Windows Update Agent Issue

[Aaron Hoffman]

We have setup our computers for automatic Windows Updates. It seems as though
none of these updates are actually running. There is an error in the event
viewer that you can find below:

Source: Windows Update Agent
Category: Software Sync
EventID: 16
Description: Unable to Connect: Windows is unable to connect to the
automatic updates service and therefore cannot download and install updates
according to the set schedule. Windows will continue to try to establish a
connection.

We have been able to manually go out to the Microsoft website to download
the Windows Updates. We are running ISA Server 2004 and a Symantec Gateway
Security product for additional security. Are there specific ports that need
to be open in order for this to work properly. Any help would be greatly
appreciated.

Thank you,
Aaron Hoffman

[Dave Nickason [SBS MVP]]

Open ISA Mgmt and the properties of the "SBS Microsoft Update Sites Access
Rule." In the Symantec product, enable everything that's enabled in that
ISA rule. In particular, on the To tab, select each destination and click
Edit to see specifically what sites are enabled in those destinations.

"Aaron Hoffman" <AaronH...@discussions.microsoft.com> wrote in message
news:F6EA719D-AC50-400F...@microsoft.com...

[Aaron Hoffman]

Under the SBS Microsoft Update Sites Access Rule there are 2 rules listed:

1. Microsoft Error Reporting sites
Domain names included in this set:
a. *.watson.microsoft.com
b. watson.microsoft.com

2. System Policy Allowed Sites
Domain names included in this set:
a. *.microsoft.com
b. *.windows.com
c. *.windowsupdate.com

Also, the Symantec product doesn't seem to have any ISA rule setup by default.
Will I need to configure this? If so, what port/ports will I need to allow?

Thank you for your help,
Aaron

[kj]

And then look into to bringing WSUS and Microsoft Product (Windows, Office,
Exchange, SQL, Defender, etc) Updates in house! You'll still need the same
ports and sites open, but you'll be bringing down only one copy of each
update needed and have control over when, plus confirmation the updates have
been properly applied.

http://www.microsoft.com/windowsserversystem/updateservices/default.mspx

(btw, WSUS 3.0 Beta 2 is now open for applications)

--
/kj
"Dave Nickason [SBS MVP]" <gwdi...@NOSPAM.frontiernet.net> wrote in message
news:ewmHwQWv...@TK2MSFTNGP03.phx.gbl...

[Aaron Hoffman]

Thanks for the advice!

However, I am still unable to get these updates.

If anyone knows the proper fix regarding this issue it would be appreciated.

Thanks,
Aaron

[kj]

I'd hazard the Symantec Gateway is blocking some of the downloads because of
the file extension. Not having access to one, you might contact Symantec
support if someone here isn't able to guide you.

--
/kj

"Aaron Hoffman" <AaronH...@discussions.microsoft.com> wrote in message

news:3EFC7C99-686C-4304...@microsoft.com...

[Aaron Hoffman]

I went ahead and allowed one client machine to pass-through the gateway
security product. It seems that the automatic windows updates are now
running. At least this narrows down the issue to the symantec device and
nothing within ISA. I am assuming that there will needs to be a certain
port(s) opened on the device. Does anyone know what this would be?

Thanks,
Aaron

[kj]

I'm pretty sure only port 80 is required for Microsoft Update. It's the
"payload" that most security devices take exception to. There are a list of
sites in the WSUS deployment guide that are required for content download,
but that is a little different from MU.

--
/kj
"Aaron Hoffman" <AaronH...@discussions.microsoft.com> wrote in message

news:3022D0AA-7834-4BE5...@microsoft.com...