DMTechGrooup
asked on
ISA 2004 - Allow access to Windows Update to all user
I followed this KB http://support.microsoft.com/kb/885819
From a workstation that has no allowed internet access I can get to www.microsoft.com but when I try to go to update.microsoft.com I get redirected to the No Internet allowed page specified in the Deny rule.
Here is the monitor from that WS below.
Any help is appreciated.
From a workstation that has no allowed internet access I can get to www.microsoft.com but when I try to go to update.microsoft.com I get redirected to the No Internet allowed page specified in the Deny rule.
Here is the monitor from that WS below.
Any help is appreciated.
Original Client IP Client IP Client Username Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Destination IP Protocol Transport HTTP Method URL MIME Type Object Source Source Network Destination Network Source Proxy Destination Proxy Action Bidirectional Client Host Name Rule Filter Information Network Interface Raw IP Header Raw Payload Log Time Source Port Destination Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type
192.168.1.121 192.168.1.121 DLI\iang IEXPLORE.EXE:3:5.1 NV - 65.55.184.157 HTTP TCP - - - Internal External Initiated Connection Allow_Website_Maintenance - 4/4/2009 3:09:08 PM 1163 80 0 0 0 0x0 0x0 0x0 Firewall
0.0.0.0 192.168.1.121 DLI\iang Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Yes Proxy NV 65.55.184.157 65.55.184.157 http TCP GET http://65.55.184.157/microsoftupdate Internal External - - Denied Connection - Internet Lockout Req ID: 0690d7b3 - - - 4/4/2009 3:09:08 PM 0 80 188 176 614 12202 The ISA Server denied the specified Uniform Resource Locator (URL). 0x0 0x0 Web Proxy Filter
192.168.1.121 192.168.1.121 DLI\iang IEXPLORE.EXE:3:5.1 NV - 65.55.184.157 HTTP TCP - - - Internal External Closed Connection Allow_Website_Maintenance - 4/4/2009 3:09:08 PM 1163 80 188 0 176 0x80074e24 FWX_E_CONNECTION_KILLED 0x0 0x0 Firewall
192.168.1.121 192.168.1.121 NV - 192.168.1.224 Unidentified IP Traffic (TCP:1745) TCP - - - Internal Local Host Initiated Connection - 4/4/2009 3:09:08 PM 1162 1745 0 0 0 0x0 0x0 0x0 Firewall
192.168.1.121 192.168.1.121 DLI\iang IEXPLORE.EXE:3:5.1 NV - 74.125.53.99 HTTP TCP - - - Internal External Initiated Connection Allow_Website_Maintenance - 4/4/2009 3:09:09 PM 1165 80 0 0 0 0x0 0x0 0x0 Firewall
0.0.0.0 192.168.1.121 DLI\iang Mozilla/4.0 (compatible; GoogleToolbar 6.0.1411.1512; Windows XP 5.1; MSIE 7.0.5730.13) Yes Proxy NV 74.125.53.99 74.125.53.99 http TCP GET http://74.125.53.99/search?client=navclient-auto&iqrn=zMGD&orig=0J&ie=UTF-8&oe=UTF-8&features=Rank:&q=info:http%3a%2f%2fupdate.microsoft.com%2fmicrosoftupdate&ch=73646830038 Internal External - - Denied Connection - Internet Lockout Req ID: 0690d7b8 - - - 4/4/2009 3:09:09 PM 0 80 1 176 577 12202 The ISA Server denied the specified Uniform Resource Locator (URL). 0x4 0x800 Web Proxy Filter
192.168.1.121 192.168.1.121 DLI\iang IEXPLORE.EXE:3:5.1 NV - 74.125.53.99 HTTP TCP - - - Internal External Closed Connection Allow_Website_Maintenance - 4/4/2009 3:09:09 PM 1165 80 16 0 176 0x80074e24 FWX_E_CONNECTION_KILLED 0x0 0x0 Firewall
---------------------------------------------------------------
URL SET RULE:
<?xml version="1.0" encoding="UTF-8"?>
<fpc4:Root xmlns:fpc4="http://schemas.microsoft.com/isa/config-4" xmlns:dt="urn:schemas-microsoft-com:datatypes" StorageName="FPC" StorageType="0">
<fpc4:Build dt:dt="string">4.0.2167.887</fpc4:Build>
<fpc4:Comment dt:dt="string"/>
<fpc4:Edition dt:dt="int">80</fpc4:Edition>
<fpc4:ExportItemClassCLSID dt:dt="string">{AA2E238A-0B11-4EF8-9257-DA4864F87A5A}</fpc4:ExportItemClassCLSID>
<fpc4:ExportItemStorageName dt:dt="string">{22E1748E-43A5-4666-BC1D-0219F793484A}</fpc4:ExportItemStorageName>
<fpc4:IsaXmlVersion dt:dt="string">1.10</fpc4:IsaXmlVersion>
<fpc4:OptionalData dt:dt="int">4</fpc4:OptionalData>
<fpc4:Upgrade dt:dt="boolean">0</fpc4:Upgrade>
<fpc4:Arrays StorageName="Arrays" StorageType="0">
<fpc4:Array StorageName="{D92FA13F-0C4A-4DD2-A5E7-A519F094F264}" StorageType="0">
<fpc4:Components dt:dt="int">-1</fpc4:Components>
<fpc4:Name dt:dt="string"/>
<fpc4:RuleElements StorageName="RuleElements" StorageType="0">
<fpc4:URLSets StorageName="URLSets" StorageType="0">
<fpc4:URLSet StorageName="{22E1748E-43A5-4666-BC1D-0219F793484A}" StorageType="1">
<fpc4:Name dt:dt="string">Microsoft_Updates</fpc4:Name>
<fpc4:Predefined dt:dt="boolean">0</fpc4:Predefined>
<fpc4:URLStrings>
<fpc4:Str dt:dt="string">http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us</fpc4:Str>
<fpc4:Str dt:dt="string">http://*.download.windowsupdate.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://*.microsoft.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://*.update.microsoft.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://*.windowsupdate.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://*.windowsupdate.microsoft.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://download.microsoft.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://download.windowsupdate.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://ntservicepack.microsoft.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://update.microsoft.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://windowsupdate.microsoft.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">http://wustat.windows.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">https://*.update.microsoft.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">https://*.windowsupdate.microsoft.com/*</fpc4:Str>
<fpc4:Str dt:dt="string">https://update.microsoft.com/*</fpc4:Str>
</fpc4:URLStrings>
</fpc4:URLSet>
</fpc4:URLSets>
</fpc4:RuleElements>
</fpc4:Array>
</fpc4:Arrays>
</fpc4:Root>
I would change the URL Set to a Domain Name Set , and make sure this rule is above all the other rules.
ASKER
I have tried that as well. Seems when it goes to the windows update it tries to go to an IP address instead of a domain name.. or so it seems.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I havent forgotten this.. I will get back to you early next week.. Thanks.