ISA Clients, WSUS synchronization via ISA

microsoft.public.isa.clients - Microsoft Internet Security and Acceleration


ISA Clients >> WSUS synchronization via ISA

by TWFyaW8 » Thu, 02 Apr 2009 03:19:02 GMT

Hi,

Am try to have my WSUS 3.0 synchronize with the microsoft update Server via
ISA 2004.
Am getting this denied error on ISA when I try a manual sync.

0.0.0.0 192.168.240.152 anonymous No Reverse Proxy ServerName
download.windowsupdate.com 192.168.XXX.XXX http TCP GET http://download.windowsupdate.com/v7/wsus/redir/wsusredir.cab?941204215 Internal - - Denied
Connection - Default rule Req ID: 084dd806 - - - 4/1/2009 3:03:20
PM 0 80 1 2264 147 12202 The ISA Server denied the specified Uniform
Resource Locator (URL). 0x0 0x0 Web Proxy Filter

How am I suppose to configure my Access Rule for this to work???

Thanks
Top

ISA Clients >> WSUS synchronization via ISA

by Jens Baier » Thu, 02 Apr 2009 04:08:47 GMT


Hi,


http://www.microsoft.com/downloads/details.aspx?FamilyID=AB72EB03-09CF-4CFB-9AF5-1A7DC9C80BC9&displaylang=en

regards Jens
www.nt-faq.de
www.it-training-grote.de
Top

ISA Clients >> WSUS synchronization via ISA

by TWFyaW8 » Thu, 02 Apr 2009 22:46:01 GMT

Hi,

I must of not raise my question properly am not trying to update my client
from the Internet to are WSUS Server...Am trying to get my Internal WSUS 3.0
Server to use the ISA Proxy Server to reach the Windows Update site. The
"Denied" log below is from my ISA Server trying to reach Microsoft Update
Servers?

Help Please.
Top

ISA Clients >> WSUS synchronization via ISA

by Phillip Windell » Thu, 02 Apr 2009 23:31:36 GMT


It has to be an Anonymous Rule:

From: <WSUS Server Computer Object>
To: <List of MS Servers or just use External>
Protocol: HTTP, HTTPS, FTP (not sure about FTP, but doesn't hurt to use it)
Users: All Users

Run the WSUS box as a FWC or a SecureNAT Client,...either should work
Top

ISA Clients >> WSUS synchronization via ISA

by TWFyaW8 » Thu, 02 Apr 2009 23:53:03 GMT

Hi,

I try the rule below and it doesn't work. Try reversing it, same. My 2004
ISA Server is configured with a Single Nic and I can only use the Web Proxy
Client because my Server traffic is routed by a Pix Firewall.
Top

ISA Clients >> WSUS synchronization via ISA

by Phillip Windell » Fri, 03 Apr 2009 02:03:15 GMT


Then forget the ISA!

The ISA has nothing to do with this. It is a Web Caching Server only! The
WSUS is not "using the web browser" to get to the WU Servers.

Remove the FWC on the WSUS box,...the FWC is completely worthless with a
single-nic ISA.

The WSUS box will be using the PIX (and *only* the PIX) for this. So make
sure the PIX allows the traffic from the WSUS box.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Top

ISA Clients >> WSUS synchronization via ISA

by TWFyaW8 » Fri, 03 Apr 2009 03:07:01 GMT

Hi,

The WSUS Server is configured under the Proxy Tab with the name of the proxy
Server and port. The Proxy log does show the traffic being denied from my
WSUS Server when trying to retrieve Windows Update. What I found bizarre is
the traffic is getting denied with a Service request of "Web Proxy"
(Reverse). When I do a test from the IE browser on the WSUS Server with my
browser pointing to the ISA Server my request to www.windowsupdate.com works
fine??? NOTE: I do not have any FW client or Secure Nat configure on my WSUS
Server.

Any suggestions
Top

ISA Clients >> WSUS synchronization via ISA

by Asher_N » Fri, 03 Apr 2009 04:45:45 GMT

Remove the proxy entries from WSUS. Make sure the gateway points to the
PIX.

=?Utf-8?B?TWFyaW8=?= < XXXX@XXXXX.COM > wrote in
Top

ISA Clients >> WSUS synchronization via ISA

by TWFyaW8 » Fri, 03 Apr 2009 04:58:06 GMT

Hi Asher,

I want the traffic to pass via the Proxy.
Top

ISA Clients >> WSUS synchronization via ISA

by Phillip Windell » Fri, 03 Apr 2009 05:46:01 GMT


Yea. I know. Stop doing that.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Top

ISA Clients >> WSUS synchronization via ISA

by Phillip Windell » Fri, 03 Apr 2009 05:50:53 GMT


I'm just trying to tell you if you want WSUS to work (which should be the
real goal here) then stop using the proxy and control the access directly
with the PIX,...in the end it is going out the PIX anyway, so just stop over
complicating it.

Leave the Proxy for the "humans" to use.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Top

ISA Clients >> WSUS synchronization via ISA

by Asher_N » Fri, 03 Apr 2009 20:14:35 GMT

The use of a caching proxy is to minimize the internet traffic by caching
frequently used web pages locally. None of the WSUS traffic is repeated.
By using the proxy for WSUS you are doing 2 things. 1) over complicating
your network and 2) wasting valuable cache resources by caching the WSUS
downloads, which will never be used again.

=?Utf-8?B?TWFyaW8=?= < XXXX@XXXXX.COM > wrote in



the

the
browser
any



So
Top
Similar Threads

1. ISA-Server not shown in WSUS-Console don't contact WSUS-Server 

Hi

Our ISA 2004 server don't contact the WSUS-Server to download updates. I ran 
the Client Diagnostic Tool and get this result:

VerifyWUServerURL() failed with hr=0x80190193

I thin it has to do with the config of ISA, but I don't know ISA. 

What do I have to do?

Thanks for help in advance!

-- 
Greetings
Udo

2. WSUS 3.0 client computers disappear from the WSUS console - Windows Server

3. ISA Server time synchronization 

Hello community

I have some questions regarding the time synchronization.

My ISA Server works as a reverse proxy between the webserver and my external
firewall. I made a packet filter rule to allow the ISA Server synchronize
time with the external firewall. This worked without problems.

Then I made a protocol rule to allow the webserver to access the firewall,
from which the ISA Server gets its time, over port NTP(UDP) but it doesn
work.

Can anybody help me with this?

Or, is there a way to make the ISA server a NTP Server?

Any tips are greatly appreciated :)

Thanks in advance
Christian

4. Orale Lite synchronization problems with ISA - ISA Server

5. ISA 2006 and WSUS

6. ISA 2004 and WSUS on same server

7. ISA and WSUS

8. isa 2004 Firwall accessing an internal WSUS server to auto upd