6

Have a couple of locked down, standalone Windows 2008 R2 servers (not on a domain; no WSUS) that refuse to adhere to the proxy settings each morning at around 4:25AM EST with what I'm assuming is a probe to check for updates:

Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Funny thing is, the "you have updates" balloon always appears when there's indeed updates and "Check for Updates" always works fine. It's just some errand, scheduled probes that ignore the proxy for some reason, hits the firewall, and emails me an alert.

Really would like to quiet this down, but I'm at a loss as to where/why that's happening. Is there a bit I can flip in the registry to tell it to stop?

EDIT

Proxy is configured manually through Internet Explorer and as I've said, works fine.

netsh winhttp show proxy returns the correct proxy settings as well.

gravyface
  • 13,957
  • 19
  • 68
  • 100

3 Answers3

0

You could use Group Policy. Though the machine isn't part of a domain you can still set Policy's via GPEDIT.MSC. May I suggest the following:

Set the "Make proxy settings per-machine (rather than per user)" to Enabled. This setting is located under Computer Configuration\Administrative Templates\Windows Components\Internet Explorer.

Now setup your proxy settings in IE. These settings will be applied in the HKLM hive so they will be used system-wide. Now all services can use these settings.

Sven
  • 51
  • 2
  • Is this not the same as defining system-wide proxy settings with `netsh winhttp`? – gravyface Feb 16 '12 at 17:33
  • I am not sure. I have configured the Machine-based proxy and if I query the netsh winhttp setting, it tells me "Direct Access". Still all internet traffic flows through our proxy. – Sven Feb 17 '12 at 10:17
0

Ended up disabling Automatic Updates from doing any automated checks. I now do checks, downloads, and installs completely manually at set maintenance intervals each month and since then, servers are whisper quiet.

gravyface
  • 13,957
  • 19
  • 68
  • 100
-1

Event ID 16: http://technet.microsoft.com/en-us/library/cc735620(WS.10).aspx

This error might be caused by one of the following conditions:• The proxy server settings are incorrect. • Proxy authentication problems have occurred. • The connection between the client computer and the proxy server is broken.

Your Windows Update Agent can't find the proxy settings from IE

Here is how Windows Update finds proxy settings, from http://support.microsoft.com/kb/900935

The Automatic Updates service is configured to download and install updates from the Microsoft Windows Update Web site The Automatic Updates service can automatically download and install updates from the Windows Update Web site. The Automatic Updates service does not require user interaction because this service runs in the context of the Local System account. The Automatic Updates service does not have access to the user-specific proxy server settings that may be configured in Internet Explorer. WinHTTP has been employed, instead of WinInet in Internet Explorer, as the Automatic Updates service affects system wide level configuration and should require administrator level control. WinHTTP is considered as more appropriate in this type of usage scenario. The Automatic Updates service can only discover a proxy server by using one of the following methods:•The proxy server is manually configured by using the Proxycfg.exe tool for Windows XP and Windows Server 2003. For Windows Vista and newer OS, Netsh command is available to manually configure the proxy server. For more information about how to use the Proxycfg.exe tool, click the following article number to view the article in the Microsoft Knowledge Base: 289481 You may need to run the Proxycfg tool for ServerXMLHTTP to work

•Web Proxy Auto Detect (WPAD) settings are configured in either of the following locations in the network environment:◦The Domain Name System (DNS) options ◦The Dynamic Host Configuration Protocol (DHCP) options For more information about a related topic, click the following article number to view the article in the Microsoft Knowledge Base: 816320 How to configure firewall and Web proxy client Autodiscovery in Windows Server 2003

Resolution: http://support.microsoft.com/kb/900935

To use the Netsh.exe tool to configure a proxy server, follow these steps: 1.Click Start, click Run, type cmd, and then click OK. 2.At the command prompt, type netsh winhttp set proxy proxyservername:portnumber, and then press ENTER. In this command, replace proxyservername with the fully qualified domain name of the proxy server. Replace portnumber with the port number for which you want to configure the proxy server. For example, replace proxyservername with proxy.domain.example.com and replace portnumber with 80.

...

To verify the current proxy configuration by using the Netsh.exe tool To use the Netsh.exe tool to verify the current proxy configuration, follow these steps: 1.Click Start, click Run, type cmd, and then click OK. 2.At the command prompt, type netsh winhttp show proxy, and then press ENTER.

Garrett
  • 1,638
  • 4
  • 15
  • 25
  • Bounty expired while I was writing my post?... Dang... – Garrett Feb 03 '12 at 16:32
  • And clearly you didn't read the question thoroughly or you would've seen that I've (obviously) already configured the system proxy settings with `winhttp set proxy`. – gravyface Feb 03 '12 at 22:15
  • Well, Event ID 16 only happens when the settings are bad, authentication fails, or the network connection is broken. I suggest you engage Microsoft if you think you found a bug. – Garrett Feb 13 '12 at 20:57