locked
UAG RC0 Cannot Access Windows Update RRS feed

  • Question

  • Hi Everyone...

    I've got two UAG servers built in my test environment.  They are VM's on ESX 3.5 U4.  The guests are 2008 R2 Enterprise x64.  UAG is RC0.  I have an internal NIC on one VLAN and an external NIC on another VLAN.  The external NIC is able to connect to the Internet.

    No matter what rules I enable on the TMG side of the UAG server, these servers will not get to Windows Update.  I have verified that system rule 26 is enabled, and I have created a new rule (#2) for Windows Update.  Still no luck.

    The only way that I can currently get to Windows Update on these machines is if I disable the following services:

    • Windows Firewall (The following 4 services are a result of disabling this service)
    • Microsoft Firewall
    • Microsoft Forefront TMG Job Scheduler
    • Microsoft Forefront TMG Managed Control
    • Microsoft Forefront TMG Control

    I know that by default, "ISA" servers are not allowed out to the Internet.  I also know that you can configure them to get to Windows Update and other update sites as needed.  I have referenced the following links, but nothing works.

    • http://support.microsoft.com/kb/896226
    • http://social.technet.microsoft.com/Forums/en/FTMGNext/thread/2a5013af-d26f-4475-add8-d4f318a60b38
    • http://social.technet.microsoft.com/Forums/en/FTMGNext/thread/99a7626e-65be-4372-9ad5-d2870ed46b15
    • http://elmajdal.net/ISAServer/Allow_Internet_From_ISA_Server_Machine.aspx

    Any advise would be greatly appreciated.
    • Moved by ElMajdal Wednesday, January 13, 2010 10:36 PM Related to UAG (From:Forefront Edge Security - Internet Access)
    Wednesday, January 13, 2010 8:37 PM

Answers

  • 1st, I'd suggest you install the RTM version of UAG, as there have been many changes since RC0.
    2nd, if there's still a problem, use TMGs monitoring tab to inspect what blocks the traffic - there might be some rule conflict or misconfiguration.


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Thursday, January 21, 2010 6:53 PM
    Thursday, January 21, 2010 6:53 PM

All replies

  • 1st, I'd suggest you install the RTM version of UAG, as there have been many changes since RC0.
    2nd, if there's still a problem, use TMGs monitoring tab to inspect what blocks the traffic - there might be some rule conflict or misconfiguration.


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Thursday, January 21, 2010 6:53 PM
    Thursday, January 21, 2010 6:53 PM
  •  

    It is a bug in UAG somewhere.  I have UAG SP1 and the same issue.   It specificaly states in UAG  setup to not modify TMG so enabling microsoft updates durring UAG setup and confiming in TMG system rules that windows update is allowed is the extent I am willing to go.

     

    UAG SP 7 you might be in luck.

     

     

    Wednesday, January 26, 2011 9:32 PM