Thanks for the suggestion Steve.
I've already added *.download.microsoft.com and
*.windowsupdate.microsoft.com to the existing *.windowsupdate.com in
theMicrosoft Update Sites rule and this made no difference. IE6 is at SP3 so
should include the 871260 fix.
WSUS is an option, though this seems rather overkill for a dozen clients.
It would be good to understand what this HTTPS access is for - can't see why
SSL is needed for windows update.
> Have you checked out this kb? http://support.microsoft.com/kb/885819
> You might also consider installing WSUS so you can centrally manage the MS
> updates for the XP clients.
> "Dave Solly" <DaveS@newsgroup> wrote in message
> >I have just become aware that Automatic Updates (whether Windows or
> > Microsoft) are no longer working on XP clients on our SBS2003 Premium
> > network. Monitoring ISA 2004 shows that it initially allows HTTP access
> > under the builtin "Microsoft Update Sites" rule, but then denies an HTTPS
> > connection to another site (22.214.171.124 on one instance, but this seems
> > to
> > vary). I can't obtain a reverse DNS lookup on these sites (not sure why
> > ?),
> > so that means this URL-based rule (*.windowsupdate.com etc) wouldn't be
> > expected to work. I guess this is a recent change to Windows Update ? I
> > can't resolve it by creating an IP-based rule instead, since I don't know
> > all
> > the IP addresses MS might use here. SO, how do I get Automatic Updates
> > going
> > again ? This is very frustrating as I'm having to update all clients
> > manually !
> > Any ideas appreciated.
> > --
> > Dave Solly