XP SP2 - WU client 2.0 not properly authenticating itself against ISA Server 2000
From: Kelly N (kn_at_CENTRALCOMPLEX.COM)
Date: Fri, 20 Aug 2004 10:29:33 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
After installing SP2 on XP, windows update no longer worked on those
workstations. All of our workstations are behind an ISA 2000 SP2 server
which requires authentication from the client before it will allow access
to the internet. The error code shown on the windows update page was
0x80244021. There were no articles in the Kbase regarding that error.
After browsing the ISA logs, we found that in our case the WU client 2.0
does not properly authenticate with the ISA server. During
authentication, the WU client identifies itself as "Domain\" instead of
"Domain\UserName". Authentication fails and then Windows Update fails and
issues the error. Of course WU is still working fine on all other
versions of Windows 2000 and XP. We have temporarily bypassed this
problem by creating a rule in ISA which allows the client to access the
internet without having to authenticate first. Of course this is not a
solution that we prefer. We would prefer that the WU client properly
authenticate with ISA. We contacted Microsoft but there was no word on
whether the client would be fixed or not and our trouble ticket was closed
since our temporary fix has allowed our client to successfully use WU
through ISA. I am unaware of how rare or common this problem is in other
companies running XP SP2 & ISA 2000.
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.