|
|
I have been receiving an error since the initial install of WSUS 3.0:
Content file download failed. Reason: The server does not support the
necessary HTTP protocol. Background Intelligent Transfer Service
(BITS) requires that the server support the Range protocol header.
Source File: /msdownload/update/v3-19990518/cabpool/windowsserver2003-
kb912919-ia64-enu_05a915cf36bdca04570d7760c0317f8e42ea9121.exe
Destination File: d:\WSUS\WsusContent
\21\05A915CF36BDCA04570D7760C0317F8E42EA9121.exe.
I have seen in other posts that it could be a firewall issue, but if I
update a machine locally, the firewall allows the updates to download,
so I don't think that the firewall is the issue. I have looked up the
problem in Technet and found this:
If you are unable to download update files to your local WSUS server,
your server might not support the necessary HTTP protocol
If synchronization of update files to your WSUS server fails, you
might see the following message in the corresponding event log:
Content file download failed. Reason: The server does not support the
necessary HTTP protocol. Background Intelligent Transfer Service
(BITS) requires that the server support the Range protocol
header.Source File: /msdownload/update/v3-19990518/cabpool/windows2000-
kb873339-x86-enu_500e4656b4f0ca3431565631989090bbeeb74bcc.exe
Destination File: %drive%\wsus\WsusContent\WsusContent\CC
\500E4656B4F0CA3431565631989090BBEEB74BCC.EXE.
This problem occurs if your proxy environment doesn't support HTTP 1.1
Protocol. You can manually work around this by running the following
commands at the command prompt to configure BITS.
To resolve this issue:
1. Type: net stop WSUSService, and then press ENTER.
2. Type: "%programfiles%\Update Services\tools\osql\osql.exe" -S
SQL_InstanceName -E -b -n -Q "USE SUSDB update tbConfigurationC set
BitsDownloadPriorityForeground=1" and then press ENTER.
3. Type: net start WSUSService.
4. Close the command prompt window and retry synchronization: in the
WSUS console, click Options, click Synchronization Options, and then
under Tasks, click Synchronize now.
I attempted to follow these instructions, but the problem is that the
%programfiles%\Update Services\tools directory dosen't have an osql
folder at all. Could that be because WSUS is running locally on my
SQL 2005 box?
What should I do?
|
|
Pappy wrote:
[Quoted Text] > Content file download failed. Reason: The server does not support the
> necessary HTTP protocol. [...]
Please confirm that this error is occuring on the WSUS server, downloading files
from Microsoft, rather than on a client downloading files from the WSUS server.
> I have seen in other posts that it could be a firewall issue, but if I
> update a machine locally, the firewall allows the updates to download,
> so I don't think that the firewall is the issue.
This logic is faulty, because WSUS server synchronisation occurs in a completely
different manner to client updates.
Do you have your WSUS server configured to use a proxy server? Can you bypass
it and connect directly to the internet from the WSUS server?
Harry.
|
|
On Jun 28, 3:19 pm, Harry Johnston <h...[ at ]scms.waikato.ac.nz> wrote:
[Quoted Text] > Please confirm that this error is occuring on the WSUS server, downloading files
> from Microsoft, rather than on a client downloading files from the WSUS server.
This issue has occured since initial installation, there are no
updates for any client to download, because I continue to get this
error.
> Do you have your WSUS server configured to use a proxy server? Can you bypass
> it and connect directly to the internet from the WSUS server?
No proxy and I can connect to the Internet with the server.
|
|
Pappy wrote:
[Quoted Text] >> Do you have your WSUS server configured to use a proxy server? Can you bypass
>> it and connect directly to the internet from the WSUS server?
>
> No proxy and I can connect to the Internet with the server.
OK, so there is no proxy server per se. This makes the particular error message
you report puzzling, because as far as I can tell it should only be possible
when there is a proxy server in between WSUS and Microsoft's servers.
So the next question becomes: is there any other software on the server running
WSUS which might be acting as a proxy? Does your firewall contain an embedded
proxy server?
... put another way, is there anything that could be interfering with the HTTP
traffic between WSUS and Microsoft?
Are you able to temporarily move the server outside of the firewall to check
whether that is the problem?
Harry.
|
|
"Harry Johnston" <harry[ at ]scms.waikato.ac.nz> wrote in message
news:OTiUyrduHHA.2268[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > Pappy wrote:
>
>>> Do you have your WSUS server configured to use a proxy server? Can you
>>> bypass
>>> it and connect directly to the internet from the WSUS server?
>>
>> No proxy and I can connect to the Internet with the server.
>
> OK, so there is no proxy server per se. This makes the particular error
> message you report puzzling, because as far as I can tell it should only
> be possible when there is a proxy server in between WSUS and Microsoft's
> servers.
>
> So the next question becomes: is there any other software on the server
> running WSUS which might be acting as a proxy? Does your firewall contain
> an embedded proxy server?
Certain *firewall* products will do this, with or without a proxy server.
In short, it's caused because whatever is routing the HTTP packets (and
opening, inspecting, and repackaging them -- ergo any Application level
security device), is not fully compliant with the HTTP v1.1 protocol
specification, and is mucking up the packages when it repackages them.
Almost always the keyword with this problem is SONICWALL.
> ... put another way, is there anything that could be interfering with the
> HTTP traffic between WSUS and Microsoft?
>
> Are you able to temporarily move the server outside of the firewall to
> check whether that is the problem?
Yikes! Now that's a *DANGEROUS* suggestion... Shame on you, Harry!
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
Lawrence Garvin (MVP) wrote:
[Quoted Text] >> So the next question becomes: is there any other software on the server
>> running WSUS which might be acting as a proxy? Does your firewall contain
>> an embedded proxy server?
>
> Certain *firewall* products will do this, with or without a proxy server.
>
> In short, it's caused because whatever is routing the HTTP packets (and
> opening, inspecting, and repackaging them -- ergo any Application level
> security device)
That's what I meant by "an embedded proxy server" though I suppose arguably that
phase is only accurate if the device also serves as a NAT.
>> Are you able to temporarily move the server outside of the firewall to
>> check whether that is the problem?
>
> Yikes! Now that's a *DANGEROUS* suggestion... Shame on you, Harry!
But all the cool kids are doing it!
Harry.
|
|
|
[Quoted Text] >Almost always the keyword with this problem is SONICWALL.
What about Firebox. I run a Watchguard Firebox 1000. Due to the fact
that I recently came to this job and had never heard of a Watchguard
Firebox (I am partial to Cisco PIX's and ASA's), I am not all that
familiar with it, and the manual that came with it leaves A LOT to be
desired.
But I thank you guys for all of your help so far, and don't worry
Lawrence, I won't be moving any servers outside of the firewall...
Unless it is a honeypot.
|
|
"Pappy" <sodapopsalot[ at ]gmail.com> wrote in message
news:1183387721.656930.262320[ at ]57g2000hsv.googlegroups.com...
[Quoted Text] > >Almost always the keyword with this problem is SONICWALL.
>
> What about Firebox. I run a Watchguard Firebox 1000. Due to the fact
> that I recently came to this job and had never heard of a Watchguard
> Firebox (I am partial to Cisco PIX's and ASA's), I am not all that
> familiar with it, and the manual that came with it leaves A LOT to be
> desired.
I've not heard of any scenarios with this product, but then, like you, I've
never heard of the product.
It's certainly probable that any firewall/proxy appliance developed prior to
the ratification of the HTTP v1.1 protocol specification would not support
it.
It's also possible (as appears to be the case with the SonicWall) that the
devices developed concurrently with the standard chose to disable the
protocol enhancement as their default configuration.
> But I thank you guys for all of your help so far, and don't worry
> Lawrence, I won't be moving any servers outside of the firewall...
> Unless it is a honeypot.
<G>
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
Thanks Guys. I got it. I had to set up a proxy on the firewall to
allow range headers, and point it specifically to the WSUS server.
|
|
|