Solved

Windows Update over SQUID

Posted on 2011-09-07
6
1,297 Views
Last Modified: 2012-08-13
We have a situation here where computers running Windows 7 or Windows 2008 behind a Squid proxy are unable to connect to the Windows Update service in the Internet. Our linux guys said that the request hits the squid without authentication information, so that it's denied. From the Windows box, we see a box asking for credentials, but none will work. The computers can navigate the internet with no issues using Internet Explorer pointed to the squid box. The problem occurs only when we use the Windows Update control panel applet.

Here is the error found in the Squid log:

192.168.141.11 TCP_DENIED/407 2009 GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab - NONE/- text/html

Do you guys know anything about this issue involving newer versions of Windows? Do you guys know how to fix it?

Linux version: CentOS 5.6 64 bits
Squid version 2.6.STABLE21
0
Comment
6 Comments
 
LVL 41

Accepted Solution

by:
graye earned 500 total points
ID: 36504347
Tell your liunx guys to read the FAQ on Windows Update

http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
0
 
LVL 11

Author Comment

by:Renato Montenegro Rustice
ID: 36505154
Thak you for your reply. I'm sending the docs to them. I will get back here soon.
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36508274
Hi,
Also you can tell them to adjust their iptables rules to "withelist"windows update sites/urls.
-hope helps
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 5

Expert Comment

by:hvillanu
ID: 36508283
Hi,
If want to improve performance and control on Windows Update, you should consider install/configure wsus service on windows2008 server and then configure the clients to "download" updates from that server over Local Network instead over Internet.
-reglards-
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 36508498
Hello

Or you can implement an WSUS. That will allow you to enter the credentials for squid, and will reduce the bandwith. You will also have the choice on what update you install or not.

dan
0
 
LVL 11

Author Comment

by:Renato Montenegro Rustice
ID: 36510448
We are trying to implement a WSUS, but we are a datacenter and the costumer is willing to pay for an additional hosting. Thank you for the Linux stuff.

0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 116
Unifi AP 4 48
How to configure this IP Address to my firewall 15 82
network error 8 33
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now