Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 5079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WSUS MS Updates Fail with Web Protection ON

Mark_D_01
HI All
I think I have tried everything with this.
Please see pic for settings.
WSUS is set to UTM with proxy 8080.
WSUS has a seperate Web Protection Filter for the Server..
What happens is that the files download, but in the main WSUS console the file counter stayes the same and the file size dosn't clear when the download is finished, also the files in the "Updates section" the files say they failed to download.
If I turn off the Web Protection and even set proxy setting in WSUS to port 80 all works fine.
Also I have noticed that the concurrent connections  slowly increase over time with Web protection on.

Thoughts


This thread was automatically locked due to age.
  • 0
    More Info


    2015:09:14-08:00:25 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.0.10" dstip="61.9.209.168" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="89248" request="0x2c9c2800" url="wsus.ds.download.windowsupdate.com/.../x-do***ec"
    2015:09:14-08:00:29 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.0.10" dstip="61.9.209.168" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="89248" request="0x2c9c4000" url="wsus.ds.download.windowsupdate.com/.../x-do***ec"
    2015:09:14-08:00:34 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.0.10" dstip="23.1.240.130" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="89248" request="0x8ffa000" url="wsus.ds.download.windowsupdate.com/.../x-do***ec"
    2015:09:14-08:00:34 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="172.16.0.10" dstip="23.1.240.130" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="0" request="0x2c943800" url="wsus.ds.download.windowsupdate.com/.../octet-stream" application="msbits" app-id="307"
    2015:09:14-08:00:39 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.0.10" dstip="23.1.240.130" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="171926" request="0x2c943800" url="wsus.ds.download.windowsupdate.com/.../x-do***ec"
    2015:09:14-08:00:44 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.0.10" dstip="23.1.240.130" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="265366" request="0x2cab5800" url="wsus.ds.download.windowsupdate.com/.../x-do***ec"
    2015:09:14-08:00:48 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.0.10" dstip="23.1.240.130" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="102400" request="0x2c3c4800" url="wsus.ds.download.windowsupdate.com/.../x-do***ec"
    2015:09:14-08:00:54 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.0.10" dstip="23.1.240.130" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="101846" request="0x232a6000" url="wsus.ds.download.windowsupdate.com/.../x-do***ec"
    2015:09:14-08:00:54 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="HEAD" srcip="172.16.0.10" dstip="23.1.240.130" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="0" request="0x2ca1e800" url="wsus.ds.download.windowsupdate.com/.../octet-stream" application="msbits" app-id="307"
    2015:09:14-08:01:00 fmaster httpproxy[6266]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.0.10" dstip="23.1.240.130" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWsusServer (WSUS Server)" filteraction="REF_HttCffWsus (WSUS)" size="171928" request="0x2ca1e800" url="wsus.ds.download.windowsupdate.com/.../x-do***ec" 

    I see "0" size files all the time?

    Mark
  • 0
    Nothing obviously wrong in the logs.  File size 0 is normal for HEAD requests (as opposed to GET).

    Since you are not proxying HTTPS traffic, do you have a firewall rule that allows it?

    This doesn't help you, but this is using BITS to do the transfer.  BITS uses range requests which can be more problematic for the proxy.  Range requests allow it to download the middle of a file - which the AV scanner hates.  However AV scanning is off and there are no error messages.

    Perhaps wireshark on the WSUS server to see if there is anything else going on.
  • 0
    Thanks Michael
    Yes a FW rule for http/s is enabled for that server.
    It's just frustrated me for ages and I thought I'd try here.

    Thanks
Unfiltered HTML