Hi all!
First off, congrats on the site! I have been looking for a website where other school IT people can share ideas so you may see a lot of me here
Backround: I have recently taken over support of a local primary school's IT systems from Norfolk County Councils ICT team. I've been trying to set the whole network up so that it requires as little day to day admin as possible and even can be managed remotely.
The problem: I have installed WSUS 3 onto the schools server as they need a LOT of patches from Microsoft and it would take me too long to do it manually (and cost the school too much for me to be there doing it). I have followed the installer and it seems to be setup and I was greeted with the config wizard.
I fill in all the info up to the point where it asks to download the data from Microsoft detailing all patches/updates/etc. Whenever I try and do this, I get a HTTP error that then says the client actively refused the connection.
I have checked that the proxy details are correct and all other information is fine but it seems to stumble here.
The proxy server is an E2BN Cachepilot(Linux box with a nice webpage set). Unfortunatly the proxy is owned and run by the county council so changes to it are next to nil. I have emailed them regarding the issue to be told "we do not support WSUS as it is untested and unproven. If you wish to do this, you go it alone"
Does anyone have ANY ideas/tips/tricks that could get this to work? Just to check that my config was right, I have tried installing at another school and at home. I can get a connection at home but the other school (also NCC proxy server) does not connect.
If I cant get it to work then I cant. It's just infuriating that something as useful as WSUS cant work behind an NCC proxy.
Any help greatly received and sorry for length of post
Steve
IT Techie
Does the proxy need authentication ? If so can you use the admin or an unfiltered user? If you can't and there is no proxy authentication then i assume that he cachepilot is blocking it as inappropriate ...
I have WSUS 3 running through a Equiinet Netpilot 3, with and without a proxy (i have tested) which is a similiar sort of thing and works great.
Kevin
HI
If you run windows updates on the machines does it work ok.
Go to a machine and click start run and type proxycfg -u
Reboot the machine and try again.
This fixed mine and I put the scipt into the startup script on the wsus policy.
Richard :P
Hi, from your neighbour at the Wayland cluster of primaries...
I have been trying to get this working for many months now. Its the LEA proxy filtering or cachepilots and as yet have not found a way round it. You may find some schools are set up for SUS but this is incompatible with WSUS.
On another Windows Update Note, Automatic updates are also blocked, as is "wuauclt /detectnow". The only way I have found to update is by the website.
If anyone has a method of successfully setting this up, i will be eternally grateful.
Ps, if your taking over from the ICT Solutions, your best bet is probably to reinstall a PC with all the updates and software, and image it to all the others. Thats what I wish I did when I started a year ago...
Craig
Yeah the setup was a bit of an interesting one but there is way too much curriculum software on those machine to gut it and start again.
The windows updates website works it's just a pain to go round and do it on each machine just because ICT Solutions have blocked it!
The Cachepilot does not have authentication turned on so it cant be blocking it because of user access.
And hi fellow Norfolk techie! I've been with the high school in my sig for 5 ish years now but have recently taken up the Primary school as they were 'desperate' for someone to sort out the mess they had!
It's becoming quite hard to setup some of these things though as it's a flip of the coin as to wether it's blocked by ICT Solutions or not.
ho hum, thanks for the replies anyways guys.
Steve
Is there a bypass proxy port you can use such as 3128 ?
Kevin
There often is a bypass port on equiinet cachepilots... not sure what port it's on tho, I broke mine :-/
Perhaps you should email ICT Solutions again and point them to this siteOriginally Posted by BaccyNet
http://technet.microsoft.com/en-us/wsus/bb466186.aspx
SUS (the system ict solutions use) support from microsoft will end on the 10 July 2007....This is an extended date and originally it was due to end some time ago.
If they have not yet got around to even testing its replacment then they really should get thier finger out and do so PDQ. To run an unsupported system would leave them to "go it alone"
Id really really recommend moving it in parrelel with your network so that your servers have direct access to the net. Reasons for this are well documented if you search this site for "cachepilot"
I still cant quite understand why they dont support such a tool in schools. I know they have their own 'Microsoft Patch Management' but I dont see why I should ask a school to pay for something that can be done free!
@j17sparky - I would bypass the cachepilot apart from the fact the County/BT router is set not to accept any connections except those from the cachepilot itself, making things rather tricky. So as soon as any data passes out of my servers, its into county hardware
@big-jon - I would email them back but it's a waste of an email as I'd still get the same response. When I had a problem with a cachepilot a few months ago, their helpdesk asked ME what a cachepilot was?!?!?
Hopefully as SUS's lifetime is ending soon they may just fix the problem for me but I dont hold out much hope!
If anyone happens to know what/if there is a bypass port on a NCC/ICT Solutions cachepilot and what port number it is, please let me know
Thanks for the replies
Steve
Bit of an update for you all.
Recently one of the schools has changed webfiltering. The previous system was Symantec Web Security(hosted by the CC) to Bluecoat(also hosted by CC). Didn't think this would make much difference to the WSUS situation but thought I'd give it a try anyway.
Got in this morning and it seems to have been sync'ing fine with Microsoft. So this highlights that it was the web filtering at the county end that was blocking it for some reason. Hopefully when I'm next in to the other school, I can check and see if they are sync'ing (which it shouldnt as they are still Symantec)
Just thought it may be of interest to any other techies (mainly in Norfolk)
Now I've just got to sift the 900+ updates it seems to have found
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote