Software Update Services and ISA server
From: Jacques Schenk (jschenk_at_zeelandnet.nl)
Date: 03/30/04
- Next message: Atanas Tzvetanov: "Re: Yahoo account"
- Previous message: sen: "Re: [?]IP Blacklist"
- In reply to: Jacques Schenk: "Software Update Services and ISA server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Mar 2004 01:16:27 -0800
Some additional information: From the ISA log i see this:
Working situation:
The SUS tries to connect first using anonymous access
(fails 407) and then the account "domain\" (so just the
domainname, which fails 407 also) and then with the
proper "Domain\Username" account.
This last request is granted (as expected)
Failing situation:
the SUS tries to connect first using anonymous access
(fail 407)and then the account "domain\" (so just the
domainname, fails 407 also)
Now there are no requests in the log with the
proper "domain\username" !
So somehow SUS needs to supply the configured
username/password rightaway without trying anonymous first.
How do we get this done ?????
Below the entries from the log:
FAIL:
10.120.1.254, anonymous, -, N, 3/27/2004, 6:00:08,
w3proxy, TRNPROXY, -, www.msus.windowsupdate.com, -, 80,
0, 150, 4172, http, TCP, GET,
http://www.msus.windowsupdate.com/msus/v1/aucatalog1.cab, -
, -, 407, 0x0, -, -
10.120.1.254, anonymous, -, N, 3/27/2004, 6:00:08,
w3proxy, TRNPROXY, -, www.msus.windowsupdate.com, -, 80,
0, 0, 604, http, TCP, GET,
http://www.msus.windowsupdate.com/msus/v1/aucatalog1.cab, -
, -, 407, 0x0, -, -
10.120.1.254, TRN\, -, Y, 3/27/2004, 6:00:08, w3proxy,
TRNPROXY, -, -, -, 0, 0, 286, 0, -, TCP, GET,
http://www.msus.windowsupdate.com/msus/v1/aucatalog1.cab, -
, -, 12202, 0x0, Allow only HTTP and HTTP-S, -
OK
10.120.1.254, anonymous, -, N, 3/22/2004, 6:00:17,
w3proxy, TRNPROXY, -, www.msus.windowsupdate.com, -, 80,
0, 150, 4172, http, TCP, GET,
http://www.msus.windowsupdate.com/msus/v1/aucatalog1.cab, -
, -, 407, 0x0, -, -
10.120.1.254, anonymous, -, N, 3/22/2004, 6:00:17,
w3proxy, TRNPROXY, -, www.msus.windowsupdate.com, -, 80,
0, 0, 604, http, TCP, GET,
http://www.msus.windowsupdate.com/msus/v1/aucatalog1.cab, -
, -, 407, 0x0, -, -
10.120.1.254, TRN\, -, Y, 3/22/2004, 6:00:17, w3proxy,
TRNPROXY, -, -, -, 0, 0, 286, 0, -, TCP, GET,
http://www.msus.windowsupdate.com/msus/v1/aucatalog1.cab, -
, -, 12209, 0x0, Allow only HTTP and HTTP-S, -
10.120.1.254, anonymous, -, N, 3/22/2004, 6:00:17,
w3proxy, TRNPROXY, -, www.msus.windowsupdate.com, -, 80,
0, 222, 370, http, TCP, GET,
http://www.msus.windowsupdate.com/msus/v1/aucatalog1.cab, -
, -, 407, 0x0, -, -
10.120.1.254, trn\cmp_server, -, Y, 3/22/2004, 6:00:18,
w3proxy, TRNPROXY, -, 10.22.4.1, 10.22.4.1, 8080, 672,
382, 352, http, TCP, GET,
http://www.msus.windowsupdate.com/msus/v1/aucatalog1.cab,
application/octet-stream, Upstream, 10054, 0x48860000, All
for Admins, Allow administrators all
>-----Original Message-----
>I use Software Update Services which connects through ISA
server to the internet.
>This worked fine, however only until i implemented the
fix to prevent authenticated user from receiving a logon
box when they try to access content of a unauthorised
sites
>
([HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Pr
oxy\Parameters]:"ReturnDeniedIfAuthenticated"=1)
>
>Now the SUS server no longer downloads the updates,
although the account used to retreive the updates has
access to site through ISA server, it downloads the files
fine without the reg entry .
>The error i get is:
>Failed to download from
URL 'http://www.msus.windowsupdate.com/msus/v1/aucatalog1.c
ab'. (Error 0x801901F6: HTTP error 502. The proxy server
returned an error.)
>
>How do I get SUS to work with ISA and the
ReturnDeniedIfAuthenticated=1 option
>.
>
- Next message: Atanas Tzvetanov: "Re: Yahoo account"
- Previous message: sen: "Re: [?]IP Blacklist"
- In reply to: Jacques Schenk: "Software Update Services and ISA server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
