Windows Update using Web Proxy Clients

All Replies

• Monday, January 12, 2009 6:58 AMMarc.GroteMVP

   
  

  0

  Sign In to Vote
  Hi,
  
  for clarification:
  Windows Update doesn't work when you use Firewall clients and the Windows Update URL/domain set in the Firewall rule?
  Does Windows Update work when you use the network object EXTERNAL instead of the URL/domain set in the Firewall rule which allows Windows Update?
  
  regards Marc
  www.nt-faq.de
  www.it-training-grote.de
  • Reply
  • Quote

   
• Monday, January 12, 2009 10:20 PMJim Harrison IsaDewd

   
  

  0

  Sign In to Vote
  Yes; that KB applies to ISA 2006 and TMG as well.
  The problem is not with ISA / TMG, but with the way the WU/BITS services handles these requests.
  
  What you want to do is examine the ISA live logging while you test each client configuration to discover what is failing.
  Since all clients are XP, why not allow them to operate as web proxy clients?

  ---

  Jim Harrison Forefront Edge CS
  • Reply
  • Quote

   
• Thursday, February 19, 2009 5:13 AMWINNETPRO

   
  

  0

  Sign In to Vote
  Thank You for your response Marc.  To clarify, All notebooks and worksations has ISA Firewall Client installed. For example,  If I configure any client with Web Proxy, windows update would work fine. If I remove the web proxy clinet it wourld fail.
  All Notebooks and Worksations has only Firewall Client installed.  I have created a rule for windows update and defied all URL according to the KB.  Notebooks and Worksatons are really not a big issues since we use WSUS. I thought this issue has been resolved in ISA 2006.  For All Servers, we use Web Proxy clients for Windows Update. Servers also have Firewall Client installed.
  
  • Reply
  • Quote

   
• Thursday, February 19, 2009 5:20 AMWINNETPRO

   
  

  0

  Sign In to Vote
  Thank You for updating Jim.  It's good to know that KB applies to ISA 2006 and TMG.  Please correct me if I am wrong, as I undetstand the best practice is to have Web Proxy and Firewall Client installed on workstations. When we moved over to ISA 2006 from ISA 2000 I had it confiuged this way, but Web Proxy client started to cause issues with some Internal applications, so we decided to have only Firewall clinet insalled on worksations / notebooks.
  
  
  • Reply
  • Quote

   
• Saturday, February 21, 2009 1:58 AMBala Natarajan MSFT

   
  

  0

  Sign In to Vote
  Have you tried the Proxycfg command to set proxy setting just for the Winhttp requests used by BITS?
  
  Proxycfg - ? will give all options
  
  You can manually set the IE proxy setting and then use proxtcfg -u to import IE proxy setting to Winhttp and then remove IE proxy setting if you dont want IE to have proxy setting
  
  This should make the AU which uses BITS to download from MU using winhhtp proxy settings
  
  Please confirm whether this helps
  
  Thanks
  Bala

  • Marked As Answer byElMajdalMVP, ModeratorMonday, June 01, 2009 9:41 PM
  •  
  • Reply
  • Quote

   
• Monday, February 23, 2009 9:44 PMWINNETPRO

   
  

  0

  Sign In to Vote
  Hi Bala,
  
  Thank you for your response.  I manually configued proxy settings under Internet Explorer, and LAN settings. After that I ran proxycfg and checked Direct access (No proxy server).
  Ran proxycfg -u, and noticed Proxy Server name and Bypass list: Local. I removed Manually configued proxy settings from Internet Explorer.
  Tested Windows Update site and it works fine.  It's great, now I can remove the manually proxy settings from Servers and set them using WinHTTPSettings and Windows Update will work fine.  The issue we were having is everytime after Windows Update we sometime forget to remove the manually added proxy settings and We have an internal applicaiton that uses Non Standard SSL port which would fail with Web Proxy client.  Thomas Shinder has a very good article on Extending the ISA Firewall’s SSL Tunnel Port Range (2004).
  http://www.isaserver.org/articles/2004tunnelportrange.html
  
  
  • Reply
  • Quote