> Also, I've tried the recommendation found below which I thought may
> solve the problem as I am using NTLM auth for my squid setup but it did
> not work.
>
> http://www.mail-archive.com/squid-users@squid-cache.org/msg32828.html
>
> Elvar wrote:
>> Hello list,
>>
>> I have two identical FreeBSD firewalls running squid-2.6.5 at two
>> different school systems and roughly about two months ago the windows
>> update site stopped working at both sites. Any time a user tries to
>> run windows update it eventually times out. Everyones web browser is
>> set up to point directly to the firewall running squid on port 8080
>> which is dansguardian-2.9.8.0. Has anyone else had this happen? Is
>> anyone else having problems getting windows update to work through
>> Squid / Dansguardian? If so and you have found a resolution I would
>> greatly appreciate it if you could share the fix details.
>>
I have seen this happen when experimenting with transparency. Though the
cause can also occur with other proxy setups.
It seems WindowsUpdate starts nicely on HTTP and loads the M$ pages then
to do the actual system scan it needs a *direct* HTTPS connection to
call-home with. The solution for me was to allow SSL outbound through the
firewall to the IP of www.update.microsoft.com.
The successful https link lasts for an entire 1-2 seconds then disappears
from the process. But if it fails WU goes to its 'error timed out/unable
to connect/check your http settings' screen.
Amos
Received on Wed Jul 18 2007 - 18:02:22 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT