RE: Automatic Updates

  • From: "Aman Bedi" <gurkirpal.bedi@xxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 27 Jan 2005 18:37:30 -0500

Hi Again.

I think the SVchost.exe error is due to the fact that it runs under system
account .programs that run under these accounts are prevented from accessing
remote resources through the Firewall Client program in ISA 2004 as per the
following 

http://support.microsoft.com/?kbid=888642

the resolution works but there is an error in the article.
It says the value should be 0, but the value should be 1 to enable the
settings.
when I change that to 1, I no longer receive that error in my logs.. 

I am still waiting to see if the automatic updates now work :) 

Jim, can you confirm this error on the article. Also this fix is not
specified anywhere in any articles (I guess as far as I have searched) or
mentioned by anyone. 

This fix applies to ISA 2004 and for all programs and services which run
under system or network service account and access external resources.

Thanks
Aman



-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Thursday, January 27, 2005 5:47 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Automatic Updates

http://www.ISAserver.org

When I restart a client machine, I see the following error in event log.
This svchost.exe is the one which runs automatic updates. 

"Application [svchost.exe]. Authentication failed. The user credentials were
not accepted by ISA Server.  Verify that the user account running this
application has the required permissions."

I just restarted the machine and no user is logged in. 

Svchost is a service which is by default configured to run with system
account. 

When no user is logged in, Does firewall client start up ? 
what user does it use if it does so ?

the logs for this time are same as before.

The username is domainname/machinename$

Any inputs ?

Aman




-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Thursday, January 27, 2005 11:42 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Automatic Updates

http://www.ISAserver.org

Any Ideas about my problem guys ?

I see in the logs that svchost.exe is the process which tries to connect to
updates site. And the connection is firewall client. I see in the  firewall
client settings that by default it has :

Svchost DisableEx       0
SvcHost         Disable         1

Does that have anything to do with this ?

Thanks 
Aman

-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Wednesday, January 26, 2005 11:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Automatic Updates

http://www.ISAserver.org

Thanks Steve, 

Did that ... 

Aman


-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx] 
Sent: Wednesday, January 26, 2005 7:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Automatic Updates

http://www.ISAserver.org

 Download and run the isainfo script from Jim's site at
http://isatools.org, send Jim the results.

S

-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] 
Sent: Wednesday, January 26, 2005 6:58 PM
To: ISA Mailing List
Subject: [isalist] RE: Automatic Updates

http://www.ISAserver.org

What ISA info are u looking for besides the log ?
Aman




-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx]
Sent: Wednesday, January 26, 2005 5:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Automatic Updates

http://www.ISAserver.org

Hi jim, 

The relevant log rows are there is that mail.
I will post the isainfo in a few mins.

Thanks

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Wednesday, January 26, 2005 5:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Automatic Updates

http://www.ISAserver.org

Please include log snips and your ISAInfo.
Your description is lacking critical information.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx]
Sent: Wednesday, January 26, 2005 13:53
To: [ISAserver.org Discussion List]
Subject: [isalist] Automatic Updates

http://www.ISAserver.org


Hi guys , 

As I posted earlier I am having problem with auto updates. I was able to
go to windows update site manually after I made changes as per jim's
article.
Created a rule ( windows update ) to allow access to all users to
windows update sites ( http, https)my clients are proxy / firewall
client.

Still my clients cannot access updates thru autoupdates. The evnt log
shows event id 16 saying auto updates failed as could not connect. The
ISA log for that time is as follows. 

The rule Windows Update is for all users And HTTP and HTTPs access is
for authenticated users.

I am using ISA 2004

The log shows that svchost.exe tries to connect and uses firewall client
and the user is scanbuy013$ (machinename$) which I guess is the system
account. 

The connection is initiated and closed instantly.

Do I have to add "system and network service" User for these rules ? or
is that included in all authenticated users ?

Any help would be great as I have been trying on this thing since days..


-----
Aman
-----


Original Client IP      Client Agent    Authenticated Client    Service
Destination Host Name   Source Port     Processing Time Bytes Sent
Bytes Received  Result Code     HTTP Status Code        Cache
Information
Error Information       Log Record Type Log Time        Destination IP
Destination Port        Protocol        URL     Action  Rule    Client
IP
Client Username Source Network  Destination Network     HTTP Method

192.168.1.191   svchost.exe:3:5.1                       -       1701
0
0       0       0x0             0x0     0x0     Firewall
1/26/2005
15:57   64.4.21.188     443     HTTPS           Initiated Connection
Windows Update  192.168.1.191   SCANBUYHQ\SCANBUY013$   Internal
External        

192.168.1.191   svchost.exe:3:5.1                       -       1701
0
0       2151    0x80074e24              0x0     0x0     Firewall
1/26/2005 15:57 64.4.21.188     443     HTTPS           Closed
Connection
Windows Update  192.168.1.191   SCANBUYHQ\SCANBUY013$   Internal
External        

0.0.0.0 -       Yes     Proxy   -       0       0       2151    70
13      0x0     0x0     Web Proxy Filter        1/26/2005 15:57
64.4.21.188
443     -       -       Failed Connection Attempt       -
192.168.1.191   -       -       -       -

192.168.1.191   svchost.exe:3:5.1                       -       1700
109
0       0       0x0             0x0     0x0     Firewall
1/26/2005
15:57   64.4.21.188     80      HTTP            Initiated Connection
HTTP
and HTTPS access        192.168.1.191   SCANBUYHQ\SCANBUY013$   Internal
External        

192.168.1.191   svchost.exe:3:5.1                       -       1699
94
0       0       0x0             0x0     0x0     Firewall
1/26/2005
15:57   64.4.23.29      80      HTTP            Initiated Connection
HTTP
and HTTPS access        192.168.1.191   SCANBUYHQ\SCANBUY013$   Internal
External        


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




Other related posts: