Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Windows Update v5
  •  
MarioGilera

Messages: 24
Karma: 0
Send a private message to this user
hi,
i'm in a really big trouble!!
Why KWF 6.0.x (i've tried all version, inc. 6.0.4) don't allow me to use windows update v5 on my LAN machines with regulary registered windows xp sp 1a???
If i use the previous version of windows update it goes perfectly well, but with version 5 it doesn't function.
I say that is a kwf's bug because i've have tried:
1-on the same machine to install wingate 6 (in trial version)<<--wu5 is ok
2-a linux box with smoothwall<<--wu5 is ok
The machine i've have installet kwf is:
CPU: amd xp 1800+
RAM: 512 Mb
Win 2003 ent. edt.

TIA

Mario

PS: i'm sorry for eventual grammatical errors.
PPS: the error i recieve from client in windows update is: "0x80072ee2"
PPPS: imho any way kwf remain the best, and simplier gateway solution fow windows.
  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
  •  
MarioGilera

Messages: 24
Karma: 0
Send a private message to this user
wiper wrote on Fri, 20 August 2004 13:28

mb this can help u: http://support.microsoft.com/?kbid=836941

/W

thx wiper, i've read that kb:
1-the step #1: is succesfully
2-the step #2: it's really obscure:
for testing purbose only i've have allowed all nat traffic, but trouble remain Sad
3-the step #3: for me in not needed:
i don't use even HOSTS abd LMHOSTS files. i have another machine that is a pdc with wins and dns servers.
4-the step #4: tried but trouble remain
5-the step #5: i've tried, and doesn't function.
any way in trusted site i've configured with domain policy this sites:
*.microsoft.com
*.windowsupdate.com
as trusted sites.
6-the step #6: i belive that for my isn't needed. i don't use a proxy, also in kwf i disable non-transparent proxy. also cache is disabled.

have a nice day

Mario

[Updated on: Fri, 20 August 2004 13:41]

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Do you have a HTTP filter rule active. The supplied URL group is not correct. Here my info I send to Kerio about there URL group:

___________
If I use the default Windows updates url rule the update proces does not work. After adding extra rules it works. I added the following url's:
1 'windowsupdate.microsoft.com/*',
2 'wustat.windows.com/*',
3 '*.windowsupdate.microsoft.com'.

url 1: for the opening page (windowsupdate.microsoft.com)

url 2: optional

url 3: for the secure 'HTTP CONNECT http://v4.windowsupdate.microsoft.com/', the url is 'v4.windowsupdate.microsoft.com:443'.
___________

I later added:
4 'c.microsoft.com/*'

url 4: v5 does access 'c.microsoft.com/trans_pixel.asp'

I works for me for both v4 and v5. If you want to go back to the v4 version just replace the '5' in you're browser with 4 (v4.windowsupdate....) and refresh you're browser.

Feite
  •  
MarioGilera

Messages: 24
Karma: 0
Send a private message to this user
i've noticed a thing:
according to ms news v5 or v4 redirect automatically to exact version of windows update needed by os.
the gateway can connect to:
https://v4.windowsupdate.microsoft.com/
with no redirection
https://v5.windowsupdate.microsoft.com/
and being redirect to
http://v4.windowsupdate.microsoft.com/
the clients can't connect neither to:
https://v4.windowsupdate.microsoft.com/
https://v5.windowsupdate.microsoft.com/

so i can suppose that kwf 6 had a bug in https protocol with nat. reading the wu newsletter people link the error 0x80072ee2 to timeout.
i hope to be an help for others to solve my trouble.

bye

Mario
  •  
MarioGilera

Messages: 24
Karma: 0
Send a private message to this user
i've solved my problem, i've installed a 3rd part proxy together wingate and all http/https traffic from lan is managed so. unluky i can't use the built-in kwf proxy because version 6.0.4 has a bug also in it. when i view a https page it crashes Sad
i hope that next verion don't have this bugs!!!

Bye

Mario

[Updated on: Fri, 20 August 2004 21:29]

  •  
ReDFlaG

Messages: 15
Karma: 0
Send a private message to this user
I've the same problem.

I can't use WINDOWS UPDATE if i use transparent proxy.
To successfully use it i must enable NON transparent proxy and force my explorer to use it.

Can someone explain that?

[Updated on: Sun, 29 August 2004 00:54]

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
I investigated the windows update (v5, BITS 2.0) and discoverd that the BITS download service it is using does not use the proxy settings of IE, it tries to access the update site directly at port 80.

After searching newsgroups I discoverd that it is a problem of windows updates. Even using proxycfg does not help. To test this I tried windows update on the firewall (which is of course allowed access to port 80 and 443) and there windows updates works fine. On the pc's in the LAN (which have no direct access to the internet for ports 80 and 443) the downloading of updates fails.

I would say this is not a KWF problem but a BITS problem. A workaround is allowing access from the LAN on ports 80 and 443 (do not forget to enable NAT). My log shows that only port 80 was used for the update.
  •  
MarioGilera

Messages: 24
Karma: 0
Send a private message to this user
feite wrote on Mon, 30 August 2004 08:58

I investigated the windows update (v5, BITS 2.0) and discoverd that the BITS download service it is using does not use the proxy settings of IE, it tries to access the update site directly at port 80.

After searching newsgroups I discoverd that it is a problem of windows updates. Even using proxycfg does not help. To test this I tried windows update on the firewall (which is of course allowed access to port 80 and 443) and there windows updates works fine. On the pc's in the LAN (which have no direct access to the internet for ports 80 and 443) the downloading of updates fails.

I would say this is not a KWF problem but a BITS problem. A workaround is allowing access from the LAN on ports 80 and 443 (do not forget to enable NAT). My log shows that only port 80 was used for the update.


that isn't fully truth because i've tried to allow all traffic form my lan pcs (see earlier posts),obviously with NAT, and the problem remains. I've read MS NS too and there is explained that WU and BITS need to access to: https://v5.windowsupdate.microsoft.com, if not the connection goes in timeout Sad
may be that is problem happen only in win2003, so ReDFlaG what kind of OS you use?

TIA

Gilera

ps: sorry for all grammatical errors :S
  •  
ReDFlaG

Messages: 15
Karma: 0
Send a private message to this user
Server side:
Windows 2003 server (standart edition) up-to-date (sp and hotfix)
Kerio 6.0.4 (transparent proxy + non transparent to allow Wupdate for clients Sad)

Client side:
XP pro SP1 (updating it today) > checking update at WU v4
XP pro SP2 > checking update at WU v5

Note that i had the problem with windows update v4 AND v5.
I hadn't those problems with V4 when i was using kerio v5.xx.

To bypass the problem, i had to enable NON TRANSPARENT proxy for clients Sad

A+
  •  
MarioGilera

Messages: 24
Karma: 0
Send a private message to this user
ReDFlaG wrote on Tue, 31 August 2004 13:15

Server side:
Windows 2003 server (standart edition) up-to-date (sp and hotfix)
Kerio 6.0.4 (transparent proxy + non transparent to allow Wupdate for clients Sad)

Client side:
XP pro SP1 (updating it today) > checking update at WU v4
XP pro SP2 > checking update at WU v5

Note that i had the problem with windows update v4 AND v5.
I hadn't those problems with V4 when i was using kerio v5.xx.

To bypass the problem, i had to enable NON TRANSPARENT proxy for clients Sad

A+


ok,
imho kwf is not fully compatible with win2003, thi evening or tomorrow i'll try kwf 6.0.4 on the same machine but with win xp pro or win 2k server. if all goes perfectly you'll be the firts to know it.
anyway i suggest you to not use (if you are doing it) a pdc as gateway!

bye

Gilera

PS:sorry for "grammy" errors Razz
  •  
ReDFlaG

Messages: 15
Karma: 0
Send a private message to this user
i've made many try so i'm not sure now, but i think i'd done a test with a winxp pro acting as a server (mean that kerio was running on it), and i had the same probleme.

So i don't think this is a system problem.
  •  
MarioGilera

Messages: 24
Karma: 0
Send a private message to this user
ReDFlaG wrote on Thu, 02 September 2004 10:40

i've made many try so i'm not sure now, but i think i'd done a test with a winxp pro acting as a server (mean that kerio was running on it), and i had the same probleme.

So i don't think this is a system problem.

me too Sad
  •  
ReDFlaG

Messages: 15
Karma: 0
Send a private message to this user
i've tested with ICS (internet connexion share) built in server 2k3 and update are working fine!

So i don't think this is a systeme problem, or new microsoft Windows update server that is not working but a kerio transparent proxy function problem.
henrysbox

Messages: 26
Karma: 0
Send a private message to this user
Pls double check to make sure you setup your HTTP policy correctly. Allow traffic from *windows.com* or *microsoft.com* and make sure you have the right access to content rules and IP group.
Previous Topic: NAT & IP Multicast
Next Topic: Kerio is dropping connections
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 19:02:34 CET 2017

Total time taken to generate the page: 0.00617 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.