Windows Update over SQUID
We have a situation here where computers running Windows 7 or Windows 2008 behind a Squid proxy are unable to connect to the Windows Update service in the Internet. Our linux guys said that the request hits the squid without authentication information, so that it's denied. From the Windows box, we see a box asking for credentials, but none will work. The computers can navigate the internet with no issues using Internet Explorer pointed to the squid box. The problem occurs only when we use the Windows Update control panel applet.
Here is the error found in the Squid log:
192.168.141.11 TCP_DENIED/407 2009 GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab - NONE/- text/html
Do you guys know anything about this issue involving newer versions of Windows? Do you guys know how to fix it?
Linux version: CentOS 5.6 64 bits
Squid version 2.6.STABLE21
Here is the error found in the Squid log:
192.168.141.11 TCP_DENIED/407 2009 GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab - NONE/- text/html
Do you guys know anything about this issue involving newer versions of Windows? Do you guys know how to fix it?
Linux version: CentOS 5.6 64 bits
Squid version 2.6.STABLE21
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
Also you can tell them to adjust their iptables rules to "withelist"windows update sites/urls.
-hope helps
Also you can tell them to adjust their iptables rules to "withelist"windows update sites/urls.
-hope helps
Hi,
If want to improve performance and control on Windows Update, you should consider install/configure wsus service on windows2008 server and then configure the clients to "download" updates from that server over Local Network instead over Internet.
-reglards-
If want to improve performance and control on Windows Update, you should consider install/configure wsus service on windows2008 server and then configure the clients to "download" updates from that server over Local Network instead over Internet.
-reglards-
Hello
Or you can implement an WSUS. That will allow you to enter the credentials for squid, and will reduce the bandwith. You will also have the choice on what update you install or not.
dan
Or you can implement an WSUS. That will allow you to enter the credentials for squid, and will reduce the bandwith. You will also have the choice on what update you install or not.
dan
We are trying to implement a WSUS, but we are a datacenter and the costumer is willing to pay for an additional hosting. Thank you for the Linux stuff.
ASKER