Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Windows Update
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Windows Update - 5.Sep.2007 5:17:41 PM
|
|
|
itadmin
Posts: 30
Joined: 21.Jul.2006
Status: offline
|
I have tried and tried to get Windows update to work correctly through ISA, but I can not. I have a group that builds computers. These computers are never added to the domain. I need these computers to have unrestricted anonymous access to Windows updates without any other rules getting in the way. I have tried to create rules that will allow this, but they all fail. The lists that I have found online just haven't worked. Does anyone have a good rule in place that works for this? If so, please give me specifics.
I think we have problems when it gets to the https part, but I am not sure.
Thanks in advance to anyone who can help me with this.
|
|
|
|
|
RE: Windows Update - 5.Sep.2007 6:43:29 PM
|
|
|
itadmin
Posts: 30
Joined: 21.Jul.2006
Status: offline
|
I have tried those lists. It still gives a denied error.
The blocked traffic is going to:
http://65.55.184.189/windowsupdate
I also see several blocked pings coming from the test box.
|
|
|
|
|
RE: Windows Update - 6.Sep.2007 10:23:38 AM
|
|
|
itadmin
Posts: 30
Joined: 21.Jul.2006
Status: offline
|
Is there a list of IP addresses I need to add inthere as well?
|
|
|
|
|
RE: Windows Update - 6.Sep.2007 11:17:34 AM
|
|
|
elmajdal
Posts: 4793
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online
|
Hi,
let me get this.
are you trying this from ISA Server itself ? or from a computer behind it ?
create such rule
allow > All Outbound Protocols >From Internal >To External > All Users
does the windows update still fail ?
_____________________________
Tarek Majdalani
MVP -- ISA Firewalls
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Windows Update - 6.Sep.2007 12:21:25 PM
|
|
|
itadmin
Posts: 30
Joined: 21.Jul.2006
Status: offline
|
If I allow all outbound access, it will work fine. It works fine on my unrestricted users as well. WSUS works fine. I just need a way to update machines that we build. When I put in the list of approved sites, the Windows update proceeds through those, but then I find more sites in the logs. Those sites are in the form of IP address, so I don't know what URLs to add.
|
|
|
|
|
RE: Windows Update - 12.Sep.2007 9:45:56 AM
|
|
|
itadmin
Posts: 30
Joined: 21.Jul.2006
Status: offline
|
In my logs, it shows that the HTTP traffic to certain IP addresses is allowed, but http traffic is not. I checked Microsoft's website and it said that the lowercase protocols in the logs were there because of the way the web proxy displays protocols. So, it looks like the firewall is letting the traffic out, but the web proxy is stopping it. Help?
|
|
|
|
|
RE: Windows Update - 13.Sep.2007 8:02:16 PM
|
|
|
elmajdal
Posts: 4793
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online
|
quote:
Those sites are in the form of IP address, so I don't know what URLs to add
Check this : http://elmajdal.net/isaserver/HostLogger.aspx
What i usually do is i allow all outbound protocols from my WSUS Server to External for ALL Users.
In this way, only my WSUS server would get the updates, and the clients would take the updates from my WSUS Server.
_____________________________
Tarek Majdalani
MVP -- ISA Firewalls
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
