Hey guys, There seems to be a problem with the new V5.WindowsUpdate and a site&content rule who applies to a user/group based membership. Here is an excerpt of the Web Proxy log on an ISA 2000 server: 172.31.1.2, anonymous, Microsoft WU Client/2.0, N, 8/21/2004, 15:27:10, w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, -, 443, 0, 0, 0, SSL-tunnel, TCP, -, v5.windowsupdate.microsoft.com:443, -, Inet, 12209, 0x0, PR-SPECIAL, - 172.31.1.2, anonymous, Microsoft WU Client/2.0, N, 8/21/2004, 15:27:10, w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, -, 443, 0, 0, 0, SSL-tunnel, TCP, -, v5.windowsupdate.microsoft.com:443, -, Inet, 0, 0x0, PR-SPECIAL, - 172.31.1.2, INTRANET\, Microsoft WU Client/2.0, Y, 8/21/2004, 15:27:10, w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, -, 443, 0, 0, 0, SSL-tunnel, TCP, -, v5.windowsupdate.microsoft.com:443, -, Inet, 12202, 0x0, PR-SPECIAL, - 172.31.1.2, INTRANET\SP, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322), Y, 8/21/2004, 15:27:11, w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, 64.4.21.188, 80, 188, 898, 6519, http, TCP, GET, http://v5.windowsupdate.microsoft.com/v5consumer/errorinformation.aspx?e rror=-2145107935&ln=en-us, text/html; charset=utf-8, Inet, 200, 0x40020001, PR-SPECIAL, SCR-USERS When the Microsoft WU Client/2.0 tries to connect he doesn't authenticate with the full user name (domain\user) but only with the domain part. Turning of the user/group based membership in the site&content rule and apply the rule to any request or a client address set seems to solve the problem. Is this a known problem? HTH, Stefaan