to match up that time with the time in the logs. You probably can match up the time in the Event Viewer and assume that when the error in the Event Viewer appeared, that is about the time the automatic update was attempted.

HTH,
Tom

(in reply to wasserja)
Post #: 13
RE: Windows Automatic Updates - 8.Jan.2003 3:24:00 PM   
wasserja

 

Posts: 56
Joined: 4.Dec.2002
Status: offline
Hello Tom,

First, is there any reason why my log files' time stamps are all a few hours off? I just visited isaserver.org at 9:27AM, and then the log says I visited it at 14:27. Any idea?

Well I've looked at the log files at the appropriate time, and I don't see anything even accessing windowsupdate.microsoft.com at those times. If the client is SNAT will it show up in the logs?

Thanks again Tom for your help. It is very much appreciated.

wasserja

(in reply to wasserja)
Post #: 14
RE: Windows Automatic Updates - 9.Jan.2003 7:52:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi wasserja,

SecureNAT client requests should show up in the logs, showing the IP address of the client making the request.

You can get local time in the logs by changing the log file type to ISA Server format.

I wish I knew more about automatic updates, but I don't use them because I don't trust them [Big Grin] I always update manually.

If you do find out what the problem is, please let us know what you find out!

Thanks!
Tom

(in reply to wasserja)
Post #: 15
RE: Windows Automatic Updates - 9.Jan.2003 8:23:00 PM   
wasserja

 

Posts: 56
Joined: 4.Dec.2002
Status: offline
OK. Thanks for the help. I understand what you're saying about not trusting the automatic updates. I might have to setup SUS to do what I want to do.

Thanks again Tom for all your help. If I ever figure it out, I'll be sure to post it. [Cool]

(in reply to wasserja)
Post #: 16
RE: Windows Automatic Updates - 9.Jan.2003 11:35:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi wasserja,

Sorry I couldn't figure it out. If you do find out what the problem is, it would be great to hear what the answer is.

Thanks!
Tom

(in reply to wasserja)
Post #: 17

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Windows Automatic Updates Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts