[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Windows Update over SQUID

Posted on 2011-09-07
6
Medium Priority
?
1,584 Views
Last Modified: 2012-08-13
We have a situation here where computers running Windows 7 or Windows 2008 behind a Squid proxy are unable to connect to the Windows Update service in the Internet. Our linux guys said that the request hits the squid without authentication information, so that it's denied. From the Windows box, we see a box asking for credentials, but none will work. The computers can navigate the internet with no issues using Internet Explorer pointed to the squid box. The problem occurs only when we use the Windows Update control panel applet.

Here is the error found in the Squid log:

192.168.141.11 TCP_DENIED/407 2009 GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab - NONE/- text/html

Do you guys know anything about this issue involving newer versions of Windows? Do you guys know how to fix it?

Linux version: CentOS 5.6 64 bits
Squid version 2.6.STABLE21
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 41

Accepted Solution

by:
graye earned 2000 total points
ID: 36504347
Tell your liunx guys to read the FAQ on Windows Update

http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
0
 
LVL 11

Author Comment

by:Renato Montenegro Rustici
ID: 36505154
Thak you for your reply. I'm sending the docs to them. I will get back here soon.
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36508274
Hi,
Also you can tell them to adjust their iptables rules to "withelist"windows update sites/urls.
-hope helps
0
Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

 
LVL 5

Expert Comment

by:hvillanu
ID: 36508283
Hi,
If want to improve performance and control on Windows Update, you should consider install/configure wsus service on windows2008 server and then configure the clients to "download" updates from that server over Local Network instead over Internet.
-reglards-
0
 
LVL 22

Expert Comment

by:dan_blagut
ID: 36508498
Hello

Or you can implement an WSUS. That will allow you to enter the credentials for squid, and will reduce the bandwith. You will also have the choice on what update you install or not.

dan
0
 
LVL 11

Author Comment

by:Renato Montenegro Rustici
ID: 36510448
We are trying to implement a WSUS, but we are a datacenter and the costumer is willing to pay for an additional hosting. Thank you for the Linux stuff.

0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question