Re: WSUS synchronization via ISA
Jens Baier
> 0.0.0.0 192.168.240.152 anonymous No Reverse Proxy ServerName
> download.windowsupdate.com 192.168.XXX.XXX http TCP GET
> http://download.windowsupdate.com/v7/wsus/redir/wsusredir.cab?941204215
> Internal - - Denied
> Connection - Default rule Req ID: 084dd806 - - - 4/1/2009 3:03:20
> PM 0 80 1 2264 147 12202 The ISA Server denied the specified Uniform
> Resource Locator (URL). 0x0 0x0 Web Proxy Filter
> How am I suppose to configure my Access Rule for this to work???
regards Jens
www.nt-faq.de
www.it-training-grote.de
Phillip Windell
"Mario" <Ma...@discussions.microsoft.com> wrote in message
news:4D7767B7-A495-44BA...@microsoft.com...
> Hi,
>
> I must of not raise my question properly am not trying to update my client
> from the Internet to are WSUS Server...Am trying to get my Internal WSUS
> 3.0
> Server to use the ISA Proxy Server to reach the Windows Update site. The
> "Denied" log below is from my ISA Server trying to reach Microsoft Update
> Servers?
It has to be an Anonymous Rule:
From: <WSUS Server Computer Object>
To: <List of MS Servers or just use External>
Protocol: HTTP, HTTPS, FTP (not sure about FTP, but doesn't hurt to use it)
Users: All Users
Run the WSUS box as a FWC or a SecureNAT Client,...either should work
Phillip Windell
> Hi,
>
> I try the rule below and it doesn't work. Try reversing it, same. My 2004
> ISA Server is configured with a Single Nic and I can only use the Web
> Proxy
> Client because my Server traffic is routed by a Pix Firewall.
Then forget the ISA!
The ISA has nothing to do with this. It is a Web Caching Server only! The
WSUS is not "using the web browser" to get to the WU Servers.
Remove the FWC on the WSUS box,...the FWC is completely worthless with a
single-nic ISA.
The WSUS box will be using the PIX (and *only* the PIX) for this. So make
sure the PIX allows the traffic from the WSUS box.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Mario
The WSUS Server is configured under the Proxy Tab with the name of the proxy
Server and port. The Proxy log does show the traffic being denied from my
WSUS Server when trying to retrieve Windows Update. What I found bizarre is
the traffic is getting denied with a Service request of "Web Proxy"
(Reverse). When I do a test from the IE browser on the WSUS Server with my
browser pointing to the ISA Server my request to www.windowsupdate.com works
fine??? NOTE: I do not have any FW client or Secure Nat configure on my WSUS
Server.
Any suggestions
Asher_N
PIX.
=?Utf-8?B?TWFyaW8=?= <Ma...@discussions.microsoft.com> wrote in
news:C7E032B8-716B-43B1...@microsoft.com:
Mario
I want the traffic to pass via the Proxy.
Phillip Windell
> Hi,
>
> The WSUS Server is configured under the Proxy Tab with the name of the
> proxy
> Server and port.
Yea. I know. Stop doing that.
Phillip Windell
> Hi Asher,
>
> I want the traffic to pass via the Proxy.
I'm just trying to tell you if you want WSUS to work (which should be the
real goal here) then stop using the proxy and control the access directly
with the PIX,...in the end it is going out the PIX anyway, so just stop over
complicating it.
Leave the Proxy for the "humans" to use.
Asher_N
frequently used web pages locally. None of the WSUS traffic is repeated.
By using the proxy for WSUS you are doing 2 things. 1) over complicating
your network and 2) wasting valuable cache resources by caching the WSUS
downloads, which will never be used again.
=?Utf-8?B?TWFyaW8=?= <Ma...@discussions.microsoft.com> wrote in
news:2527A073-8779-488B...@microsoft.com: