• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SCCM WSUS and ISA Enterprise 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> SCCM WSUS and ISA Enterprise 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
SCCM WSUS and ISA Enterprise 2006 - 28.May2009 3:41:07 PM   
Cra5h0verr1de

 

Posts: 6
Joined: 20.Dec.2008
Status: offline
Hi All
I have installed WSUS and then SCCM 2007 on a Windows 2008 server with all appropriate patches that has a direct internet connection to the internet for Windows updates and all works fine. WSUS is on port 8530. All servers are in the same domain.

I have an ISA Server 2006 Enterprise Array configured with 2 proxy servers and these are working OK, servicing all web requests for client machines.

I have redirected the internet connectivity for the server to use the ISA Server 2006 proxy server and reconfigured the SCCM software update point to use the proxy server, specified port 8530, and specified a domain admins account thyat has the apprpriate access.

The  windows update sync fails and puts error 6703 in the event log.
I have checked the logs wsyncmgr.log, WSUSCtrl.log, WCM.log but they just say the sync has failed with a timeout.

As a test I have disabled all other rules and  just put in a new firewall rule in the ISA server array to allow all protocols from  all networks to all networks for all users. I still get the same error.

Any ideas?

Thanks
Cra5h
Post #: 1
RE: SCCM WSUS and ISA Enterprise 2006 - 28.May2009 6:26:00 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: Cra5h0verr1de

I have redirected the internet connectivity for the server to use the ISA Server 2006 proxy server and reconfigured the SCCM software update point to use the proxy server, specified port 8530, and specified a domain admins account thyat has the apprpriate access.



The ISA Server web proxy service normally runs on port 8080 and not 8530 - have you confused this with the listening port for WSUS?

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Cra5h0verr1de)
Post #: 2
RE: SCCM WSUS and ISA Enterprise 2006 - 29.May2009 6:24:25 AM   
Cra5h0verr1de

 

Posts: 6
Joined: 20.Dec.2008
Status: offline
Hi Jason

Sorry for the confusion, I have set the port to 8080.
The error in the sccm wsus log is a gateway timeout. The timeout seams to be to a secure web site at update.microsoft.com:443
I have looked at the ISA logs and have a failed connection attempt as detailed below:

Failed Connection Attempt proxy01 29/05/2009 10:47:49
Log type: Web Proxy (Forward)
Status: 10060 A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 
Rule: Allow all from all to all
Source: Internal (x.x.x.x)
Destination: External (65.55.184.27:443)
Request: update.microsoft.com:443
Filter information: Req ID: 0a2fc9ec; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: SSL-tunnel
User: anonymous
Additional information
Client agent:
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x0
Processing time: 0 ms
MIME type:

(in reply to Jason Jones)
Post #: 3
RE: SCCM WSUS and ISA Enterprise 2006 - 29.May2009 6:43:08 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
If you configure IE with the same proxy server settings on the SCCM server itself, can you access that web site with IE?

How is your outbound web access rule configured on ISA?

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Cra5h0verr1de)
Post #: 4
RE: SCCM WSUS and ISA Enterprise 2006 - 30.May2009 5:44:25 AM   
Cra5h0verr1de

 

Posts: 6
Joined: 20.Dec.2008
Status: offline
Panic over
The clue was in a failed request to update.microsoft.com:443, which shouldn't have happened because I configured ISA wide open.

Mr potato head who looks after the Cisco firewalls had switched of HTTPS!!!
Once this had been switched back on the request was accepted and it all lit up.

The positive thing that came out of this was that I gained a days troubleshooting experience with ISA, even if there was nothing wrong with it.

Thanks for your views

Cra5h

(in reply to Jason Jones)
Post #: 5
RE: SCCM WSUS and ISA Enterprise 2006 - 30.May2009 8:23:08 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Cool

Maybe ISA should be your edge firewall and you wouldn't need Mr Potato head 

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Cra5h0verr1de)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> SCCM WSUS and ISA Enterprise 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts