نمایش نتایج: از شماره 1 تا 2 از مجموع 2
سپاس ها 1سپاس

موضوع: Allow WSUS updates to your ISA Server via HTTPS

  
  1. #1
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272

    Allow WSUS updates to your ISA Server via HTTPS

    کد:
    http://www.isaserver.bm/isa_articles/wsus_https.html

    As WSUS seems to be getting installed on most networks, I have created this article to make configuring a rule to allow your ISA Server to update itself via HTTPS.
    For this tutorial, WSUS was configured to use HTTPS, on port 8531, (HTTP port 8530).
    First of all you need to create the SSL tunnel by using ISAtpre, (available from Jim Harrison’s website, http://www.isatools.org/ISAtrpe.zip),
    Use 8531 in both the LowPort and HighPort fields, and call it WSUSSSL, then click add tunnel range.


    Now we can create the new protocols for the new access rule.
    1. The WSUS Protocol

    2. Add the new Protocol port

    3. No secondary connections.
    4. Click finish
    Follow steps 1 thru 4 to create the WSUSSSL protocol using the tunneled port created with ISAtpre, in this case 8531.
    If you do not have done so already, create a computer object for your ISA Server and one for your WSUS Server.


    We need to apply the protocols to the access rule, Kerberos – Sec (UDP), and the 2 protocols we created, WSUS and WSUSSSL.
    Right click on Firewall Policy, select new Access rule.


    Select Allow.


    Select the needed protocols

    Click Next.

    Add the ISA Server computer object

    Click next.

    Add the WSUS Server object.

    Click next.

    Leave all users in user sets

    Click next, then click finish.
    The new access rule should be higher in the Policy list than any deny rule that explicitly blocks the ports that we have just used.
    If you now update the WSUS autoupdate client,

    You will see a successful connection to the WSUS Server and it will receive it’s updates in due course.

    Although you are only seeing the HTTP connection, the WSUS reporting and agent functions are carried out on the WSUSSSL port.





    موضوعات مشابه:
    hashemie سپاسگزاری کرده است.

  2. #2
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272
    کد:
    http://araihan.wordpress.com/2009/08/13/install-and-configure-wsus-3-0-sp2-step-by-step/
    If you have ISA 2004/2006, you have to set WSUS policy in ISA firewall access rule. so that ISA doesn’t block communication between server and client. You don’t need to do it if nothing blocking between Client and Server communication.
    To publish WSUS policy, Go to ISA management console
    Go to Network Object and expand WEB listener, right click on web listener click new. Name should be netbios name of WSUS server. Follow the screen shot.



    Click next, click finish.
    On firewall publishing tasks, click on the publish a web server, follow the screen shot








    Right click WSUS Publishing policy, go to property and check web server and port

    On the paths add these path if not existing already


    uncheck verify and block option.
    All done. You are ready to go now.
    Troubleshooting
    Go to client machine, run gpupdate /force if client not showing on WSUS
    Run wuauclt /resetauthorization /detectnow command from client machine.
    Check Registry of client.






کلمات کلیدی در جستجوها:

wsus

allow wsus isa server 2006

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •