May be then I changed the values someday and didn't realize. Can u tell me what are the default setting for the svchost value I think they are: Svchost DisableEx 0 SvcHost Disable 1 When I changed disableEX to 1 . I stopped getting the error and I think it should be 1 as Jim said, we shouldn't enable FWC funstionality for svchost. Also , The article ( which has nothing to do with svchost) still say value should be 0, which I STILL THINK IS WROING .. :) Aman -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Thursday, January 27, 2005 7:30 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org Personally I think you're barking up the wrong tree, In all the ISA 2K4 installs I have to my name , I have never had an issue with Windows update, maybe I'm lucky.... S -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Thursday, January 27, 2005 8:18 PM To: ISA Mailing List Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org I know.. Forget about svchost here. About any process which runs under system account FWC will not allow external access. To disable we put 1 (as u said) But as per the KB article. It says we have to put value 0 . which should be 1. by putting value 1 we will disable that process to use FWC. But the article says putting 0 will do that . Read this http://support.microsoft.com/?kbid=888642 And for enabling svchost this is required for automatic updates to work with firewall client. Firewall client wont allow svchost and thus auto updates wont work. Scanbuy Inc Aman Bedi | Systems/Network Administrator (MCP, MCSD, MCSA 2000, MCSA 2003) 54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 202-4318 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com PRIVILEGED & CONFIDENTIAL The information contained in this email message is intended only for use of the person or entity to whom it is addressed. The contained information is CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under applicable laws. If you read this message and are not the addressee, you are notified that use, dissemination or reproduction of this message is prohibited. If you have received this message in error, please notify the sender immediately. ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ ---- ------------------------------------- -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, January 27, 2005 7:04 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org No; that's incorrect. DisableEx == 0: allow svchost processes to use the FWC DisableEx == 1: do not allow svchost processes to use the FWC You should NOT enable FWC functionality for svchost processes; it was disabled by default for good reason. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Thursday, January 27, 2005 15:38 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org Hi Again. I think the SVchost.exe error is due to the fact that it runs under system account .programs that run under these accounts are prevented from accessing remote resources through the Firewall Client program in ISA 2004 as per the following http://support.microsoft.com/?kbid=888642 the resolution works but there is an error in the article. It says the value should be 0, but the value should be 1 to enable the settings. when I change that to 1, I no longer receive that error in my logs.. I am still waiting to see if the automatic updates now work :) Jim, can you confirm this error on the article. Also this fix is not specified anywhere in any articles (I guess as far as I have searched) or mentioned by anyone. This fix applies to ISA 2004 and for all programs and services which run under system or network service account and access external resources. Thanks Aman -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Thursday, January 27, 2005 5:47 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org When I restart a client machine, I see the following error in event log. This svchost.exe is the one which runs automatic updates. "Application [svchost.exe]. Authentication failed. The user credentials were not accepted by ISA Server. Verify that the user account running this application has the required permissions." I just restarted the machine and no user is logged in. Svchost is a service which is by default configured to run with system account. When no user is logged in, Does firewall client start up ? what user does it use if it does so ? the logs for this time are same as before. The username is domainname/machinename$ Any inputs ? Aman -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Thursday, January 27, 2005 11:42 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org Any Ideas about my problem guys ? I see in the logs that svchost.exe is the process which tries to connect to updates site. And the connection is firewall client. I see in the firewall client settings that by default it has : Svchost DisableEx 0 SvcHost Disable 1 Does that have anything to do with this ? Thanks Aman -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Wednesday, January 26, 2005 11:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org Thanks Steve, Did that ... Aman -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wednesday, January 26, 2005 7:55 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org Download and run the isainfo script from Jim's site at http://isatools.org, send Jim the results. S -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Wednesday, January 26, 2005 6:58 PM To: ISA Mailing List Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org What ISA info are u looking for besides the log ? Aman -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Wednesday, January 26, 2005 5:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org Hi jim, The relevant log rows are there is that mail. I will post the isainfo in a few mins. Thanks -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, January 26, 2005 5:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Automatic Updates http://www.ISAserver.org Please include log snips and your ISAInfo. Your description is lacking critical information. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Wednesday, January 26, 2005 13:53 To: [ISAserver.org Discussion List] Subject: [isalist] Automatic Updates http://www.ISAserver.org Hi guys , As I posted earlier I am having problem with auto updates. I was able to go to windows update site manually after I made changes as per jim's article. Created a rule ( windows update ) to allow access to all users to windows update sites ( http, https)my clients are proxy / firewall client. Still my clients cannot access updates thru autoupdates. The evnt log shows event id 16 saying auto updates failed as could not connect. The ISA log for that time is as follows. The rule Windows Update is for all users And HTTP and HTTPs access is for authenticated users. I am using ISA 2004 The log shows that svchost.exe tries to connect and uses firewall client and the user is scanbuy013$ (machinename$) which I guess is the system account. The connection is initiated and closed instantly. Do I have to add "system and network service" User for these rules ? or is that included in all authenticated users ? Any help would be great as I have been trying on this thing since days.. ----- Aman ----- Original Client IP Client Agent Authenticated Client Service Destination Host Name Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol URL Action Rule Client IP Client Username Source Network Destination Network HTTP Method 192.168.1.191 svchost.exe:3:5.1 - 1701 0 0 0 0x0 0x0 0x0 Firewall 1/26/2005 15:57 64.4.21.188 443 HTTPS Initiated Connection Windows Update 192.168.1.191 SCANBUYHQ\SCANBUY013$ Internal External 192.168.1.191 svchost.exe:3:5.1 - 1701 0 0 2151 0x80074e24 0x0 0x0 Firewall 1/26/2005 15:57 64.4.21.188 443 HTTPS Closed Connection Windows Update 192.168.1.191 SCANBUYHQ\SCANBUY013$ Internal External 0.0.0.0 - Yes Proxy - 0 0 2151 70 13 0x0 0x0 Web Proxy Filter 1/26/2005 15:57 64.4.21.188 443 - - Failed Connection Attempt - 192.168.1.191 - - - - 192.168.1.191 svchost.exe:3:5.1 - 1700 109 0 0 0x0 0x0 0x0 Firewall 1/26/2005 15:57 64.4.21.188 80 HTTP Initiated Connection HTTP and HTTPS access 192.168.1.191 SCANBUYHQ\SCANBUY013$ Internal External 192.168.1.191 svchost.exe:3:5.1 - 1699 94 0 0 0x0 0x0 0x0 Firewall 1/26/2005 15:57 64.4.23.29 80 HTTP Initiated Connection HTTP and HTTPS access 192.168.1.191 SCANBUYHQ\SCANBUY013$ Internal External ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx