W2K SP 3 has installed "automatic updates" on our servers.It doesn't work. There is an event in the system Protocol about every 2 days ( anyone know how to control when ?) with content (transalated - not exact ) "no connection with the service for automatic updates". Since the 2 relevant services are active, and the configuration is default ( automatic download and popup to say that updates are available ) I assume the ISA server is blocking the download. I presume the servers are web proxy clients, since they are not firewall or SNAT. I have tried so far: - Internet options / advanced / "use HTTP 1.1 through proxy" - protocol rule to allow HTTP, HTTPS and FTP to a client set including the relevant server IPs. That is, the servers can go surfing which we normally only allow to domain users. This covers the main suggestions I have reasd in the Internet to solve this problem,to use HTTP 1.1 and that automatic updates use port 443 (HTTPS). But it still doesn't work ! Any ideas anyone ?
Thanks for the reply, Klaas. I created a packet filter according to the recipe and restarted the ISA Services, but the server which should automatically update has since written the error event once again. I thought that for a proxy client to access the internet only a protocol rule is necessary ( and of course the default site and content rule ) , and a packet filter is only necessary when the connection bypasses the ISA Server which has routing enabled. The connection to automatic update can be opened manually by typing http://v4.windowsupdate.microsoft.com/de/default.asp into the browser, and this works. That is a proxy connection allowed to the administrator under our protocol rule, and the proxy settings are configured under internet options / connections. But when the server tries to do this automatically, it doesn't work. I have added the security group domain controllers to the group which is allowed to surf, and also created a similar protocol rule to allow a client set including the relevant servers to surf. I have also ticked "use HTTP 1.1 through proxy" And the protocol rule includes HTTPS 443. But it still doesn't work ! Can anyone help please ??
Posts: 60
Joined: 27.Nov.2001
From: Chennai, TN, India
Status: offline
Hi Davidd,
I too face the same problem.
I have noticed in one of the articles by Microsoft, which says that it is better not to apply Windows Update Component on Servers Running ISA, Exchange 2K and Domain Controller.
Then I was looking to uninstall the component, but couldn't find the uninstall. So, I have manually disabled and stopped the respective Service.
In case anyone is interested, it works now. The answer was to run the services "automatic Updates" and "BITS" under the Administrator account. It also works under a service account. So the problem was permissions. There still remains the question, how do enable a service that runs under the lcoal system account, for example in a protocol rule ? I have tried using the computer account and also a client set including the machine's IP, but neither work. Can anyone help, please ?
Posts: 10
Joined: 11.Nov.2002
From: Australia
Status: offline
Davidd,
I am deperately seeking an answer to your exact question. While starting services under a user account seems to get around the problem, it is very often not desirable to have services running under user accounts ! In these cases:
How do you create a protocol rule that grants outbound access from a service running as a local system account which is NOT on the ISA box ??
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 Firewall] >> General >> Automatic Updates don't work 
Automatic Updates don't work - 
RE: Automatic Updates don't work - 
RE: Automatic Updates don't work - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread