Hi,
I am hoping someone can help me with a WSUS 3.0 problem (running on Windows
2003 Server SP1).
I have been successfully running WSUS 2.0 for some time and downloading
updates from Microsoft through a squid-2.6.stable9 proxy (using NTLM auth).
I needed to update to WSUS 3.0 and so went through the process of upgrading
my WSUS 2.0 installation. Everything went fine except WSUS 3.0 cannot
connect through my squid proxy anymore. I tried the suggestion in the WSUS
notes to re-enter the proxy username and password but this did not help. The
error I am getting is to do with authorization:
WebException: The remote server returned an error: (407) Proxy Authentication
Required.
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at
Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.Get
AuthConfig()
at
Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig
(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at
Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationM
anager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy,
Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
at
Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFro
mUSS()
at
Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(
Boolean allowRedirect)
For some reason WSUS 3.0 does not negotiate the NTLM auth properly and so
squid returns a 407 error. The squid access log shows multiple entries of
the form:
1178525046.333 0 192.168.10.12 TCP_DENIED/407 1982 CONNECT
www.update.microsoft.com:443 - NONE/- text/html
1178525051.460 0 192.168.10.12 TCP_DENIED/407 1856 CONNECT
stats.update.microsoft.com:443 - NONE/- text/html
The logs show WSUS does connect successfully to the following url:
1178522814.681 1791 192.168.10.12 TCP_MISS/200 10335 GET
http://download.windowsupdate.com/v7/wsus/redir/wsusredir.cab? -
DIRECT/203.206.129.16 application/octet-stream
I have a squid.conf http_access rule (using dstdomain) which allows access to
various windows updates sites without authorization so I am a little puzzled
why I am getting the problem.
As part of the upgrade it was necessary to install the .Net Framework 2.0 so
I am unsure whether the problem has to do with WSUS 3.0 or .Net Framework 2.
Has anyone come across this before? Any suggestions? How might I debug the
problem further? I can provide a tcpdump log of a synch session if this
helps.
I have tried upgrading to the latest squid version (2.6.stable12-20070507)
but the problem remains. At this stage all I can think of doing is allowing
direct access to the various updates sites for this server through our
firewall (not really what I want to do!)
Thanks
Paul
+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++
EML Consulting Services Pty Ltd Telephone: +61 3 9836 1999
417-431 Canterbury Road Facsimile: +61 3 9836 0517
SURREY HILLS, VICTORIA 3127 Email: Paul.Freeman@eml.com.au
+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++
Received on Mon May 07 2007 - 02:59:10 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT