Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Windows Update on ISA Server machine

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Installation >> Windows Update on ISA Server machine Page: [1]
Login
Message << Older Topic   Newer Topic >>
Windows Update on ISA Server machine - 18.Feb.2004 4:27:00 PM   
Viv Sherriffs

 

Posts: 14
Joined: 11.Jun.2001
Status: offline 		I'm running ISA2000 SP1 on Win2K SP1. All my client machines are working fine. My problem is running Windows Update on the ISA machine itself - it always fails with error code 0x800c0005. While investigating, I find that I cannot access https sites either. The only way I can browse on the server at all, in fact, is to install the Firewall Client software on the server; when you do this, you get a warning that it's not a recommended configuration and special settings are required (but it doesn't tell you what they are). Is there another way to configure the browser on the ISA Server that might give a better chance of Windows Update working?
Post #: 1
RE: Windows Update on ISA Server machine - 18.Feb.2004 5:02:00 PM   
windows1978

 

Posts: 3
Joined: 15.Feb.2004
From: JO
Status: offline 		hi Viv Sherriffs,,
do the following PLZ..

after add local address label,, you need add one Packet Filter..

- open isa server
- choose Access Policy
- now choose ( IP Packet Filters )

see this pictures ..



put any name for the filter ..



just do as in pictures ,,








now click finish,,,



now you can use internet on server or network i am sure

salam,,,,

(in reply to Viv Sherriffs)
Post #: 2
RE: Windows Update on ISA Server machine - 18.Feb.2004 5:30:00 PM   
Viv Sherriffs

 

Posts: 14
Joined: 11.Jun.2001
Status: offline 		Windows1978
Thanks for your post, but I'm not comfortable with what you suggest. Your proposal seems to say 'open up the firewall to allow any remote computer to make any kind of access' which would seem to defeat the object of a firewall... Am I missing the point?

(in reply to Viv Sherriffs)
Post #: 3
RE: Windows Update on ISA Server machine - 18.Feb.2004 6:20:00 PM   
windows1978

 

Posts: 3
Joined: 15.Feb.2004
From: JO
Status: offline 		Ok man,, be cool [Big Grin] ,,
you can change the above options ,, so that you can identefy just the server ..

from the photo showing to choose the remote computer ,, you can just choose only this remote computer ,,, so that you are in a safe way ,, [Smile]

and I wait some one else to support my Post,,

thanx

(in reply to Viv Sherriffs)
Post #: 4
RE: Windows Update on ISA Server machine - 19.Feb.2004 5:45:00 PM   
Viv Sherriffs

 

Posts: 14
Joined: 11.Jun.2001
Status: offline 		OK, being cool about this I re-considered your suggestion and looked up packet filtering in Tom's book 'Configuring ISA Server 2000'. In Chapter 9 he has a section 'When to manually create packet filters' and includes this reason: '... all applications and services on the ISA server itself must have packet filters to support them' and goes on to give an example for HTTP Outbound from the ISA Server computer. This example allows browsing from the server and maintains a secure configuration by instigating the connection from the server to the remote computer then allowing the remote to respond, rather than leaving all incoming ports open all the time. I created a filter exactly as he describes, and a corresponding one for HTTPS, then disabled the Firewall Client on the server, and set Explorer to not use a proxy. Voila! I can now browse to https sites, and Windows Update connects first time. I note that Tom goes on to describe how Internet Explorer actually has a problem working as a WebProxy client when using a dial-up connection, and that setting filters in this way is the solution to this problem, though not the most secure of arrangements.
Thanks for pointing me in the right direction.

(in reply to Viv Sherriffs)
Post #: 5
RE: Windows Update on ISA Server machine - 20.Feb.2004 1:54:00 AM   
AHIT

 

Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline 		Coming in on the tail end of this...
Viv: I would have suggested Tom's article as you picked up...
however....
windows1978: Congatulations and thanks for going to such effort. (particularly with the images)
Sometimes it takes quite a bit of effort to reply to some questions with more than just a generic "RTFM" style response but you REALLY went the extra mile!

(in reply to Viv Sherriffs)
Post #: 6
RE: Windows Update on ISA Server machine - 21.Feb.2004 3:50:00 PM   
windows1978

 

Posts: 3
Joined: 15.Feb.2004
From: JO
Status: offline 		Thanx Viv Sherriffs ...
Thanx Tolk for your Encouragement [Wink]

another method ,, so that it can do the same thing (to make the SAREVER Prwosing), is to consider the machine of server as a client one ,,

go to START >> RUN >> then type

\\SERVER NAME

then install the ISA Firewall ,, and go on to finish ..

nice idea to try ,, I don't know really any scare from this method,,

anybody subbort me ???

GOOD LIFE TO ALL ,,

(in reply to Viv Sherriffs)
Post #: 7
RE: Windows Update on ISA Server machine - 21.Feb.2004 10:13:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hey guys,

are you talking about IE going to the Windows Update site or using the Automatic Update service?

To use IE on ISA itself, I always configure IE as a Web Proxy client by using ISA internal IP address port 8080 as proxy settings.

The problem with the Automatic Update service is that, although it pick ups the IE proxy settings, it runs under the context of the local system account. So, you either have to allow anonymous access or create IP packet filters for HTTP/HTTPS outbound and do not configure IE as Web Proxy client.

HTH,
Stefaan

(in reply to Viv Sherriffs)
Post #: 8
RE: Windows Update on ISA Server machine - 25.Feb.2004 4:46:00 PM   
Viv Sherriffs

 

Posts: 14
Joined: 11.Jun.2001
Status: offline 		Stefaan
This all started when I noticed that the ISA machine never got Auto Update notifications. Then I tried going to the Windows Update site directly and that failed, as did any other https site. I had originally set the browser as a web proxy and got no connection at all, then installed the Firewall Client but still couldn't get https. Only the packet filter solution has worked for me.

(in reply to Viv Sherriffs)
Post #: 9
RE: Windows Update on ISA Server machine - 25.Feb.2004 10:41:00 PM   
spouseele

 

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline 		Hi Viv,

never, I repeat NEVER install the Firewall client on ISA itself. It is an unsupported configuration! [Big Grin]

I never had problems with IE on ISA itself configured as a Web Proxy client, assuming you have the correct protocol and site&content rules in place. However, if that didn't work for you, then your only option is to use IP packet filters.

HTH,
Stefaan

(in reply to Viv Sherriffs)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Installation >> Windows Update on ISA Server machine Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts