I have just become aware that Automatic Updates (whether Windows or
Microsoft) are no longer working on XP clients on our SBS2003 Premium
network. Monitoring ISA 2004 shows that it initially allows HTTP access
under the builtin "Microsoft Update Sites" rule, but then denies an HTTPS
connection to another site (65.55.184.16 on one instance, but this seems to
vary). I can't obtain a reverse DNS lookup on these sites (not sure why ?),
so that means this URL-based rule (*.windowsupdate.com etc) wouldn't be
expected to work. I guess this is a recent change to Windows Update ? I
can't resolve it by creating an IP-based rule instead, since I don't know all
the IP addresses MS might use here. SO, how do I get Automatic Updates going
again ? This is very frustrating as I'm having to update all clients
manually !
Any ideas appreciated.
--
Dave Solly

Have you checked out this kb? http://support.microsoft.com/kb/885819

You might also consider installing WSUS so you can centrally manage the MS
updates for the XP clients.

"Dave Solly" <DaveS@newsgroup> wrote in message
news:2AF1BC9F-91B0-48BE-8CBA-139525AFD701@newsgroup

>I have just become aware that Automatic Updates (whether Windows or
> Microsoft) are no longer working on XP clients on our SBS2003 Premium
> network. Monitoring ISA 2004 shows that it initially allows HTTP access
> under the builtin "Microsoft Update Sites" rule, but then denies an HTTPS
> connection to another site (65.55.184.16 on one instance, but this seems
> to
> vary). I can't obtain a reverse DNS lookup on these sites (not sure why
> ?),
> so that means this URL-based rule (*.windowsupdate.com etc) wouldn't be
> expected to work. I guess this is a recent change to Windows Update ? I
> can't resolve it by creating an IP-based rule instead, since I don't know
> all
> the IP addresses MS might use here. SO, how do I get Automatic Updates
> going
> again ? This is very frustrating as I'm having to update all clients
> manually !
> Any ideas appreciated.
> --
> Dave Solly

Thanks for the suggestion Steve.

I've already added *.download.microsoft.com and
*.windowsupdate.microsoft.com to the existing *.windowsupdate.com in
theMicrosoft Update Sites rule and this made no difference. IE6 is at SP3 so
should include the 871260 fix.
WSUS is an option, though this seems rather overkill for a dozen clients.
It would be good to understand what this HTTPS access is for - can't see why
SSL is needed for windows update.
--
Dave Solly


"SteveB" wrote:

> Have you checked out this kb? http://support.microsoft.com/kb/885819
>
> You might also consider installing WSUS so you can centrally manage the MS
> updates for the XP clients.
>
> "Dave Solly" <DaveS@newsgroup> wrote in message
> news:2AF1BC9F-91B0-48BE-8CBA-139525AFD701@newsgroup

> >I have just become aware that Automatic Updates (whether Windows or
> > Microsoft) are no longer working on XP clients on our SBS2003 Premium
> > network. Monitoring ISA 2004 shows that it initially allows HTTP access
> > under the builtin "Microsoft Update Sites" rule, but then denies an HTTPS
> > connection to another site (65.55.184.16 on one instance, but this seems
> > to
> > vary). I can't obtain a reverse DNS lookup on these sites (not sure why
> > ?),
> > so that means this URL-based rule (*.windowsupdate.com etc) wouldn't be
> > expected to work. I guess this is a recent change to Windows Update ? I
> > can't resolve it by creating an IP-based rule instead, since I don't know
> > all
> > the IP addresses MS might use here. SO, how do I get Automatic Updates
> > going
> > again ? This is very frustrating as I'm having to update all clients
> > manually !
> > Any ideas appreciated.
> > --
> > Dave Solly

>
>
> .
>

I find WSUS useful even with my smaller clients. I'd definitely use it with
a dozen workstations involved.

"Dave Solly" <DaveS@newsgroup> wrote in message
news:FD06CFEB-03C2-49A1-A62A-2C2E7FFCBDA4@newsgroup

> Thanks for the suggestion Steve.
>
> I've already added *.download.microsoft.com and
> *.windowsupdate.microsoft.com to the existing *.windowsupdate.com in
> theMicrosoft Update Sites rule and this made no difference. IE6 is at SP3
> so
> should include the 871260 fix.
> WSUS is an option, though this seems rather overkill for a dozen clients.
> It would be good to understand what this HTTPS access is for - can't see
> why
> SSL is needed for windows update.
> --
> Dave Solly
>
>
> "SteveB" wrote:
>

>> Have you checked out this kb? http://support.microsoft.com/kb/885819
>>
>> You might also consider installing WSUS so you can centrally manage the
>> MS
>> updates for the XP clients.
>>
>> "Dave Solly" <DaveS@newsgroup> wrote in message
>> news:2AF1BC9F-91B0-48BE-8CBA-139525AFD701@newsgroup

>> >I have just become aware that Automatic Updates (whether Windows or
>> > Microsoft) are no longer working on XP clients on our SBS2003 Premium
>> > network. Monitoring ISA 2004 shows that it initially allows HTTP
>> > access
>> > under the builtin "Microsoft Update Sites" rule, but then denies an
>> > HTTPS
>> > connection to another site (65.55.184.16 on one instance, but this
>> > seems
>> > to
>> > vary). I can't obtain a reverse DNS lookup on these sites (not sure
>> > why
>> > ?),
>> > so that means this URL-based rule (*.windowsupdate.com etc) wouldn't be
>> > expected to work. I guess this is a recent change to Windows Update ?
>> > I
>> > can't resolve it by creating an IP-based rule instead, since I don't
>> > know
>> > all
>> > the IP addresses MS might use here. SO, how do I get Automatic Updates
>> > going
>> > again ? This is very frustrating as I'm having to update all clients
>> > manually !
>> > Any ideas appreciated.
>> > --
>> > Dave Solly

>>
>>
>> .
>>