> Also, I've tried the recommendation found below which I thought may > solve the problem as I am using NTLM auth for my squid setup but it did > not work. > > http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg32828.html > > Elvar wrote: >> Hello list, >> >> I have two identical FreeBSD firewalls running squid-2.6.5 at two >> different school systems and roughly about two months ago the windows >> update site stopped working at both sites. Any time a user tries to >> run windows update it eventually times out. Everyones web browser is >> set up to point directly to the firewall running squid on port 8080 >> which is dansguardian-2.9.8.0. Has anyone else had this happen? Is >> anyone else having problems getting windows update to work through >> Squid / Dansguardian? If so and you have found a resolution I would >> greatly appreciate it if you could share the fix details. >> I have seen this happen when experimenting with transparency. Though the cause can also occur with other proxy setups. It seems WindowsUpdate starts nicely on HTTP and loads the M$ pages then to do the actual system scan it needs a *direct* HTTPS connection to call-home with. The solution for me was to allow SSL outbound through the firewall to the IP of www.update.microsoft.com. The successful https link lasts for an entire 1-2 seconds then disappears from the process. But if it fails WU goes to its 'error timed out/unable to connect/check your http settings' screen. Amos
