+ Post New Thread
Results 1 to 13 of 13
Windows Server 2000/2003 Thread, Updating ISA server from WSUS issues in Technical; ...
  1. #1

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16

    Updating ISA server from WSUS issues

    Morning all.

    I hope that someone might be able to help me with a really annoying issue. To cut a long story short, Iím trying to get our ISA 2006 server to get updates from our WSUS. What is strange about this is that it seems that all requests from the ISA box are being passed on to our CLEO internet connection.

    I can confirm this by trying to access our Intranet site which is on the same server as the WSUS. When I enter the address in a browser on the ISA server I get a connection refused error from a lancsngfl proxy.

    The windows update log on the ISA box has a load of 0x80244022 and 0x801901f7 errors which all seem to point back to this request being forwarded outside of our network to the lancsngfl proxies.

    All other computers and servers in the school can update from the WSUS and see the Intranet pages fine. Iíve check the ISA rules and everything seems to be passing around the network fine,

    This is driving me crazy. Has anyone got any ideas of something I might have missed.

    Cheers.

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,949
    Thank Post
    519
    Thanked 2,500 Times in 1,941 Posts
    Blog Entries
    24
    Rep Power
    840
    What DNS servers have you got set up on the ISA box?

  3. #3

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Thanks for the reply. There is no DNS server on our ISA box, this is handeled by another server on the network.

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,205
    Thank Post
    876
    Thanked 2,729 Times in 2,308 Posts
    Blog Entries
    11
    Rep Power
    782
    Sounds like the chaining rule is set to send all requests to the upstream proxy, you probably need to create a new chaining rule that sends any request from localhost (isa) to the WSUS server via the internal network instead of passing it up the chain.

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,949
    Thank Post
    519
    Thanked 2,500 Times in 1,941 Posts
    Blog Entries
    24
    Rep Power
    840
    Quote Originally Posted by mcowley View Post
    Thanks for the reply. There is no DNS server on our ISA box, this is handeled by another server on the network.
    No, I mean, what DNS servers does it refer to. ie. does it send all DNS requests to internal servers. Do an IPConfig /all and see.

  6. #6
    ajs
    ajs is offline

    Join Date
    Jun 2008
    Location
    Wigton, Cumbria
    Posts
    226
    Thank Post
    2
    Thanked 35 Times in 35 Posts
    Rep Power
    23
    Quote Originally Posted by SYNACK View Post
    Sounds like the chaining rule is set to send all requests to the upstream proxy, you probably need to create a new chaining rule that sends any request from localhost (isa) to the WSUS server via the internal network instead of passing it up the chain.
    That's the exact solution that took me about 12 months to figure out a few years ago at my previous job.

    Didn't help that the company who installed the servers kept telling me that absolutely everything had to go through the LA's proxy. It was only when I was setting up some web publishing rules for an internal IT Faculty site that I realised what web chaining rules needed altering.

  7. Thanks to ajs from:

    mcowley (2nd March 2010)

  8. #7

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Quote Originally Posted by localzuk View Post
    No, I mean, what DNS servers does it refer to. ie. does it send all DNS requests to internal servers. Do an IPConfig /all and see.
    Ah, sorry. Ok, the local network card DNS is set to the correct local server on our network and our Internet connected card is set to a DNS on the CLEO network.

    I've seen a few errors in the windows upate log relating to WinHttp. Would this be related to the fact that WINS Proxy Enabled is set to no on ipconfig /all?

  9. #8

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Quote Originally Posted by SYNACK View Post
    Sounds like the chaining rule is set to send all requests to the upstream proxy, you probably need to create a new chaining rule that sends any request from localhost (isa) to the WSUS server via the internal network instead of passing it up the chain.
    Am I right in saying that the chaining rule is one to allow HTTP, HTTPS, and Kerberos-Sec UDP between the ISA localhost entry and the WSUS server? If so I have created that rule this morning but the errors still persist.

  10. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,205
    Thank Post
    876
    Thanked 2,729 Times in 2,308 Posts
    Blog Entries
    11
    Rep Power
    782
    The setting is under the configuration tree option on the left hand side under networks, you want to create a new web chaining rule that applies only to the localhost network going to local sites.
    Attached Images Attached Images

  11. Thanks to SYNACK from:

    mcowley (2nd March 2010)

  12. #10

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,949
    Thank Post
    519
    Thanked 2,500 Times in 1,941 Posts
    Blog Entries
    24
    Rep Power
    840
    Quote Originally Posted by mcowley View Post
    Ah, sorry. Ok, the local network card DNS is set to the correct local server on our network and our Internet connected card is set to a DNS on the CLEO network.
    As far as I'm aware, all DNS should be pointing internally. With the internal DNS set to forward requests to the external ones should it not be able to return a record itself.

    The way you have it, the ISA box can simply ignore internal addresses entirely...

  13. Thanks to localzuk from:

    mcowley (2nd March 2010)

  14. #11

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,205
    Thank Post
    876
    Thanked 2,729 Times in 2,308 Posts
    Blog Entries
    11
    Rep Power
    782
    @localzuk - agreed, the cleo DNS servers should be set as fowarders on your internal DNS servers (you'll need to let DNS traffic through from your servers to the net). That way all DNS lookups are internal and are only requested from the outside if they are unresolvable internally and not already cached from a previous external DNS lookup.

  15. #12

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Quote Originally Posted by SYNACK View Post
    The setting is under the configuration tree option on the left hand side under networks, you want to create a new web chaining rule that applies only to the localhost network going to local sites.
    Thank you so much!

    Thats got it. I have very little knowledge of the finer points of ISA. This was setup by an outside contractor and that rule was never created.

    Thanks again to everyone for your help.

  16. #13

    Join Date
    Mar 2007
    Location
    Chorley
    Posts
    76
    Thank Post
    20
    Thanked 5 Times in 5 Posts
    Rep Power
    16
    Quote Originally Posted by localzuk View Post
    As far as I'm aware, all DNS should be pointing internally. With the internal DNS set to forward requests to the external ones should it not be able to return a record itself.

    The way you have it, the ISA box can simply ignore internal addresses entirely...
    Ah, I never knew about how the connection was suposed to work on this. At the end of school today I'll try repointing the DNS on the Internet NIC to get things as they should be.

    Thanks for the advice.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 6
    Last Post: 27th February 2010, 06:24 PM
  2. WSUS Download issues
    By MattCowen in forum Windows Server 2000/2003
    Replies: 6
    Last Post: 7th April 2009, 09:27 AM
  3. ISA 2004 & WSUS
    By Gatt in forum Windows
    Replies: 9
    Last Post: 15th June 2006, 01:38 PM
  4. Deloying Office 2003 SP2 by WSUS issues.
    By tosca925 in forum Windows
    Replies: 4
    Last Post: 13th January 2006, 07:02 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •