RE: Windows Update and XP SP2
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 26 Nov 2004 12:39:13 -0800
You know, the correct fix is for MS to change the behavior of the
windowsupdate connection to the logged on user, not something else.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Friday, November 26, 2004 9:22 AM
> To: [ISAserver.org Discussion List]
> Cc: 'Support'
> Subject: [isalist] RE: Windows Update and XP SP2
>
> http://www.ISAserver.org
>
> It appears to a problem with the user that Burstek is seeing. Here is the
> block line from the Burstek log:
>
> 2004.11.24;09.55.09;NT AUTHORITY\ANONYMOUS
> LOGON;v5.windowsupdate.microsoft.com:443
>
> So it is seeing the user as
> "NT AUTHORITY\ANONYMOUS LOGON"
>
> It is not seeing that as "anonymous" or "unauthenticated".
>
> I created an access policy allow unauthenticated access, but does not
work.
> I created an IP set of the entire LAN subnet, but still does not work.
>
> I keep seeing the same line in the log.
>
> In ISA, the rules I have set up are allowing it to connect, so the problem
> is with Burstek:
>
> 192.168.100.53 anonymous Microsoft WU Client/2.0 N
2004-11-24
> 17:55:09 w3proxy SRV6 - v5.windowsupdate.microsoft.com -
> 443 - 179 2774 SSL-tunnel TCP CONNECT - -
> - 407 - - -
> 192.168.100.53 anonymous Microsoft WU Client/2.0 N
2004-11-24
> 17:55:09 w3proxy SRV6 - v5.windowsupdate.microsoft.com -
> 443 - 287 552 SSL-tunnel TCP CONNECT - -
> - 407 - - -
>
> I have submitted the problem to Burstek Wednesday morning, but they have
not
> gotten back to me yet. I also tried to call there about 10:30 AM
Wednesday,
> but hung up after being on hold with no response after about 25 minutes.
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
>
> > -----Original Message-----
> > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> > Sent: Monday, November 22, 2004 4:10 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Windows Update and XP SP2
> >
> > http://www.ISAserver.org
> >
> > I will be on site at the client tomorrow to test.
> >
> > John Tolmachoff
> > Engineer/Consultant/Owner
> > eServices For You
> >
> >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Monday, November 22, 2004 1:32 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Windows Update and XP SP2
> > >
> > > http://www.ISAserver.org
> > >
> > > I you want to detail the settings you create to make this work, maybe
we
> > > can get Busrtek to KB it and we can cross-link the ISA and Burstek
KBs.
> > >
> > >
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > >
> > >
> > > -----Original Message-----
> > > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> > > Sent: Monday, November 22, 2004 11:04 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Windows Update and XP SP2
> > >
> > > http://www.ISAserver.org
> > >
> > > DUH!
> > >
> > > Yes, that client has Burstek.
> > >
> > > I will create a access policy in Burstek for those sites for
> > > unauthenticated
> > > and see what happens.
> > >
> > > John Tolmachoff
> > > Engineer/Consultant/Owner
> > > eServices For You
> > >
> > >
> > > > -----Original Message-----
> > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > > Sent: Monday, November 22, 2004 10:52 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: Windows Update and XP SP2
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Do you use ANY web proxy plug-ins?
> > > > I know for a fact that Web Sense and Surf Control prevent this from
> > > > working because the require the use of "ask unauthenticated.."
> > > >
> > > >
> > > > Jim Harrison
> > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > http://isaserver.org/Jim_Harrison/
> > > > http://isatools.org
> > > > Read the help / books / articles!
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> > > > Sent: Monday, November 22, 2004 9:57 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Windows Update and XP SP2
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > I am rolling out new workstations at a client using ISA 2000.
> > > >
> > > > I have tried the workarounds in
> > > http://support.microsoft.com/?id=885819
> > > > but
> > > > still can not access.
> > > >
> > > > Any one have any new information?
> > > >
> > > > John Tolmachoff
> > > > Engineer/Consultant/Owner
> > > > eServices For You
> > > >
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > > All mail to and from this domain is GFI-scanned.
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > > johnlist@xxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List as:
> > > johnlist@xxxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > johnlist@xxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
