Wsus in internal network behind isa 2004 client ip problem
-
Dienstag, 11. Dezember 2012 10:52
Hello everyone. First i want to apologies for my bad English. I will try to explain the problem as simple as possible.
So i have a little network with Isa 2004 in front of it with auto-discovery turned on using both ways DHCP and DNS.
Before 2 days i implement WSUS 3 SP2. Everything is OK except all clients report IP of the Isa 2004 server.
After 2 days fight whit that i do this test:
in my laptop i unchecked auto-discovery option in Internet Settings and fill the proxy setting manually, also include wsus server hostname in bypass list. In this scenario my laptop report proper ip address in Wsus server.
When i turn back on auto-discovery option, my ip address in WSUS server become again address of the Isa server. I have wsus server described in bypass list and domains also.
I read a lot of this problem on the net, but no one mentioned this scenario. So i guess there is some problem between Wsus server and auto-discovery future.
Please if anyone have some idea or workaround about this problem, let us know. I am sure a lot of peoples have such a problem and waiting for solution.
Other workaround is to disable auto-discovery future which will make sysadmins life a little hell about proxy.
Thank you in advance, and once again i am sorry for my bad English
- Typ geändert Clarence ZhangModerator Montag, 17. Dezember 2012 05:04
- Typ geändert Clarence ZhangModerator Montag, 17. Dezember 2012 05:04
Alle Antworten
-
Mittwoch, 12. Dezember 2012 03:18Moderator
Before 2 days i implement WSUS 3 SP2. Everything is OK except all clients report IP of the Isa 2004 server.
This happens because your clients are incorrectly trying to go through the ISA proxy server to get to the WSUS server -- which I presume (I hope!) is on the INTERNAL network. The 'fix' here is to properly configure the Proxy Client Configuration on each system so that it doesn't route INTERNAL connection requests through the ISA Server.
in my laptop i unchecked auto-discovery option in Internet Settings and fill the proxy setting manually, also include wsus server hostname in bypass list. In this scenario my laptop report proper ip address in Wsus server.
Bingo! :-)
When i turn back on auto-discovery option, my ip address in WSUS server become again address of the Isa server. I have wsus server described in bypass list and domains also.
Well... you see.. part of this is because WinHTTP does not use auto-discovery, and thus neither does the Windows Update Agent (which uses WinHTTP). So earlier when you filled in the proxy setting manually, now WinHTTP was configured correctly, and the WUAgent no longer routed the WSUS connection request through the ISA Server. But then, when you turned auto-discovery back on, I'll bet you deleted the manual WinHTTP proxy settings, which thus reverted the client to trying to use the ISA Server to get to the WSUS server.
The fix here is to:
- Leave the auto-discovery enabled.
- Configure WinHTTP to bypass the proxy server.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.- Als Antwort markiert Clarence ZhangModerator Montag, 17. Dezember 2012 05:07
-
Mittwoch, 12. Dezember 2012 11:50
The fix here is to:
- Leave the auto-discovery enabled.
- Configure WinHTTP to bypass the proxy server.
This fix the problem. Thank you very much.
Also one note from me. Every time when you change WinHTTP configuration restart the Windows Update service so the new settings can take effect.
Also for those who want this via GPO the only way (which i found) is to make a startup script. If you do this don't forget to make shutdown scrip to clear the settings for laptops and other computer which leave your internal network regularly because they will have problem in other networks.
-
Mittwoch, 19. Dezember 2012 14:47Moderator
Also one note from me. Every time when you change WinHTTP configuration restart the Windows Update service so the new settings can take effect.
Good point. The WUAgent reads the proxy settings at service startup (along with all of the other WUAgent configuration settings), so after using netsh winhttp (or proxycfg.exe) restarting the service (or rebooting) is required.
FWIW... ideally a client system would not need to go through a proxy server to access an internal WSUS Server. Evaluating whether the proxy server can be bypassed is also something to consider.Also for those who want this via GPO the only way (which i found) is to make a startup script. If you do this don't forget to make shutdown scrip to clear the settings for laptops and other computer which leave your internal network regularly because they will have problem in other networks.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.
.png)
.png)
