Hi jim, The relevant log rows are there is that mail. I will post the isainfo in a few mins. Thanks -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, January 26, 2005 5:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org Please include log snips and your ISAInfo. Your description is lacking critical information. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Wednesday, January 26, 2005 13:53 To: [ISAserver.org Discussion List] Subject: [isalist] Automatic Updates http://www.ISAserver.org Hi guys , As I posted earlier I am having problem with auto updates. I was able to go to windows update site manually after I made changes as per jim's article. Created a rule ( windows update ) to allow access to all users to windows update sites ( http, https)my clients are proxy / firewall client. Still my clients cannot access updates thru autoupdates. The evnt log shows event id 16 saying auto updates failed as could not connect. The ISA log for that time is as follows. The rule Windows Update is for all users And HTTP and HTTPs access is for authenticated users. I am using ISA 2004 The log shows that svchost.exe tries to connect and uses firewall client and the user is scanbuy013$ (machinename$) which I guess is the system account. The connection is initiated and closed instantly. Do I have to add "system and network service" User for these rules ? or is that included in all authenticated users ? Any help would be great as I have been trying on this thing since days.. ----- Aman ----- Original Client IP Client Agent Authenticated Client Service Destination Host Name Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol URL Action Rule Client IP Client Username Source Network Destination Network HTTP Method 192.168.1.191 svchost.exe:3:5.1 - 1701 0 0 0 0x0 0x0 0x0 Firewall 1/26/2005 15:57 64.4.21.188 443 HTTPS Initiated Connection Windows Update 192.168.1.191 SCANBUYHQ\SCANBUY013$ Internal External 192.168.1.191 svchost.exe:3:5.1 - 1701 0 0 2151 0x80074e24 0x0 0x0 Firewall 1/26/2005 15:57 64.4.21.188 443 HTTPS Closed Connection Windows Update 192.168.1.191 SCANBUYHQ\SCANBUY013$ Internal External 0.0.0.0 - Yes Proxy - 0 0 2151 70 13 0x0 0x0 Web Proxy Filter 1/26/2005 15:57 64.4.21.188 443 - - Failed Connection Attempt - 192.168.1.191 - - - - 192.168.1.191 svchost.exe:3:5.1 - 1700 109 0 0 0x0 0x0 0x0 Firewall 1/26/2005 15:57 64.4.21.188 80 HTTP Initiated Connection HTTP and HTTPS access 192.168.1.191 SCANBUYHQ\SCANBUY013$ Internal External 192.168.1.191 svchost.exe:3:5.1 - 1699 94 0 0 0x0 0x0 0x0 Firewall 1/26/2005 15:57 64.4.23.29 80 HTTP Initiated Connection HTTP and HTTPS access 192.168.1.191 SCANBUYHQ\SCANBUY013$ Internal External ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx