WSUS and Proxy

[YiannosG]

Guys im facing a problem and would like your opinion.

 

I have installed a WSUS on my SCCM server and configure SUP as per guides long time ago.

 

Now we have replace our internet access,proxies and company firewall.

Now our proxy sits on a DMZ behind firewall and our LAN is on the other side of the Firewall. FIrewall controls who goes to proxy, what goes to LAN and proxy allows the internet access.

 

Today i changed the proxy under SUP for synchronization to add the new one and the synchronization with MS started.

 

On my proxy i have define our LAN IP range to be accessed directly with out proxy from our clients.

 

Today i was monitoring my proxy and i was notticing that the request for WSUS was going through proxy instead of directly!

Tried adding the FQDN of the SCCM server to be on the allow list but nothing changed.When i browse the WSUS link from browser ( http://<SCCM>/ClientWebService/client.asmx ) my proxy was bypassed as it supposed to be.

 

The main problem is that if i allow the computer to find SCCM from Proxy, the IP gets NATed behind the Firewall so i cant get the IP of the client through WSUS (I can see the firewall IP).

Offcourse, this is completly wrong since it shouldn't ask for proxy at the first time. Maybe because we have define the proxy, it always uses it for the users??

 

Any help will be appriciated..

 

Hope i was clear...

[YiannosG]

Bump!

[YiannosG]

Ok after aloooooooooooooot of searching i manage to figure this out.

 

There is a tool on windows XP (works on windows 7 just need to copy it from an XP) proxycfg that tweeks the below entry

HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings

 

What you can do is 2 things;

Eithere run proxycfg [-p <server-name> [<bypass-list>]] which sets proxy server and optional bypass list, for example proxycfg -p PROXYSERVER http://sccmserver.mydomain.com or if you have defined in ur browser under local settings, a proxy with a bypass list of IPs/server you can use proxycfg -u to import the proxy settings of the user!Make sure you restart Automatic Windows Updates

 

Open windowsupdate.log and verify

 

2010-10-26 19:45:55:038 1028 11d4 Agent * WU client version 7.4.7600.226

2010-10-26 19:45:55:038 1028 11d4 Agent * Base directory: C:\Windows\SoftwareDistribution

2010-10-26 19:45:55:038 1028 11d4 Agent * Access type: Named proxy

2010-10-26 19:45:55:038 1028 11d4 Agent * Default proxy: PROXYSERVER

2010-10-26 19:45:55:038 1028 11d4 Agent * Default proxy bypass: http://sccmserver.mydomain.com

 

No more traffic on my ISA server

 

Will check WSUS tomorrow if i get the correct IP and update you on the matter

[YiannosG]

OK it looks like it working perfectly. Strangely although i have WPAD and it working on all clients they don't seem to bypass my proxy to access sccm server. so as a workaround the manual configuration as defined above works for me...