Time to gather some data. Use NetMon at the TMG and set the log viewer to monitor traffic from the WSUS server. Are you sure the WSUS proxy settings are right? From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Tuesday, April 20, 2010 10:51 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Getting WSUS files to download through TMG 2010 Yep, all those are in the Destination Exceptions for Malware Inspection. Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Monday, April 19, 2010 4:44 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Getting WSUS files to download through TMG 2010 By default, malware inspection is disabled for *.microsoft.com, *.windows.com and *.windowsupdate.com. If this isn't your experience, someone has been playing silly buggers in your deployment. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Monday, April 19, 2010 10:07 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Getting WSUS files to download through TMG 2010 Hello- Just FYI-if you're implementing TMG 2010 and you have a WSUS server, you need to turn off Malware Inspection on the traffic going out from the WSUS server or else the WSUS server won't be able to download files associated with the updates. At least that was my experience today. Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Helpdesk: 800-500-AFSC