Windows Automatic Updates (Full Version)

All Forums >> [ISA Server 2000 Firewall] >> Firewall Client



Message


wasserja -> Windows Automatic Updates (2.Jan.2003 7:41:00 PM)

Is there a specific port I need to open on ISA server to allow Windows Automatic Updates to work? None of my clients ever download the updates automatically. What setting(s) should I change to allow it to work?




tshinder -> RE: Windows Automatic Updates (3.Jan.2003 12:53:00 AM)

Hi wasserja,

What rule is blocking the request? You'll be able to find this out in the Web Proxy and/or Firewall service logs.

Thanks!
Tom




wasserja -> RE: Windows Automatic Updates (3.Jan.2003 6:41:00 PM)

I checked the log files, but didn't see any rules that denied it. If I go to Windows Update through the web browser it works, but the automatic updates does not download.

Here is the error in the System Log of one of my clients behind the firewall.

Unable to connect: Windows is unable to connect to the Automatic Updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Thanks for the help Tom.




tshinder -> RE: Windows Automatic Updates (4.Jan.2003 2:34:00 AM)

Hi wasserja,

Enable all fields in the log files and then run windows update. You should see what protocol rule and site and content rule is allowing or denying the requests.

Thanks!
Tom




wasserja -> RE: Windows Automatic Updates (6.Jan.2003 3:34:00 PM)

Thanks Tom for the quick reply.

I have just enabled logging on all fields. The Automatic Updates runs nightly at 3:00AM. I'll let you know what happens when I find out.

Thanks again for your help.




zzz343 -> RE: Windows Automatic Updates (6.Jan.2003 4:47:00 PM)

Hi Waseerja,

Set HTTP Redirector to "Send to requested web server" and let us know if it works.




wasserja -> RE: Windows Automatic Updates (6.Jan.2003 4:54:00 PM)

That option is already set.

Thank you for the help.

Remember this problem doesn't happen when Windows Updates is accessed through the browser, just the Automatic Updates which is accessed on a time interval by wupdmgr.exe.




tshinder -> RE: Windows Automatic Updates (6.Jan.2003 7:15:00 PM)

Hi wasserja,

I suspect that its a permissions issue. But we'll know that when we see the requests in the Web Proxy log.

Thanks!
Tom




wasserja -> RE: Windows Automatic Updates (6.Jan.2003 7:24:00 PM)

I do have bandwidth rules enabled. Perhaps that has something to do with it.




tshinder -> RE: Windows Automatic Updates (7.Jan.2003 7:13:00 PM)

Hi wasserja,

It could be, if the user account used by the autodownload doesn't have access to the protocol via a bandwidth rule. That's why the log files are so important to solving the problem.

HTH,
Tom




wasserja -> RE: Windows Automatic Updates (7.Jan.2003 7:45:00 PM)

Well I have some log files here, but which part do you want to see?




wasserja -> RE: Windows Automatic Updates (7.Jan.2003 9:12:00 PM)

Tom ,I'm looking over these logs and I'm not seeing anything that gives any hint of Automatic Updates. I'm not really sure if bandwidth rules are the problem or what. It just seems like the client never gets out to the internet, but I have no way of knowing where it got stopped.




tshinder -> RE: Windows Automatic Updates (8.Jan.2003 3:39:00 AM)

Hi wasserja,

Do you know what time the automatic updates take place? If so, you should be able to match up that time with the time in the logs. You probably can match up the time in the Event Viewer and assume that when the error in the Event Viewer appeared, that is about the time the automatic update was attempted.

HTH,
Tom




wasserja -> RE: Windows Automatic Updates (8.Jan.2003 3:24:00 PM)

Hello Tom,

First, is there any reason why my log files' time stamps are all a few hours off? I just visited isaserver.org at 9:27AM, and then the log says I visited it at 14:27. Any idea?

Well I've looked at the log files at the appropriate time, and I don't see anything even accessing windowsupdate.microsoft.com at those times. If the client is SNAT will it show up in the logs?

Thanks again Tom for your help. It is very much appreciated.

wasserja




tshinder -> RE: Windows Automatic Updates (9.Jan.2003 7:52:00 PM)

Hi wasserja,

SecureNAT client requests should show up in the logs, showing the IP address of the client making the request.

You can get local time in the logs by changing the log file type to ISA Server format.

I wish I knew more about automatic updates, but I don't use them because I don't trust them [Big Grin] I always update manually.

If you do find out what the problem is, please let us know what you find out!

Thanks!
Tom




wasserja -> RE: Windows Automatic Updates (9.Jan.2003 8:23:00 PM)

OK. Thanks for the help. I understand what you're saying about not trusting the automatic updates. I might have to setup SUS to do what I want to do.

Thanks again Tom for all your help. If I ever figure it out, I'll be sure to post it. [Cool]




tshinder -> RE: Windows Automatic Updates (9.Jan.2003 11:35:00 PM)

Hi wasserja,

Sorry I couldn't figure it out. If you do find out what the problem is, it would be great to hear what the answer is.

Thanks!
Tom




Page: [1]