Here's an article on Microsoft's site... http://support.microsoft.com/default.aspx?scid=kb;en-us;885819 It suggests bypassing auth for these domains... http://download.windowsupdate.com https://*.windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com http://*.update.microsoft.com Graeme -----Original Message----- From: Aaron McDonnell [mailto:aaronm@xxxxxx] Sent: 15 August 2005 16:12 To: debian@xxxxxxxx Cc: Sunil S; squid-users@xxxxxxxxxxxxxxx Subject: Re: Windows update hangs Try adding download.windowsupdate.com. If you do a TCPDUMP you'll see it accesses that one as well. Aaron Lasse Mørk wrote: > Might be an option... > How do I do that? > I have tried > > acl WIN1 dstdomain update.microsoft.com > acl WIN2 dstdomain windowsupdate.microsoft.com > acl WIN3 dstdomain download.microsoft.com > > always_direct allow WIN1 > always_direct allow WIN2 > always_direct allow WIN3 > > But it still prompts for auth. > > > >>Are you getting your users to authenticate when they connect? >> >>Windows update looks like is not capable of working well with >>authenticating proxies. If you exclude URLs used by Windows updates from >>authenticating, it will go through. >> >>Look at access.log to see the URLs used by Windows Updates. >> >>Regards >> >>Sunil >> >>Sunil S >>Deputy Manager - ERP, >>Petroleum House Annexe - 2, >>Hindustan Petroleum Corporation Ltd., >>17 - JD Tata Road, Mumbai - 400 020. >> >>Phone: 91-22-22863273 >> 91-9323737162 >> >>>>>Lasse Mørk <debian@xxxxxxxx> 08/11/05 6:52 PM >>> >> >>Hi Aaron >>The squid is not running as a transperent proxy, and we have manually set >>the proxy settings in I-Explore. >> >>It works though, but takes 30min - 1hour or so to connect. And forever to >>download the updates. :( >> >> >> >>>Hi Lasse >>> >>>It could be related to the problem I'm having, depending on how your >>>proxy >>>it set up. I'm trying to build a box to manage the Quarantine network >>>in >>>our environment and the Windows Update site hangs/fails for me as well. >>>The >>>problem in my case is that Squid is a transparent proxy, and when you >>>click >>>on either the "Custom" or "Express" options, it briefly requires an SSL >>>connection to download.windowsupdate.com - since Squid doesn't seem to >>>have >>>a way to do that in transparent mode, it fails. >>> >>>If I set IE to use Squid as a proxy directly, it'll work. Have you >>>tried >>>setting the proxy settings directly in IE yet? >>> >>>Aaron >>> >>>Lasse Mørk wrote: >>> >>>>Is there anyway to get around this issue? >>>> >>>>It just stalls now where it looks for latest updates. >>>>Maybe without caching the windows update files? >>>> >>>>I am getting kinda desperate! >>>> >>>> >>>> >>>> >>>>>Hmm.. Dosn't seem to help :( >>>>> >>>>>It still lacks and run terrible slow. >>>>> >>>>> >>>>> >>>>>>On 8/11/05, Lasse Mørk <debian@xxxxxxxx> wrote: >>>>>> >>>>>> >>>>>>>Hey all >>>>>>> >>>>>>>squid 2.5.9-10 running debian. >>>>>>> >>>>>>>Does anyone knows what to do, when windows update hangs ? >>>>>>>Sometime it just stalls, but now and then it works, although it is >>>>>>>got >>>>>>>damn slow :( >>>>>>> >>>>>>>Including that, it prompts for user and passwords just before it >>>>>>>checks >>>>>>>for updates, I belive it is? >>>>>>> >>>>>>>Any solution to this? The best thing would be if it was possible to >>>>>>>cache >>>>>>>the updates, but it worst case I might have to remove the windows >>>>>>>update >>>>>>>site, from the proxy list. >>>>>>> >>>>>>>Thanks >>>>>>> >>>>>>> >>>>>> >>>>>> http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.54 >>>>>> >>>>>> M. >>>>>> >>>>> >>>>> >>>>> >>>> >>> >>>-- >>> >>>Aaron McDonnell >>>Network Administrator >>>Network Operations Centre >>>University of Western Ontario >>>Tel: 519-661-2111 ext. 86558 >>> >> >> >> >> >>This e-mail message is only to be used by intended recipients and all >>others may kindly >>delete it and notify the sender. Unless expressly authorized by HPCL, the >>views >>expressed and the message itself is that of the individual sender and >>recipients are >>cautioned to check messages/ attachments for any viruses before use. Users >>acknowledge that messages may contain confidential, proprietary or >>privileged >>information and that HPCL neither assures nor guarantees integrity or >>content of >>messages. >> > > > -- Aaron McDonnell Network Administrator Network Operations Centre University of Western Ontario Tel: 519-661-2111 ext. 86558 This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com
