none
Unable to Update Windows 2012 through TMG

    Question

  • Hi TMG Gurus,

    I have just installed Windows 2012 on my server and now trying to update it. Unfortunately it is ended up with

    Error code 8024401C. Windows update ran into a problem.

    I have made Rule thru TMG to to bypass it but no good news.

    Any thought please.

    Regards

    SSA


    SSA

    Thursday, January 03, 2013 8:52 AM

Answers

  • Hi, the process to update Windows Server 2012 through Forefront TMG is the same way as with older Windows versions. Create a Firewall Policy rule which allows HTTP/HTTPS from your Windows Server 2012 to EXTERNAL or the Windows Update Server URL set

    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Thursday, January 03, 2013 9:01 AM
  • Hi,

    Thank you for the post.

    You can create a URL set, and then use it in access rules to allow or deny access to websites specified. Please include the following destinations when you create the destination set or the URL set for Windows Update:

    •http://download.windowsupdate.com

    •https://*.update.microsoft.com

    •http://*.update.microsoft.com

    •http://update.microsoft.com

    •http://*.windowsupdate.com

    •http://download.microsoft.com

    •http://update.microsoft.com

    •http://ntservicepack.microsoft.com

    •http://wustat.windows.com

    •https://update.microsoft.com

    •http://*.download.windowsupdate.com

    •http://*.update.microsoft.com

    •https://*.update.microsoft.com

    Regards,


    Nick Gu - MSFT

    Friday, January 04, 2013 7:27 AM
    Moderator

All replies

  • Hi, the process to update Windows Server 2012 through Forefront TMG is the same way as with older Windows versions. Create a Firewall Policy rule which allows HTTP/HTTPS from your Windows Server 2012 to EXTERNAL or the Windows Update Server URL set

    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Thursday, January 03, 2013 9:01 AM
  • Many thanks It worked for me finally.

    But i think its not the rite solution as i have to modify rule continuously whenever i  will add another server in 2012 family.

    Any permanent solution please ?

    SSa



    SSA

    Thursday, January 03, 2013 9:51 AM
  • Use live logging and attempt again.

    Look at what is logged for the 2012 host you are running WU from. That will help to narrow down the issue.

    Btw, can you browse the Internet from the server in question (try microsoft.com in order to pass ESC).


    Hth, Anders Janson Enfo Zipper

    Thursday, January 03, 2013 9:51 AM
  • Hi,

    than change the rule from the specific Windows Server to INTERNAL.
    HTTP/HTTPS from INTERNAL to the Windows Update Server URL set, if you want to allow all clients/Servers to access the Internet for Updates


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Thursday, January 03, 2013 9:59 AM
  • Can you please tell me what do you mean by URL here ?

    Regards,

    SSA


    SSA

    Friday, January 04, 2013 6:12 AM
  • Hi,

    Thank you for the post.

    You can create a URL set, and then use it in access rules to allow or deny access to websites specified. Please include the following destinations when you create the destination set or the URL set for Windows Update:

    •http://download.windowsupdate.com

    •https://*.update.microsoft.com

    •http://*.update.microsoft.com

    •http://update.microsoft.com

    •http://*.windowsupdate.com

    •http://download.microsoft.com

    •http://update.microsoft.com

    •http://ntservicepack.microsoft.com

    •http://wustat.windows.com

    •https://update.microsoft.com

    •http://*.download.windowsupdate.com

    •http://*.update.microsoft.com

    •https://*.update.microsoft.com

    Regards,


    Nick Gu - MSFT

    Friday, January 04, 2013 7:27 AM
    Moderator
  • What did the logs say? Did you get a deny when running WU? How does the deny look like, e.g. from where to where etc?

    Hth, Anders Janson Enfo Zipper

    Friday, January 04, 2013 8:51 AM
  • Hi Marc,

    Thanks for the reply.

    From Server to External this rule is working fine, but from Server to URL set it is not working.

    I cannot allow all traffic to my production server any advice ?

    Thanks in advance 


    SSA

    Friday, February 08, 2013 11:47 AM
  • Make sure that winhttp proxy is configured. Otherwise it is acting as a Secure NAT client and will attempt to resolve the names iteself and request via IP address which obviously won't match any names.

    netsh winhttp show proxy

    will show what is configured, if none it will say "direct"

    netsh winhttp set proxy gate:80

    will set the proxy to gate using port 80. Change that to whatever your proxy is named and correct port. Then restart the windows update service and try again.


    Hth, Anders Janson Enfo Zipper

    Monday, February 11, 2013 2:49 PM
  • At which server i need to configure it ? on proxy server or the one which need to update ?

    Please clarify.



    SSA

    Monday, February 11, 2013 4:55 PM
  • On server needing updates.

    Hth, Anders Janson Enfo Zipper

    Tuesday, February 12, 2013 9:20 AM