Re: V5.WindowsUpdate problem on ISA 2000

  • From: Jim Harrison <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 22 Aug 2004 08:46:09 -0700

see; this is why I wanted to see logs...
:-)
Do you also have captures of this event?
That would go a long way to help sort out the "what "& why" of this problem...

Nice catch, Stephen!
You should contact PSS and scream loud and long about this...

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Sun, 22 Aug 2004 11:38:59 +0200
 "Stefaan Pouseele" <Stefaan.Pouseele@xxxxxxx> wrote:
http://www.ISAserver.org

Hey guys, 

There seems to be a problem with the new V5.WindowsUpdate and a
site&content rule who applies to a user/group based membership. Here is
an excerpt of the Web Proxy log on an ISA 2000 server:

172.31.1.2, anonymous, Microsoft WU Client/2.0, N, 8/21/2004, 15:27:10,
w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, -, 443, 0, 0, 0,
SSL-tunnel, TCP, -, v5.windowsupdate.microsoft.com:443, -, Inet, 12209,
0x0, PR-SPECIAL, -
172.31.1.2, anonymous, Microsoft WU Client/2.0, N, 8/21/2004, 15:27:10,
w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, -, 443, 0, 0, 0,
SSL-tunnel, TCP, -, v5.windowsupdate.microsoft.com:443, -, Inet, 0, 0x0,
PR-SPECIAL, -
172.31.1.2, INTRANET\, Microsoft WU Client/2.0, Y, 8/21/2004, 15:27:10,
w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, -, 443, 0, 0, 0,
SSL-tunnel, TCP, -, v5.windowsupdate.microsoft.com:443, -, Inet, 12202,
0x0, PR-SPECIAL, -
172.31.1.2, INTRANET\SP, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; .NET CLR 1.1.4322), Y, 8/21/2004, 15:27:11, w3proxy, GWISA, -,
v5.windowsupdate.microsoft.com, 64.4.21.188, 80, 188, 898, 6519, http,
TCP, GET,
http://v5.windowsupdate.microsoft.com/v5consumer/errorinformation.aspx?e
rror=-2145107935&ln=en-us, text/html; charset=utf-8, Inet, 200,
0x40020001, PR-SPECIAL, SCR-USERS

When the Microsoft WU Client/2.0 tries to connect he doesn't
authenticate with the full user name (domain\user) but only with the
domain part. Turning of the user/group based membership in the
site&content rule and apply the rule to any request or a client address
set seems to solve the problem. 

Is this a known problem?

HTH, 
Stefaan 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2004