Forum Discussion

Brian_Day's avatar
Brian_Day
Level 6
18 years ago

WinHTTP proxy settings breaking WUA for anyone else?

We have active/passive Exchange 2003 clusters, and we also have active/passive EV 2007 clusters (using MSCS).

Our proxy bypass list looks like this on the mailbox servers. (The forum changed some content due to some of it looking like invalid HTML, hopefully it all makes sense still. :)


exchange-virtual-server-ip;
local;
ev-sitename;
ev-sitename.ourdomain.local;
ev-server1;
ev-server1.ourdomain.local;
ev-server1alias;
ev-server1alias.ourdomain.local;
ev-server1_node_a;
ev-server1_node_a.ourdomain.local;
ev-server1_node_b;
ev-server1_node_b.ourdomain.local;



Well, every time we do an EV upgrade, our WSUS updates break until I remove the proxy bypass list on the mailbox servers using 'proxycfg -D'.

Here is the excerpt from windowsupdate.log before I fixed it.

2007-09-10 08:55:42:985 856 2570 Agent *************
2007-09-10 08:55:42:985 856 2570 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2007-09-10 08:55:42:985 856 2570 Agent *********
2007-09-10 08:55:42:985 856 2570 Agent * Online = Yes; Ignore download priority = No
2007-09-10 08:55:42:985 856 2570 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2007-09-10 08:55:42:985 856 2570 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2007-09-10 08:55:42:985 856 2570 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2007-09-10 08:55:42:985 856 2570 Misc Microsoft signed: Yes
2007-09-10 08:55:45:267 856 2570 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: > Bypass List used : Auth Schemes used :
2007-09-10 08:55:45:267 856 2570 Misc WARNING: WinHttp: SendRequestUsingProxy failed for /our-sus-server.ourdomain.local/selfupdate/wuident.cab>. error 0x8024402c
2007-09-10 08:55:45:267 856 2570 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2007-09-10 08:55:45:267 856 2570 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2007-09-10 08:55:45:267 856 2570 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2007-09-10 08:55:47:532 856 2570 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: > Bypass List used : Auth Schemes used :
2007-09-10 08:55:47:532 856 2570 Misc WARNING: WinHttp: SendRequestUsingProxy failed for /our-sus-server.ourdomain.local/selfupdate/wuident.cab>. error 0x8024402c
2007-09-10 08:55:47:532 856 2570 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2007-09-10 08:55:47:532 856 2570 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2007-09-10 08:55:47:532 856 2570 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2007-09-10 08:55:49:798 856 2570 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: > Bypass List used : Auth Schemes used :
2007-09-10 08:55:49:798 856 2570 Misc WARNING: WinHttp: SendRequestUsingProxy failed for /our-sus-server.ourdomain.local/selfupdate/wuident.cab>. error 0x8024402c
2007-09-10 08:55:49:798 856 2570 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2007-09-10 08:55:49:798 856 2570 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2007-09-10 08:55:49:798 856 2570 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2007-09-10 08:55:52:064 856 2570 Misc WARNING: SendRequest failed with hr = 80072ee7. Proxy List used: > Bypass List used : Auth Schemes used :
2007-09-10 08:55:52:064 856 2570 Misc WARNING: WinHttp: SendRequestUsingProxy failed for /our-sus-server.ourdomain.local/selfupdate/wuident.cab>. error 0x8024402c
2007-09-10 08:55:52:064 856 2570 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x8024402c
2007-09-10 08:55:52:064 856 2570 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x8024402c
2007-09-10 08:55:52:064 856 2570 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x8024402c
2007-09-10 08:55:52:064 856 2570 Misc WARNING: DownloadFileInternal failed for http://our-sus-server.ourdomain.local/selfupdate/wuident.cab: error 0x8024402c
2007-09-10 08:55:52:064 856 2570 Setup FATAL: IsUpdateRequired failed with error 0x8024402c
2007-09-10 08:55:52:064 856 2570 Setup WARNING: SelfUpdate: Default Service: IsUpdateRequired failed: 0x8024402c
2007-09-10 08:55:52:064 856 2570 Setup WARNING: SelfUpdate: Default Service: IsUpdateRequired failed, error = 0x8024402C
2007-09-10 08:55:52:064 856 2570 Agent * WARNING: Skipping scan, self-update check returned 0x8024402C
2007-09-10 08:55:52:064 856 2570 Agent * WARNING: Exit code = 0x8024402C
2007-09-10 08:55:52:064 856 2570 Agent *********
2007-09-10 08:55:52:064 856 2570 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2007-09-10 08:55:52:064 856 2570 Agent *************
2007-09-10 08:55:52:064 856 2570 Agent WARNING: WU client failed Searching for update with error 0x8024402c
2007-09-10 08:55:52:064 856 1cac AU >>## RESUMED ## AU: Search for updates [CallId = {3CB530B1-2483-4AD1-94AF-799FED727496}]
2007-09-10 08:55:52:064 856 1cac AU # WARNING: Search callback failed, result = 0x8024402C
2007-09-10 08:55:52:064 856 1cac AU # WARNING: Failed to find updates with error code 8024402C
2007-09-10 08:55:52:064 856 1cac AU #########
2007-09-10 08:55:52:064 856 1cac AU ## END ## AU: Search for updates [CallId = {3CB530B1-2483-4AD1-94AF-799FED727496}]
2007-09-10 08:55:52:064 856 1cac AU #############



Is anyone else using A/P Exchange 2003 clusters with WSUS and EV? What does your bypass list look like? I'm thinking we'll need to add the exchange cluster node names/IPs, and maybe the WSUS server too.

Exchange and EV have no proxies/firewalls between tehm, so I don't even think we need this bypass list even though it was part of the install.

Thank everyone. :)
  • Sorry Brian, started to reply to this awhile back and got distracted.  :)
     
    You could set the proxycfg manually on the FE and resolve this.
     
    from the command line you would run the following:
     
    proxycfg -d -p "" ";sus.servername.com;exchange1;exchange2"
     
    first just type proxycfg and see what is already there.  Then just append the list to add the SUS servers.
     
     
  • Brian,
     
    I have seen this before.
     
    Add the following to the bypass list

    download.windowsupdate.com
    www.download.windowsupdate.com
    download.microsoft.com
    www.download.microsoft.com
    update.microsoft.com
    www.update.microsoft.com
    au.download.windowsupdate.com
    rs.update.microsoft.com

     

    Then run

    Net stop wuauserv

    Net start wuauserv

     

    Cheers,

  • Thank you, Tony.

    In our case it appears we'd need to add our our local WSUS server as well to that list as well; we do not use MS's servers unless logged into the box directly and doing an update through IE.

    I guess the underlying question here is, why use a bypass list at all if an organization has no proxies in place which could affect an Exchange or EV server? I'm of the mind that it would not break anything related to EV by ripping it out. True? False? :)
  • Removing them should break your OWA functionality to view archived items. (Just a little thing, I know. :) )
     
    If your OWA functionality works without them them pull them out, but if you have problems you will need to add them as a first step to troubleshooting.  It has to do with the communication back to the EV Server.
  • Tony, I just discovered something else.

    I got the back-end servers reporting into WSUS properly again (updated the exchangeservers.txt file).

    The front end severs seem to get their bypass list from reading the Exchange Org, is this true or is it from something else I'm forgetting? The problem is.... the F/E servers are broken with WSUS now as well and not checking in for updaets because of this. How can I configure it so that when I run the OWA/RPC script on the front-end servers, it also adds the values we did for the back-end servers?
  • Sorry Brian, started to reply to this awhile back and got distracted.  :)
     
    You could set the proxycfg manually on the FE and resolve this.
     
    from the command line you would run the following:
     
    proxycfg -d -p "" ";sus.servername.com;exchange1;exchange2"
     
    first just type proxycfg and see what is already there.  Then just append the list to add the SUS servers.
     
     
  • Thank you, Tony. We're looking into modifying the "C:\Program Files\Enterprise Vault\OWA\ProxyBypass.VBS" script the FrontEndServer2003 script calls to add the necessary servers automatically. If that doesn't work we'll go the manual way.