The error code in the screen shot actually resolves to 12152; a WinInet error complaining about "invalid server response". Between that and the 12209 in your logs, it's clear that WindowsUpdate.v5 doesn't like authenticating proxies. Call PSS and bitch loud and clear; they should be using WinHTTP, not WinInet in their AX controls. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Mon, 23 Aug 2004 22:14:40 +0200 "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx> wrote: http://www.ISAserver.org Hi Jim, I made another test and you can download a screenshot of the error, an excerpt from the web proxy log file and an Ethereal trace at http://users.skynet.be/spouseele/download/WindowsUpdateV5.zip. Thanks, Stefaan -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: zondag 22 augustus 2004 17:46 To: [ISAserver.org Discussion List] Subject: [isalist] Re: V5.WindowsUpdate problem on ISA 2000 http://www.ISAserver.org see; this is why I wanted to see logs... :-) Do you also have captures of this event? That would go a long way to help sort out the "what "& why" of this problem... Nice catch, Stephen! You should contact PSS and scream loud and long about this... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Sun, 22 Aug 2004 11:38:59 +0200 "Stefaan Pouseele" <Stefaan.Pouseele@xxxxxxx> wrote: http://www.ISAserver.org Hey guys, There seems to be a problem with the new V5.WindowsUpdate and a site&content rule who applies to a user/group based membership. Here is an excerpt of the Web Proxy log on an ISA 2000 server: 172.31.1.2, anonymous, Microsoft WU Client/2.0, N, 8/21/2004, 15:27:10, w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, -, 443, 0, 0, 0, SSL-tunnel, TCP, -, v5.windowsupdate.microsoft.com:443, -, Inet, 12209, 0x0, PR-SPECIAL, - 172.31.1.2, anonymous, Microsoft WU Client/2.0, N, 8/21/2004, 15:27:10, w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, -, 443, 0, 0, 0, SSL-tunnel, TCP, -, v5.windowsupdate.microsoft.com:443, -, Inet, 0, 0x0, PR-SPECIAL, - 172.31.1.2, INTRANET\, Microsoft WU Client/2.0, Y, 8/21/2004, 15:27:10, w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, -, 443, 0, 0, 0, SSL-tunnel, TCP, -, v5.windowsupdate.microsoft.com:443, -, Inet, 12202, 0x0, PR-SPECIAL, - 172.31.1.2, INTRANET\SP, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322), Y, 8/21/2004, 15:27:11, w3proxy, GWISA, -, v5.windowsupdate.microsoft.com, 64.4.21.188, 80, 188, 898, 6519, http, TCP, GET, http://v5.windowsupdate.microsoft.com/v5consumer/errorinformation.aspx?e rror=-2145107935&ln=en-us, text/html; charset=utf-8, Inet, 200, 0x40020001, PR-SPECIAL, SCR-USERS When the Microsoft WU Client/2.0 tries to connect he doesn't authenticate with the full user name (domain\user) but only with the domain part. Turning of the user/group based membership in the site&content rule and apply the rule to any request or a client address set seems to solve the problem. Is this a known problem? HTH, Stefaan ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx