• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SUS updates from internal server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> SUS updates from internal server Page: [1]
Login
Message << Older Topic   Newer Topic >>
SUS updates from internal server - 14.Oct.2004 3:16:00 AM   
nzkiwi

 

Posts: 6
Joined: 14.Oct.2004
From: New Zealand
Status: offline
Hi

We have an internal SUS server that downloads patches from the MS site. Once these are approved, local machines updates from here.
How do I allow the ISA Server 2004 machine to contact this local SUS server and download updates.?
I've added this internal server to the 'System Policy Allowed Sites' domain set, and System policy #17 is enabled.

Do I need a FW policy rule as well to allow for local host -> internal http requests?

Log files below

172.16.0.10, anonymous, Industry Update Control, -, 10/14/2004, 9:52:27, -, HERMES, -, -, 172.16.0.231, 80, 1, 141, 262, -, -, HEAD, /iuident.cab?0410132052, -, -, 12202, -, -, -, -, -, 0x0, Denied
172.16.0.10, anonymous, Industry Update Control, -, 10/14/2004, 9:52:27, -, HERMES, -, -, 172.16.0.231, 80, 1, 140, 2256, -, -, GET, /iuident.cab?0410132052, -, -, 12202, -, -, -, -, -, 0x0, Denied
172.16.0.10, anonymous, Industry Update Control, -, 10/14/2004, 9:52:27, -, HERMES, -, -, 172.16.0.231, 80, 1, 263, 2256, -, -, GET, /wutrack.bin?V=1&U=1298a8e9f3151942bb95522155d0ce5f&C=au&A=s&I=&D=&P=5.2.ece.2.110.3.0&L=en-US&S=f&E=80190193&M=ver%3D5.4.3790.0&X=041013205228363, -, -, 12202, -, -, -, -, -, 0x0, Denied
=========
HERMES, 10/14/2004, 9:52:27, TCP, 172.16.0.10:4019, 172.16.0.231:80, 172.16.0.10, Local Host, Internal, Establish, 0x0, Allow HTTP/HTTPS requests from ISA Server to specified sites, HTTP, -, 0, 0, 0, 0, -, -, -, -, -, -, -, -, 2, 3378, -, -, -
HERMES, 10/14/2004, 9:52:27, TCP, 172.16.0.10:4019, 172.16.0.231:80, 172.16.0.10, Local Host, Internal, Terminate, 0x80074e24, Allow HTTP/HTTPS requests from ISA Server to specified sites, HTTP, -, 0, 0, 262, 262, -, -, -, -, -, -, -, -, 2, 3378, -, -, -

[ October 14, 2004, 11:21 PM: Message edited by: nzkiwi ]
Post #: 1
RE: SUS updates from internal server - 14.Oct.2004 5:20:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi N,

Create an access rule that allows the SUS server access to the HTTP protocol. The local host network has nothing to do with this, neither does System Policy, since the SUS server isn't running on the ISA firewall itself -- and if it is GET IF OFF THE FIREWALL.

HTH,
Tom

(in reply to nzkiwi)
Post #: 2
RE: SUS updates from internal server - 14.Oct.2004 6:45:00 AM   
nzkiwi

 

Posts: 6
Joined: 14.Oct.2004
From: New Zealand
Status: offline
Hi Tom

Thanks. SUS server is not on the ISA server.
I've created an access rule allowing HTTP from the SUS server to the local host. Is this correct or should it be internal?

Also as the ISA server iniates the update request from the internal SUS server should there be another rule to allow this.?

(in reply to nzkiwi)
Post #: 3
RE: SUS updates from internal server - 14.Oct.2004 7:04:00 PM   
grinn253

 

Posts: 76
Joined: 12.Jul.2004
From: Seattle
Status: offline
Hi there,

I noticed that when SUS initiates the http connection, there was not an authenticated user. Since our http rules require 'authenticated users,' to access internet, SUS updates from MS were failing.

I created a rule from the internal SUS server to the MS update machine to allow http for 'all users.' Afterwards updates to SUS began to succeed.

Besides the above method, is there a way for the SUS to authenticate when retreiving with http? [Confused]

Thanks!
Edgardo

(in reply to nzkiwi)
Post #: 4
RE: SUS updates from internal server - 14.Oct.2004 11:11:00 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
The automatic updates service (AU client) is set as 'local system' by default - if you reconfigure the service to use a specific account this will be used for authentication to ISA.

JJ

(in reply to nzkiwi)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> SUS updates from internal server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts