Fix the Windows Update Problem for Web Proxy Clients.

Prior to upgrading to Windows XP Professional, I used Windows 2000 Professional on my production workstations. I never used the Windows Update feature when I ran the Windows 2000 machines, because sometimes the updates had a bad side effect of whacking the Windows 2000 box. The fixing was always problematic, and I never found a way that was cheap, easy and reliable to get back to where I was before the Update broke the machine.

The Windows Update problem is less annoying in Windows XP because Windows XP has the ability to automatically take snap-shots of the system configuration and then allow you to roll-back to a previous configuration using a nice, automated process. Since the Restore feature is so useful in Windows XP, I decided to try Windows Update again.

The problem was that it didn’t work on my machine that was configured as a SecureNAT, Firewall and Web Proxy client! It tends to unnerve me when things don’t work because of ISA Server because I’m supposed to know what I’m doing. Fact is, no one really knows what they’re doing when it comes to ISA Server.

There are a couple of ways to fix thing. The first method, which I’ll refer to as the “Kludge” technique, involves the HTTP Redirector. The second method, which I’ll refer to as the “Correct” method, involves configuring the Web Proxy client.

The Kludge Method

Since I had no idea what was wrong with the Windows Update, I decided for no good reason that it was a problem with the Web Proxy service. I have noticed on empiric observation that a lot of applications don’t seem to get along with the Web Proxy service. Many of these applications are adversely affected by authentication, but even when you don’t force authentication, you can still run into difficulties.

The key to the Kludge method is to remove the Web Proxy client configuration, and then make sure the client is configured as a SecureNAT or Firewall client. Then reconfigure the HTTP Redirector Filter to forward requests directly to the Web Server. Here’s how:

  1. Open Internet Explorer. Click the Tools menu and then click Internet Options.
  2. Click the Connections tab in the Internet Options dialog box.
  3. On the Connections tab, click the LAN Settings button.
  4. In the Local Area Network (LAN) Settings dialog box, remove the checkmarks from all the checkboxes. You can put them back later if you want. Click OK.

  1. Click OK again in the Internet Options dialog box.
  2. Close all instances of Internet Explorer.
  3. Go to the ISA Server machine and open the ISA Management console. Expand your server or array name, and then expand the Extensions node.
  4. Click on the Application Filters node and then double click on the HTTP Redirector Filter entry in the right pane.
  5. Click on the Options tab in the HTTP Redirector Filter Properties dialog box.
  6. In the Options tab, select the Send to requested Web server option. Click Apply and then click OK.

This works fine, but its not an idea solution because it allows SecureNAT and Firewall clients to bypass the Web Proxy service. In general, you don’t want to do this, because all browsers should be configured as Web Proxy clients.

The Correct Method

I stumbled upon the correct method by perusing some KB articles. No one I couldn’t figure this out! It appears that the problem is related to how the Web Proxy service handles requests from non-HTTP 1.1 client clients that are also configured as NTLM clients to the authenticating proxy server. If you don’t configure the Web browser to send HTTP 1.1 through to the Web Proxy service, Windows Update won’t work!

Do this to fix the problem:

  1. Open Internet Explorer. Click the Tools menu and then click the Internet Options command.
  2. In the Internet Options dialog box, click the Advanced tab.
  3. Scroll through the list of options and find the Use HTTP 1.1 through proxy connections entry. Put a checkmark in the checkbox to the left of the entry.
  4. Click OK in the Internet Options dialog box.
  5. Close all instances of Internet Explorer.

When you restart Internet Explorer, you’ll find that you can magically access the Windows Update site!

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top