After installing WinGate 6.1.1 as HTTP proxy with KAV 2.0 plugin WSUS (Windows Software Update Service) failed to download files from Windows Update. KAV block the HTTP RANGE request, which WSUS uses.
Solution: do not scan traffic between WSUS and Windows Update site.
P.S. Long time couldn`t understand reason. May be, not me only... ;-)
WSUS+WinGate+KAV2.0 Plugin
Moderator: Qbik Staff
10 posts
• Page 1 of 1
WSUS+WinGate+KAV2.0 Plugin
by CPA3Y » Jun 17 06 1:15 am
- CPA3Y
- Posts: 5
- Joined: May 16 06 10:06 pm
- Location: Russia, Vologda
by Pascal » Jun 19 06 9:57 am
Thanks. We should probably add that to a default ignore list or put up an article, because it is a known scenario. The reason is that with range requests you could download infected content through a range boundary; so when plugins are installed the range requests will be disabled.
- Pascal
- Qbik Staff
- Posts: 2623
- Joined: Sep 08 03 8:19 pm
- Location: Auckland, New Zealand
WSUS+WinGate+KAV2.0 Plugin
by gpontikakos » Sep 04 07 11:11 pm
Hi all,
I am having the same problem with WSUS and wingate.
Is it possible to explain to me how I can set up KAV not to scan traffic from wsus and windows update site?
Thanks in advance!
I am having the same problem with WSUS and wingate.
Is it possible to explain to me how I can set up KAV not to scan traffic from wsus and windows update site?
Thanks in advance!
- gpontikakos
- Posts: 4
- Joined: Sep 04 07 11:07 pm
by logan » Sep 05 07 11:06 am
To stop KAV from scanning the Windows Update site:
- Gatekeeper -> Plugins -> Kaspersky AntiVirus 2.0 for WinGate -> Overrides
- Enter windowsupdate.com into the `Ignore URL:` input box
- Select `Site-wide`
- Click `Add to list`
- Enter microsoft.com into the `Ignore URL:` input box
- Click `Add to list`
- Click OK
- Gatekeeper -> Plugins -> Kaspersky AntiVirus 2.0 for WinGate -> Overrides
- Enter windowsupdate.com into the `Ignore URL:` input box
- Select `Site-wide`
- Click `Add to list`
- Enter microsoft.com into the `Ignore URL:` input box
- Click `Add to list`
- Click OK
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
by gpontikakos » Sep 05 07 8:39 pm
Thank you for the response!
I still get error 10032 "The server is failing to download some updates"
I have added the sites you told and also the sites that microsoft has in the deployment guide for wsus.
Perhaps if I set up two network cards, one for the intranet and one for the internet (so i can bypass the proxy server) this might solve the problem.
But I dont know how to do this. And in the past when i installed a second network card the console could not connect to the wsus database.
I still get error 10032 "The server is failing to download some updates"
I have added the sites you told and also the sites that microsoft has in the deployment guide for wsus.
Perhaps if I set up two network cards, one for the intranet and one for the internet (so i can bypass the proxy server) this might solve the problem.
But I dont know how to do this. And in the past when i installed a second network card the console could not connect to the wsus database.
- gpontikakos
- Posts: 4
- Joined: Sep 04 07 11:07 pm
by Nev » Sep 06 07 11:29 pm
Hi all,
WSUS also uses: SSL://www.update.microsoft.com:443 to synchronise.
Ok, it also uses servers in the client's region, for Australia:
http://au.download.windowsupdate.com/
This could be difficult to exclude unless the activity can be logged in GateKeeper.
Will report more if I see them.
Am not having any WSUS errors behind Wingate here though with KAV.
Ooops: Not using KAV for HTTP sorry ;-).
WSUS also uses: SSL://www.update.microsoft.com:443 to synchronise.
Ok, it also uses servers in the client's region, for Australia:
http://au.download.windowsupdate.com/
This could be difficult to exclude unless the activity can be logged in GateKeeper.
Will report more if I see them.
Am not having any WSUS errors behind Wingate here though with KAV.
Ooops: Not using KAV for HTTP sorry ;-).
Last edited by Nev on Sep 07 07 2:22 pm, edited 1 time in total.
--
Nev.
Nev.
- Nev
- WinGate Guru
- Posts: 861
- Joined: Sep 22 03 11:35 pm
- Location: Mudgee ~ NSW ~ Australia
by logan » Sep 07 07 7:43 am
There was also a problem with WinGate and Windows updates that was fixed in version 6.2.0. If you are using WinGate 6.1.4 or earlier, you may want to consider upgrading to the latest version.
Here's the changelog for version six.
http://www.wingate.com/showfaq.php?faqid=2
If you are still having a problem with your WSUS, can you obtain the following information from your WinGate installation and send it into the helpdesk at sales@qbik.com.
1. WinGate Registry.
GateKeeper --> Options menu --> Advanced --> Save Registry
2. WinGate Config Report
GateKeeper --> Options menu --> Advanced --> Save Config Report
3. ipconfig/all from the WinGate Server
(Windows) Start menu --> Run --> cmd --> ipconfig/all >> C:\ipa.txt
4. ipconfig/all from the WSUS Server
(Windows) Start menu --> Run --> cmd --> ipconfig/all >> C:\ipa.txt
Here's the changelog for version six.
http://www.wingate.com/showfaq.php?faqid=2
If you are still having a problem with your WSUS, can you obtain the following information from your WinGate installation and send it into the helpdesk at sales@qbik.com.
1. WinGate Registry.
GateKeeper --> Options menu --> Advanced --> Save Registry
2. WinGate Config Report
GateKeeper --> Options menu --> Advanced --> Save Config Report
3. ipconfig/all from the WinGate Server
(Windows) Start menu --> Run --> cmd --> ipconfig/all >> C:\ipa.txt
4. ipconfig/all from the WSUS Server
(Windows) Start menu --> Run --> cmd --> ipconfig/all >> C:\ipa.txt
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
by gpontikakos » Sep 18 07 7:15 pm
Hello again!!!
Thank you all for the help!!!
I tried all the solutions and I still get the error. I excluded windows update sites from Kaspersky, and I am using the previus version from the current one. The problem was solved (as I read to the change log) in a previus version than mine.
Although I still get the error, most updates are downloaded, but the error log is full!!
Thank you all in advance!!
Thank you all for the help!!!
I tried all the solutions and I still get the error. I excluded windows update sites from Kaspersky, and I am using the previus version from the current one. The problem was solved (as I read to the change log) in a previus version than mine.
Although I still get the error, most updates are downloaded, but the error log is full!!
Thank you all in advance!!
- gpontikakos
- Posts: 4
- Joined: Sep 04 07 11:07 pm
by logan » Sep 20 07 12:23 pm
Do you have puresight installed aswell as KAV? Puresight will also strip the RANGE header from http requests like KAV does, so try adding the Windows Update sites to the puresight overrides aswell if you have it installed.
There is currently a problem with manually starting an update through the windows update website when your clients browser has HTTP 1.1 enabled. If you are trying to manually start an update from the windows update website, make sure HTTP 1.1 has been turned off in your Internet Options.
- Internet Explorer -> Tools -> Internet Options -> Advanced -> HTTP 1.1
- Disable "Use HTTP 1.1 through proxy connections
There is currently a problem with manually starting an update through the windows update website when your clients browser has HTTP 1.1 enabled. If you are trying to manually start an update from the windows update website, make sure HTTP 1.1 has been turned off in your Internet Options.
- Internet Explorer -> Tools -> Internet Options -> Advanced -> HTTP 1.1
- Disable "Use HTTP 1.1 through proxy connections
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
by gpontikakos » Sep 20 07 9:57 pm
Hello again!
I don't have puresite installed on the proxy server.
The funny thing is that most updates are downloaded. It very rare that an update hasn't download its files. But on the other hand the Application log is still full of errors.
I dont know what to do. Maybe I'll leave it like it is.
Thank you for the response!
I don't have puresite installed on the proxy server.
The funny thing is that most updates are downloaded. It very rare that an update hasn't download its files. But on the other hand the Application log is still full of errors.
I dont know what to do. Maybe I'll leave it like it is.
Thank you for the response!
- gpontikakos
- Posts: 4
- Joined: Sep 04 07 11:07 pm
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 15 guests