• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2129
  • Last Modified:

WSUS issue

Hi Experts.

After having upgraded from ISA 2006 to TMG firewall we are seeing this in WSUS server log:

Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.

Do you know how to adjust TMG to support the Range protocol header?

Thx.
0
jakobmarkussen
Asked:
jakobmarkussen
  • 6
  • 4
  • 3
  • +2
1 Solution
 
Amit BhatnagarTechnology Consultant - SecurityCommented:
Not sure about the issue. Have you checked the TMG log to see if WSUS is being blocked for some traffic.

The link below does talk about the error and provides a solution as well but it is a workaround. We can troubleshoot TMG if you want. In that case, I would like you to check the logs and let us know if you see some WSUS related messages. You can configure the TMG Log with Client Specific filter while updating WSUS to see the error messages in TMG, if any.

http://technet.microsoft.com/en-us/library/cc708426(WS.10).aspx
0
 
jakobmarkussenAuthor Commented:
dstewartjr -> Tried that with no effect. thx

Bamit99 -> Got this from the TMG log:

Log type: Web Proxy (Forward)
Status: 10053 An established connection was aborted by the software in your host machine.  
Rule: All to External
Source: Internal (10.45.205.7:58638)
Destination: External (cds7.arn.llnw.net 87.248.207.144:80)
Request: GET http://87.248.207.144/msdownload/update/software/uprl/2008/12/exchange2007-kb953467-x86-ko_6e95b14126260170e4fa3979a58836ae98e23333.cab 
Filter information: Req ID: 1291361b; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
 Additional information
Client agent: Microsoft BITS/7.5
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x10802041 (Request should not be served from the cache. Request includes the RANGE header. Request includes the IF-UNMODIFIED-SINCE header. Response includes the LAST-MODIFIED header. Response includes the AGE header.)
Processing time: 5429 MIME type: application/octet-stream
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Amit BhatnagarTechnology Consultant - SecurityCommented:
Ok...Now, is the WSUS Server a Webproxy Server or a SNAT. I know within ISA 2006, HTTP filter sometimes causes similar issues but not so sure about TMG. If WSUS is Proxy, have you tried removing the settings from IE and try again. Use it as SNAT and see if it makes a difference.

"Range protocol header" BITS...This search comes up with a lot of webpages on the internet and chances are, issue lies with TMG.

I'm apologize..could not be more specific with my answer..:(

Amit.
0
 
anees10Commented:
Visit the below website:

http://support.microsoft.com/kb/922330

To resolve this issue:
1.
Type: net stop WSUSService, and then press ENTER.

2.
Type: "%programfiles%\Update Services\tools\osql\osql.exe" -S
SQL_InstanceName -E -b -n -Q "USE SUSDB update tbConfigurationC set
BitsDownloadPriorityForeground=1" and then press ENTER.

3.
Type: net start WSUSService.

4.
Close the command prompt window and retry synchronization: in the WSUS
console, click Options, click Synchronization Options, and then under Tasks,
click Synchronize now.
0
 
anees10Commented:
WORKAROUND

If you are unable resolve this issue from the proxy/firewall side, then try these steps as a workaround on the WSUS server,

1.

Set BitsDownloadPriorityForeground=1 using osql.exe on WSUS SQL instance.

net stop WSUSservice
CD "%ProgramFiles%\Update Services\tools\osql"
osql.exe -S <SQL instance name> -E -b -n -Q "USE SUSDB update tbConfigurationC set BitsDownloadPriorityForeground=1"
net start WSUSservice
  Notes

When you run the above command-line, you will get the output as - "(1 row affected)".
The osql utility can be found under the "%ProgramFiles%\Update Services\Tools\osql" folder.
Provide the servername with the -S parameter. [Replace <SQL instance name with your SQL server if you are using SQL or %computername%\WSUS if you are using WMSDE]
2. OR,

Download the Server Diagnostic Tool and run WsusDebugTool.exe /Tool:SetForegroundDownload

  Note
The use of BITS caching with servers other than Microsoft Update or Software Update Services servers is not supported.
The Microsoft Update cache rule calculates the size of an object based on its content length, and does not include the length of the headers.
0
 
jakobmarkussenAuthor Commented:
anees10 -> This is for wsus2.0 I think. dstewartjr allready pointed to this for wsus3.0 yesterday..

I did try running ExecuteSQL.exe -S cphserver04\MICROSOFT##SSEE -d "SUSDB" -Q "update tbConfigurationC set BitsDownloadPriorityForeground=1

I do not get any output (like 1 row affected). Nor do I get any errors. I'll check logs tomorrow...
0
 
Donald StewartNetwork AdministratorCommented:
anees10
 
if you dont mind
ID:28560386
0
 
jakobmarkussenAuthor Commented:
Yes ! Thx that pointed me in the rigth direction. I changed the default WSUS proxy rule and for 2 days no errors in the log...

Thx to all contributers.
0
 
itbeanCommented:
So, did you end up getting this issue fixed?  I'm having basically the same issue (and have been researching it for some time) in my EBS 2008 environment.
0
 
jakobmarkussenAuthor Commented:
Yes - I haven't seen any errors since I disabled the build-in wsus web cache rule...
0
 
itbeanCommented:
Hmmm... I'm still seeing getting some failed connection attempts

Mine are somewhat different from yours above.
Failed Connection Attempt TMGBOX 3/30/2010 4:30:08 PM
Log type: Web Proxy (Forward)
Status: 10054 An existing connection was forcibly closed by the remote host.  
Rule: Allow Internet Access to All Users
Source: Internal ()
Destination: External (63.118.252.83:80)
Request: GET http://63.118.252.83/msdownload/update/software/secu/2010/03/ie7-windowsserver2003-kb980182-ia64-enu_dbca644f246064993067d5769522bc87c0169a39.exe 
Filter information: Req ID: 1c9eb41e; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
 Additional information
Client agent: Microsoft BITS/7.5
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x802041 (Request should not be served from the cache. Request includes the RANGE header. Request includes the IF-UNMODIFIED-SINCE header. Response includes the LAST-MODIFIED header.)
Processing time: 17110 MIME type: application/octet-stream
 
0
 
jakobmarkussenAuthor Commented:
What does your windows log say?
0
 
itbeanCommented:
event id 364
Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.
 Source File: /msdownload/update/software/defu/2010/03/mpam-fe_12eea91425061b75775cae843c81285ffb5e10cd.exe Destination File: d:\updates\WsusContent\CD\12EEA91425061B75775CAE843C81285FFB5E10CD.exe.

The only firewall in play here is TMG.  
0
 
jakobmarkussenAuthor Commented:
Well okay.. That is the exact same error I saw... And did you check the cache rules?
0
 
itbeanCommented:
I disabled the built-in wsus web cache rule as you did... I was pretty hopeful when I saw your issue solved.  Now I'm thinking I have not just one issue, but perhaps a combination of issues.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 6
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now