Heyo Tom. Thank you for the reply; it gave me the fuzzies down my stomach. Or maybe that was just gas, I am not quite sure. Time will tell. I like to think it's the fuzzies, though. I read back my rather impressive spilling of unspeakable horrors a pompous person would dare call a manuscript, which I posted today, and realized I failed to mention two important things, since I was all motivated by my inner passion and fuelled by my desire to be enlightened about this oddity. As random as it may sound, we are not using the HTTP proxy features of ISA *at all*. We instead rely on the cheap-lay-with-indian-tech-support-that-claims-to-do-stuff-but-doesn't-reall y eTrust Secure Content Manager product created by the sweetie pies over at Computer Associates (I wonder how much they pay for that two letter domain name?). I did check that before posting, IE is not using any proxy of any kind, and the firewall client configuration that is pushed to the stations doesn't apply its dictatorship against any IE settings that might be found there. If it was just that, I would have obeyed like circus monkey and clicked the HTTP 1.1 through proxy (regardless of how that is really called in the English version of windows) like a docile little Network Analyst and would have went on with my journey, applying KBs while singing Christmas carols to annoy co-workers awaiting the next black Tuesday with much anticipation. So that is close, but no cigar... However, I will give a look to the configuration settings once again, perhaps I missed something. Thank you for spending some of your time reading my junk :-) _____ De : Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Envoyé : 18 novembre 2005 09:34 À : [ISAserver.org Discussion List] Objet : [isalist] RE: Windowsupdate woes. (0x80072EFD, as usual) http://www.ISAserver.org Hi Alex, Why you incompetent fool who doesn't RTFM or read the step by step articles or blog entries or the emails that pass through this list or troubleshoot the issue before assailing my inbox with your level 1 support quality questions. What do you think I have to do all day? Wait around for you to do something dumb and come running to your begging hands? OK, now that we have that out of the way, the problem in all likelihood is not related to the FWC, but to the Web proxy configuration that takes place automatically when the Firewall client is installed. So, its not your fault, its the incompetent "open a port firewall admin" who set up the ISA firewall's Web proxy configuration settings for Firewall clients and his inability to comprehend the concepts of Direct Access, Access Rules, and the Windows Update site's ABYSMAL SUPPORT for authenticating Web proxies. Does that give you a head start? :-)) Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ <http://spaces.msn.com/members/drisa/> Book: <http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** _____ From: Alexandre Gauthier [mailto:gauthiera@xxxxxxxxxxxxxxxxx] Sent: Friday, November 18, 2005 8:27 AM To: [ISAserver.org Discussion List] Subject: [isalist] Windowsupdate woes. (0x80072EFD, as usual) http://www.ISAserver.org Good morning. I hope all of you guys are twitching around with glee, unable the contain the warm and loving feeling of upcoming snow and the beginning of winter as you hold whatever book you are reading right now clenched tightly into your groin. (For my part, it's "Version control with Subversion", if you're interested. I know you aren't, but I decided you would be.) So, I know this has been discussed over and over on this very list, and you probably clicked this mail, all worked up about telling me to go read the articles and google around, and especially read the step-by-step, easy to understand guides posted here and here, and perhaps even go so far as to scream, among the braying and neighing of barnyard animals, to go check my ISA logs so I can find proof of my own incompetence and clumsiness and properly configuring a rule to allow it. Oh yes, I can see you, your finger throbbing with expectation over the mouse button, ready to fire up a vitriolic message. But no, no, I assure you, this seems different. It should not even concern ISA Server, but rather, just the Firewall Client. I have recently moved to a new workstation at work here, and while reinstalling my stuff, I decided to pay windowsupdate.com a visit, for it would be more efficient than just trying to bear the excruciatingly wrongly configured SUS server here, which is not exactly working. To much of my surprise, it worked fine. My workstation is currently NAT'ed through the Netscreen, so I have no need for the Firewall Client to be installed right now. Yesterday, I installed the firewall client, for support, thrills, kicks and excitement about seeing my winsock layer and TCP/IP stack brutally violated, in an unspeakable manner, and surprise surprise, Windows update no longer works. Not really surprising, I say. It has not been configured in ISA. But my problem here is this: Windows update fails with the same behaviour (error messages and such in windowsupdate.log) as noted in KB Articles and previous posting - EVEN WHEN THE ISA CLIENT IS DISABLED. So get this: Windowsupdate will fail *THE SPLIT SECOND* The Firewall Client is *installed*. It doesn't have to be actually working or do anything useful, just be *there*. And my machine is not going through secureNAT, but plain good old NAT. And it fails, just as if a firewall of some sort was blocking connections or something was wrong with BITS. Everything is up to date and patched, I followed every direction if every KB article - I remind you, it used to work. Then I installed the Firewall Client, and immediately checked. It doesn't work now. Even if the Firewall client is disabled on my desktop. Any ideas? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx