?
Solved

Problem getting WSUS 3.0 working with ISA 2000

Posted on 2007-07-29
5
Medium Priority
?
2,109 Views
Last Modified: 2012-05-05
I am currently having a nightmare trying to deploy WSUS 3.0 onto a domain for a friend of mine.
To cut a long story short, updates have not been run on any of the domain machines for a very long time and it seems to be due to the ISA 2000 server blocking the automated updates (BITS) service, so a local WSUS server seemed appropriate to help solve the problem...

After installing WSUS 3.0 on a 2003 member server and running a manual synch I get the following error:
WebException: The remote server returned an error: (407) Proxy Authentication Required.
at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

All computers on the domain cannot get updates via the BITS service (the icon when downloading auto updates appears but sits at 0% for a while and then disappears), the error in the windows update.log file is as follows:
2007-07-29      09:25:57:788       996      1890      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2007-07-29      09:25:57:788       996      1890      DnldMgr      Error 0x8024402c occurred while downloading update; notifying dependent calls.
2007-07-29      09:25:58:085       996      1238      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2007-07-29      09:25:58:085       996      1238      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2007-07-29      09:25:58:085       996      1238      DnldMgr      ***********  DnldMgr: New download job [UpdateId = {8E058E91-FA8C-4BB0-B1EE-90AC6BF6D7A3}.102]  ***********
2007-07-29      09:25:58:226       996      1238      DnldMgr        * BITS job initialized, JobId = {AAE67740-4BEB-4F57-8655-2AFFE0DC5044}
2007-07-29      09:25:58:226       996      1238      DnldMgr      BITS job {AAE67740-4BEB-4F57-8655-2AFFE0DC5044} using proxy = http=Trust me that this entry is correct but I've replaced the text here for security etc, bypass = <NULL>
2007-07-29      09:25:58:335       996      1238      DnldMgr        * Downloading from http://download.windowsupdate.com/msdownload/update/v5/psf/windowsserver2003-kb935839-x86-enu_09930c3ae97e3223e787646b4394aede46eecd4c.psf to C:\WINDOWS\SoftwareDistribution\Download\f1921ba434ee3d498f996cf17f1762e9\download\WindowsServer2003-KB935839-x86-ENU.psf.blob (2 subranges).
2007-07-29      09:25:58:585       996      1238      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2007-07-29      09:25:58:585       996      1238      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2007-07-29      09:25:58:601       996      1238      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2007-07-29      09:25:58:647       996      1238      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2007-07-29      09:25:58:647       996      1238      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2007-07-29      09:25:58:647       996      1238      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0
2007-07-29      09:25:58:647       996      1238      Service      WARNING: GetUserTokenFromSessionId failed with error 800704dd for session 0

I've got a windows update http and https rule setup for ISA2000 to no avail.
The strange thing is that if I browse to windows update in IE and manually start an update from there, the update works and also the BITS service kicks in and starts to download!

There is something going on here with ISA2000 that is not allowing proxy auth for some reason.
I have also got an anonymous allow rule set up for windows update on the ISA 2000 server and I have tried setting the WSUS server to use no login auth, that also fails as does using domain admin for proxy auth, both give the 407 failed auth error.

Admittedly I have not as yet tried using WSUS v2.

Any help here would be greatly appreciated as this company's domain is a real mess with no updates for a very long time. If you need any other logs/errors etc just let me know.
0
Comment
Question by:Gonkster
  • 3
5 Comments
 
LVL 5

Accepted Solution

by:
kmotaweh earned 500 total points
ID: 19588028
i have worked on isa 2000 for almost 2 years and was a trully nightmare because it  makes a lot of things with no reason one of the solutions was to restart it and the other one which was documented by microsoft itself is to reinstall it and my suggestions is to upgrade and save your time on troubleshooting on isa 2000 because it's not good as any other version of isa
0
 
LVL 1

Author Comment

by:Gonkster
ID: 19588041
I've restarted the ISA server after manually running some updates on it (this was the first machine I updated and the only other machine I have updated manually so far was the WSUS server which is also running exchange). Only these 2 machines on the domain are up to date...the hassle for me here is that the problem is so bad that lots of xp desktops on the domain do not yet even have sp2 installed!
If it was up to me I'd definitely upgrade to ISA 2004 perhaps, alas it's not an option.

Looking at how bad this problem is I think it's worth 500 :)
0
 
LVL 1

Author Comment

by:Gonkster
ID: 19595686
After some major hairpulling, I've installed WSUS v2.0 instead, needless to say it's unsupported now, but then again so is ISA2000 afaik. WSUS 2.0 worked just fine with the ISA2k server, not the ideal set up imho but I suppose it will last long enough to be someone else's problem at a later date :)
0
 
LVL 3

Assisted Solution

by:elissaqp
elissaqp earned 500 total points
ID: 19608825
did you tried installing ISA client on client computers? On the ISA Server, the windows update rule must be applied for all the domain users and WSUS network account.
0
 
LVL 1

Author Comment

by:Gonkster
ID: 19609386
I've set up an auth rule as per the Microsoft guide and even tried making an anonymous access rule to no avail.
As I said, WSUS 2.0 worked just fine.
It's not the ideal solution but then again the entire network is such a dogs dinner it would cost a princely sum  to fix things properly. I'll split the points between you guys for having answered me, many thanks guys.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month14 days, 17 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question