WSUS issue

Hi Experts.

After having upgraded from ISA 2006 to TMG firewall we are seeing this in WSUS server log:

Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.

Do you know how to adjust TMG to support the Range protocol header?

Thx.
jakobmarkussenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Amit BhatnagarTechnology Consultant - SecurityCommented:
Not sure about the issue. Have you checked the TMG log to see if WSUS is being blocked for some traffic.

The link below does talk about the error and provides a solution as well but it is a workaround. We can troubleshoot TMG if you want. In that case, I would like you to check the logs and let us know if you see some WSUS related messages. You can configure the TMG Log with Client Specific filter while updating WSUS to see the error messages in TMG, if any.

http://technet.microsoft.com/en-us/library/cc708426(WS.10).aspx
0
jakobmarkussenAuthor Commented:
dstewartjr -> Tried that with no effect. thx

Bamit99 -> Got this from the TMG log:

Log type: Web Proxy (Forward)
Status: 10053 An established connection was aborted by the software in your host machine.  
Rule: All to External
Source: Internal (10.45.205.7:58638)
Destination: External (cds7.arn.llnw.net 87.248.207.144:80)
Request: GET http://87.248.207.144/msdownload/update/software/uprl/2008/12/exchange2007-kb953467-x86-ko_6e95b14126260170e4fa3979a58836ae98e23333.cab 
Filter information: Req ID: 1291361b; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
 Additional information
Client agent: Microsoft BITS/7.5
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x10802041 (Request should not be served from the cache. Request includes the RANGE header. Request includes the IF-UNMODIFIED-SINCE header. Response includes the LAST-MODIFIED header. Response includes the AGE header.)
Processing time: 5429 MIME type: application/octet-stream
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Amit BhatnagarTechnology Consultant - SecurityCommented:
Ok...Now, is the WSUS Server a Webproxy Server or a SNAT. I know within ISA 2006, HTTP filter sometimes causes similar issues but not so sure about TMG. If WSUS is Proxy, have you tried removing the settings from IE and try again. Use it as SNAT and see if it makes a difference.

"Range protocol header" BITS...This search comes up with a lot of webpages on the internet and chances are, issue lies with TMG.

I'm apologize..could not be more specific with my answer..:(

Amit.
0
anees10Commented:
Visit the below website:

http://support.microsoft.com/kb/922330

To resolve this issue:
1.
Type: net stop WSUSService, and then press ENTER.

2.
Type: "%programfiles%\Update Services\tools\osql\osql.exe" -S
SQL_InstanceName -E -b -n -Q "USE SUSDB update tbConfigurationC set
BitsDownloadPriorityForeground=1" and then press ENTER.

3.
Type: net start WSUSService.

4.
Close the command prompt window and retry synchronization: in the WSUS
console, click Options, click Synchronization Options, and then under Tasks,
click Synchronize now.
0
anees10Commented:
WORKAROUND

If you are unable resolve this issue from the proxy/firewall side, then try these steps as a workaround on the WSUS server,

1.

Set BitsDownloadPriorityForeground=1 using osql.exe on WSUS SQL instance.

net stop WSUSservice
CD "%ProgramFiles%\Update Services\tools\osql"
osql.exe -S <SQL instance name> -E -b -n -Q "USE SUSDB update tbConfigurationC set BitsDownloadPriorityForeground=1"
net start WSUSservice
  Notes

When you run the above command-line, you will get the output as - "(1 row affected)".
The osql utility can be found under the "%ProgramFiles%\Update Services\Tools\osql" folder.
Provide the servername with the -S parameter. [Replace <SQL instance name with your SQL server if you are using SQL or %computername%\WSUS if you are using WMSDE]
2. OR,

Download the Server Diagnostic Tool and run WsusDebugTool.exe /Tool:SetForegroundDownload

  Note
The use of BITS caching with servers other than Microsoft Update or Software Update Services servers is not supported.
The Microsoft Update cache rule calculates the size of an object based on its content length, and does not include the length of the headers.
0
jakobmarkussenAuthor Commented:
anees10 -> This is for wsus2.0 I think. dstewartjr allready pointed to this for wsus3.0 yesterday..

I did try running ExecuteSQL.exe -S cphserver04\MICROSOFT##SSEE -d "SUSDB" -Q "update tbConfigurationC set BitsDownloadPriorityForeground=1

I do not get any output (like 1 row affected). Nor do I get any errors. I'll check logs tomorrow...
0
DonNetwork AdministratorCommented:
anees10
 
if you dont mind
ID:28560386
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jakobmarkussenAuthor Commented:
Yes ! Thx that pointed me in the rigth direction. I changed the default WSUS proxy rule and for 2 days no errors in the log...

Thx to all contributers.
0
itbeanCommented:
So, did you end up getting this issue fixed?  I'm having basically the same issue (and have been researching it for some time) in my EBS 2008 environment.
0
jakobmarkussenAuthor Commented:
Yes - I haven't seen any errors since I disabled the build-in wsus web cache rule...
0
itbeanCommented:
Hmmm... I'm still seeing getting some failed connection attempts

Mine are somewhat different from yours above.
Failed Connection Attempt TMGBOX 3/30/2010 4:30:08 PM
Log type: Web Proxy (Forward)
Status: 10054 An existing connection was forcibly closed by the remote host.  
Rule: Allow Internet Access to All Users
Source: Internal ()
Destination: External (63.118.252.83:80)
Request: GET http://63.118.252.83/msdownload/update/software/secu/2010/03/ie7-windowsserver2003-kb980182-ia64-enu_dbca644f246064993067d5769522bc87c0169a39.exe 
Filter information: Req ID: 1c9eb41e; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
 Additional information
Client agent: Microsoft BITS/7.5
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x802041 (Request should not be served from the cache. Request includes the RANGE header. Request includes the IF-UNMODIFIED-SINCE header. Response includes the LAST-MODIFIED header.)
Processing time: 17110 MIME type: application/octet-stream
 
0
jakobmarkussenAuthor Commented:
What does your windows log say?
0
itbeanCommented:
event id 364
Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.
 Source File: /msdownload/update/software/defu/2010/03/mpam-fe_12eea91425061b75775cae843c81285ffb5e10cd.exe Destination File: d:\updates\WsusContent\CD\12EEA91425061B75775CAE843C81285FFB5E10CD.exe.

The only firewall in play here is TMG.  
0
jakobmarkussenAuthor Commented:
Well okay.. That is the exact same error I saw... And did you check the cache rules?
0
itbeanCommented:
I disabled the built-in wsus web cache rule as you did... I was pretty hopeful when I saw your issue solved.  Now I'm thinking I have not just one issue, but perhaps a combination of issues.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.