Windows Update (Full Version)

All Forums >> [ISA 2006 General] >> General



Message

itadmin -> Windows Update (5.Sep.2007 5:17:41 PM)

I have tried and tried to get Windows update to work correctly through ISA, but I can not.  I have a group that builds computers.  These computers are never added to the domain.  I need these computers to have unrestricted anonymous access to Windows updates without any other rules getting in the way.  I have tried to create rules that will allow this, but they all fail.  The lists that I have found online just haven't worked.  Does anyone have a good rule in place that works for this?  If so, please give me specifics.

I think we have problems when it gets to the https part, but I am not sure.

Thanks in advance to anyone who can help me with this. 



elmajdal -> RE: Windows Update (5.Sep.2007 5:58:37 PM)

Hi,

check this : http://support.microsoft.com/kb/885819

the list also available in the Windows Update Cache Rule.



itadmin -> RE: Windows Update (5.Sep.2007 6:43:29 PM)

I have tried those lists.  It still gives a denied error.

The blocked traffic is going to:

http://65.55.184.189/windowsupdate

I also see several blocked pings coming from the test box.



itadmin -> RE: Windows Update (6.Sep.2007 10:23:38 AM)

Is there a list of IP addresses I need to add inthere as well?



elmajdal -> RE: Windows Update (6.Sep.2007 11:17:34 AM)

Hi,

let me get this.

are you trying this from ISA Server itself ? or from a computer behind it ?

create such rule

allow > All Outbound Protocols >From Internal  >To External > All Users

does the windows update still fail ?




itadmin -> RE: Windows Update (6.Sep.2007 12:21:25 PM)

If I allow all outbound access, it will work fine.  It works fine on my unrestricted users as well.  WSUS works fine.  I just need a way to update machines that we build. When I put in the list of approved sites, the Windows update proceeds through those, but then I find more sites in the logs.  Those sites are in the form of IP address, so I don't know what URLs to add. 



itadmin -> RE: Windows Update (12.Sep.2007 9:45:56 AM)

In my logs, it shows that the HTTP traffic to certain IP addresses is allowed, but http traffic is not.  I checked Microsoft's website and it said that the lowercase protocols in the logs were there because of the way the web proxy displays protocols.  So, it looks like the firewall is letting the traffic out, but the web proxy is stopping it.  Help?



elmajdal -> RE: Windows Update (13.Sep.2007 8:02:16 PM)

quote:

Those sites are in the form of IP address, so I don't know what URLs to add


Check this : http://elmajdal.net/isaserver/HostLogger.aspx

What i usually do is i allow all outbound protocols from my WSUS Server to External for ALL Users.

In this way, only my WSUS server would get the updates, and the clients would take the updates from my WSUS Server.





Page: [1]