Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 9635 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

windowsupdate fails

Arthur.Bommele
Symptoms:
WSUS and manual Windows Update are extremely slow to such a degree that they fail or are otherwise unusable. Downloading .exe, .cab, and so on from other urls then 'download.windowsupdate.com' works just fine.

Situation:
Astaro configuration in question worked fine for months on ends. Now, even with all sorts of exceptions and temporary reconfigurations (like turning AntiVirus and everything else off and/or allowing everything), nothing seems to work.
Astaro HTTP Proxy is in Transparent Operation Mode with Full Transparent Mode turned off. It does not matter if the WSUS server is configured for either proxy use or no proxy use. Outcome is the same. Same goes for using BITSADMIN to force BITS downloads into either proxied or non proxied mode, foreground or background mode.

Assumptions:
It looks like that the Astaro applies a rule set found under the HTTP/S Menu (it does mention all the Exceptions made there), but also applies the rule set found under the HTTP/S Profiles Menu (Default Content Filter Action). However, both are manually configured to always allow 'download.windowsupdate.com'.
Compare these two log entries. What's the difference here? Why is one blocked and the other allowed? 

2010:10:15-10:06:05 ASG110 httpproxy[3948]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" user="" statuscode="206" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="265777" time="63914 ms" request="0xaf4aafc8" url="download.windowsupdate.com/.../mpam-d_0e36f3ec55d288cd9a4a264044d5c37cbc417e48.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""

2010:10:15-10:19:29 ASG110 httpproxy[3948]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="***.***.***.***" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="175404" time="100574 ms" request="0x8cbe8e8" url="download.windowsupdate.com/.../mpam-d_49cac6018dc3364bf4b9ab8596812579842dfce8.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""


Question:
How do I force the Astaro to always allow everything that comes from 'download.windowsupdate.com' in whatever shape or form? No matter what the Astaro might think of it.

Here are some more Log File entries: 

2010:10:15-10:06:05 ASG110 httpproxy[3948]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" user="" statuscode="206" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="265777" time="63914 ms" request="0xaf4aafc8" url="download.windowsupdate.com/.../mpam-d_0e36f3ec55d288cd9a4a264044d5c37cbc417e48.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""

2010:10:15-10:06:12 ASG110 httpproxy[3948]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="***.***.***.***" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="376 ms" request="0xaf4aafc8" url="download.windowsupdate.com/.../mpam-d_49cac6018dc3364bf4b9ab8596812579842dfce8.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""



2010:10:15-10:07:38 ASG110 httpproxy[3948]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="***.***.***.***" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="31524" time="86258 ms" request="0xaf4aafc8" url="download.windowsupdate.com/.../mpam-d_49cac6018dc3364bf4b9ab8596812579842dfce8.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""

2010:10:15-10:17:49 ASG110 httpproxy[3948]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="***.***.***.***" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="59282" time="140701 ms" request="0xaf464758" url="download.windowsupdate.com/.../mpas-fe_c638d2152c77a9a6a518bf2476905bb46e24c0a6.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""



2010:10:15-10:18:23 ASG110 httpproxy[3948]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" user="" statuscode="206" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="17450" time="19263 ms" request="0x8d034e8" url="download.windowsupdate.com/.../asentdat-x64-3.3.9406.504_c11967d45df85ad2419c6c6aa9704f215f0e2cd7.cab" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""

2010:10:15-10:18:32 ASG110 httpproxy[3948]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="***.***.***.***" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="330 ms" request="0x8d034e8" url="download.windowsupdate.com/.../am_delta_patch1_2f20263612d03864fa61378cccb9bcbe8671bed2.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""



2010:10:15-10:19:29 ASG110 httpproxy[3948]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="***.***.***.***" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="175404" time="100574 ms" request="0x8cbe8e8" url="download.windowsupdate.com/.../mpam-d_49cac6018dc3364bf4b9ab8596812579842dfce8.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""



2010:10:15-10:19:33 ASG110 httpproxy[3948]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="***.***.***.***" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="79760" time="60675 ms" request="0x8d034e8" url="download.windowsupdate.com/.../am_delta_patch1_2f20263612d03864fa61378cccb9bcbe8671bed2.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""

2010:10:15-10:19:42 ASG110 httpproxy[3948]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="***.***.***.***" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" time="326 ms" request="0x8d034e8" url="download.windowsupdate.com/.../am_delta_patch1_f8b5c64c93896d8317168959172beb7e080f8fa0.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""



2010:10:15-10:20:35 ASG110 httpproxy[3948]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="***.***.***.***" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="89150" time="78819 ms" request="0xaf4e9600" url="download.windowsupdate.com/.../mpam-fe_325e5902254c107558ea41e6cc6827a072d4671d.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""

2010:10:15-10:21:19 ASG110 httpproxy[3948]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="***.***.***.***" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="72480" time="96755 ms" request="0x8d034e8" url="download.windowsupdate.com/.../am_delta_patch1_f8b5c64c93896d8317168959172beb7e080f8fa0.exe" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache" error=""


This thread was automatically locked due to age.
Parents
  • 0
    action="pass" [...] size="79760" time="60675 ms" 

    That's a sign that the proxy isn't working well with the windowsupdate site.  The blocked lines all show this.  Anytime something changes unexpectedly, it pays to check the Intrusion Prevention log.

    It does not matter if the WSUS server is configured for either proxy use or no proxy use. Outcome is the same.

    Do you mean that the downloads to the WSUS server are slow, or that the uploads to local PCs from the WSUS are slow?  If the latter, you might want to set all PCs to access local IPs directly rather than via the Astaro Proxy.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    action="pass" [...] size="79760" time="60675 ms" 

    That's a sign that the proxy isn't working well with the windowsupdate site.  The blocked lines all show this.  Anytime something changes unexpectedly, it pays to check the Intrusion Prevention log.

    It does not matter if the WSUS server is configured for either proxy use or no proxy use. Outcome is the same.

    Do you mean that the downloads to the WSUS server are slow, or that the uploads to local PCs from the WSUS are slow?  If the latter, you might want to set all PCs to access local IPs directly rather than via the Astaro Proxy.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data