Hi all.. I know that this is not the answer that you are looking for, but why not just install a WSUS server internally? Then point all your clients to it via AD policy. (me being a lazy bugger here!) Jay -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: 31 October 2007 02:43 To: Reinhard Haller Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: squid3 WindowsUpdate failed > Amos Jeffries schrieb: >> John Mok wrote: >>> Hi, >>> >>> I am using Squid3 nightly built 20071026 running on Ubuntu 6.06 LTS >>> with the compilation options :- >>> >>> ./configure --with-pthreads --enable-icap-client >>> >>> I tried both (i) the configurations with default option, or (ii) >>> icap-enabled options, the Windows client failed to get WindowsUpdate >>> (see the following log). >>> >> >> Where is this failure you speak of? >> The log you posted showed a proper link to WindowsUpdate, with all >> the static content coming from cache (TCP_HIT/TCP_IMS_HIT) and the >> dynamic pages and updates being brought in from M$ (TCP_MISS) >> >> If your client got the custom M$ "Windows Update failed" page. >> Then I suspect you have overlooked a M$ nasty: >> WU requires an HTTPS 'validation' test. >> You MUST permit an HTTP 'CONNECT' request to 65.55.184.125:443. >> (the IPA being that of www.update.microsoft.com from your current >> location) >> >> This bypass needs to be made on your firewall. WU will NOT always >> attempt it through the configured proxy :-( >> >> The best you can do is bypass it at the FW and also configure the >> proxy manually in IE, then run "proxycfg -u" in command line on the >> windows box, and hope that the particular box update level will use >> the proxy for it. >> >> >> Amos > Sorry Amos, > > the problem exists! It appeared with squid 3.0 RC1. After the > downgrade to 2.6 (urlgroup is missing in 3.0) I don't have any problem with WU. > The bypass in the firewall is not needed for proper operation. Lucky you, looks like you have a good up-to-date user base then :). Mine have trouble in WinXP SP1 and some earlier versions of the ActiveX WU'er they call MicrosoftUpdate. GenuineAdvantage my a*%#. > > Reinhard > IIRC others earlier found that WU used range requests to speed downloads. I have never confirmed this myself. Anyway, a bug has just been found in 3.0.RC1 that caused certain range requests to close prematurely. http://www.squid-cache.org/bugs/show_bug.cgi?id=2116 A fix has been incorporated in the next daily snapshot. If anyone is having this problem with 3.0.RC1, please give the 31 Oct or later snapshots a try and see if that fixes your problem. If its still present it will need to be reported as a bug with traces, etc. Thank you. Amos ______________________________________________________________________ This message (including any attachments) is confidential and may be privileged. It is intended for use by the addressee only. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. LeasePlan Corporation N.V. (including its group companies) shall not be responsible nor liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. LeasePlan Corporation N.V. (or its group companies) does not guarantee the confidentiality of this message, nor that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference." ______________________________________________________________________