Posts: 22
Joined: 17.Dec.2004
From: Indianapolis
Status: offline
Ok Tom, thanks for this short update to get WSUS to work correctly. My question is I have done this and my ISA box still does not show up in the WSUS console (after a couple days). All other servers which get the group policy show up fine. Ideas for troubleshooting? Thanks.
I've installed the new WSUS from Microsoft on an internal webserver. I've created a rule and set it as the first of the rules in the Firewall Policy. The protocols HTTP,HTTPS,Kerberos-Sec(UDP) are defined in the rule. Now i can't synchronize the WSUS-server with the internet'. I've set the proxy in the WSUS-admin-tool, but still no updates. If i look in the real-time-log i see the message: 443 SSL-tunnel Failed Connection Attempt Anyone knows a solution? It would be gratefull!
Thanks...this worked here, except that we're not using port 80 for WSUS, we're using port 8530. I created a new "HTTP for WSUS" protocol definition by duplicating the built-in HTTP protocol definition, but substituting port 8530. Added that to the WSUS Access Rule as described in the article, and it worked.
Note that since WSUS needs port 80 to update the automatic updater, you need to leave HTTP & HTTPS in the Access Rule.
My suggestion is to update the article to discuss configuration using alternate ports for WSUS. That might answer some of the above posters' questions, too.
Do you happen to have an article for doing this on ISA 2000? I have as yet been unable to download updates on WSUS and don't know if ISA is the culprit or not. Thank you!
I found your article related to a problem I'm having performing Windows Update Services. Applied WUS Access rule and I'm still not able to update. Config: Windows Server 2003/ISA 2004 Standard (SP1). Issue: Getting Error Number: 0x80072EE2 when Express or Custom are selected. Any suggestions?
I'm having problems performing Windows Update Services. Applied WUS Access rule and I'm still not able to update. Config: Windows Server 2000/ISA 2004 Standard (SP1). Issue: Getting Error Number: 0x80072EE2 when Express or Custom are selected. Any suggestions?
I am having the difficulty in getting the updates for WSUS. The cosole shows dowloading 0.00 of 1234.65MB. But, nothing is downloading. The realitime logging shows Failed connection while it's trying to run GET command on http/https.
As far as I can tell, installing ISA 2004 SP2 has changed the way that the 'anonymous' user is treated. When following these instructions on an ISA 2004 sp1 server, this works fine, but with the sp2 servers, the POST, GET, and HEAD data types appear to fall through to the 'default rule' (i.e. deny traffic) when WSUS attempts to connect as anonymous. Has anyone else run into this? Is there a work-around for this?
I've found the issue and it was not related to ISA nor this article.
For the sake of others trying to troubleshoot WSUS through ISA, the command 'wuauclt.exe /detectnow' will allow you to force an immediate update so you can watch your logs while it's updating.
Thanks.
< Message edited by Sir Didymus -- 24.Mar.2006 1:22:41 AM >
I was getting these errors as well and traced it to rule 26 on the system policies of ISA Server 2004. It is the http rule for CRL's. I enabled it and viola it started working like a champ.
I have been working on this for a few weeks now and am getting nowhere. I have created the access rule according to the article but continue to see the following error in the event logs on ISA.
Event Type: Error Event Source: Windows Update Agent Event Category: Software Sync Event ID: 16 Date: 10/15/2006 Time: 11:42:47 AM User: N/A Computer: ISA-1 Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
I an not sure if this is realated or not but when i try to access any websites on the internal network from the ISA browser i get
Error Code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
The server also has Surfcontrol Webfilter and Symantec Web security installed for external web browsing.
Hello, I think this will come in vain, but lets try... I'm having really bad problem with ISA server 2004. Apps & OS: ISA server 2004 Enterprise SP2, Windows 2003 Server R2 SP2
I run WSUS on separate server called s001, but as a precausion, i also implicated ISA server 2004 on server called s002. WSUS only downloads the updates thru web proxy, no other contact. Updates distribution is based on secure identification by certificate, from s001. Now GP is also configured to force clients to look for updates at https://s001. No traffic thru proxy! Everything works fine on 1105 workstations and 15 other servers. BUT s002 with ISA on it is cursed. WSUS config: SSL:443 for Website and Content+SelfUpdate normal HTTP:80 ISA config: rule and access configured, WSUS client tool says PASS on everything... BUT funny thing is that when i try to access from webbrowser this from any workstation or server, it works: http://s001/Content/3D/ECCAAC25B009FFE40D6774CC4D30DE458030263D.exe BUT when you try from s002 where ISA is, it DOES NOT work, even it behaves strangely, because if you access it like this, over SSL encrypted port: https://s001/Content/3D/ECCAAC25B009FFE40D6774CC4D30DE458030263D.exe, it magically finds the update??? How can this be? The updates are to be requested over http protocol, not https...
I don't get it, but i would appreciate all the info... Vladimir