386 error

386 error

Post by this_lan » Tue, 02 Aug 2005 22:27:11

I have a windows 2003 SP1 server with SUS installed working perfectly. I
installed WSUS with the idea that I could migrate everything across but
cannot get the WSUS through the proxy server to get the updates despite
using the same credentials that SUS uses.

All that happens in That I get a 386 error in the event log of the WSUS
server and the following details from the WSUS pages.

WebException: The underlying connection was closed: Unable to connect to the
remote server. ---> System.Net.WebException: The remote server returned an
error: (407) Proxy Authentication Required.
at System.Net.HttpWebRequest.CheckFinalStatus()
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
proxy, WebServiceCommunicationHelper webServiceHelper)
authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie
cookie, WebServiceCommunicationHelper webServiceHelper)

I have looked through the groups already but guess I am missing something.
(like the idiots guide to fixing this)

all help would be greatly appreciated


386 error

Post by Lawrence G » Wed, 03 Aug 2005 01:39:44

Two documents you might find helpful, Neil.

The SUS-to-WSUS Migration Guide, which gives explicit details on
accomplishing the migration, and
The WSUS Deployment Guide, which provides explicit details on configuring
WSUS to work in a proxy based environment.

In a nutshell, though, you're getting '407' errors from your proxy server,
indicating that you've not configured the requisite proxy authentication
parameters on the Synchronization Options page of WSUSAdmin.


386 error

Post by this_lan » Wed, 03 Aug 2005 20:31:58

I have read this but gained no further insight into a resolution

Yes I agree that is the problem but how to solve it I am unsure.

I use exactly the same credentials as the SUS server. The only difference
being instead of using \\domain\user there is a seperate box for the domain.
When I try to run the sync it locks the account out as if the password is
wrong. I am convinced that the password is corrent by the way and have
checked and unchecked the box that says allow basic authentication with no

386 error

Post by Lawrence G » Thu, 04 Aug 2005 03:15:43

n the Synchronization Options page of the WSUS Admin Console, in the
section captioned "Proxy Server"

1. Check the box marked "Use a proxy server when sychronizing"

2. In the field "Server name:" enter the /systemname/ of the proxy server.
Not the FQDN, and without any protocol identifiers. (e.g. The following are
(a) http://proxyserver
(b) proxyserver.mydomain.com
The correct form is:

3. Enter the port number your proxy server listens on.

NOTE: The proxy server needs to be able to support /simultaneous/ client
connections on both port 80 and port 443. If the proxy server cannot switch
between those ports on demand, e.g. it cannot recognize the difference
between an http:// request (on port 80) and an https:// request (on port
443), then you will have additional issues to overcome with your proxy

4. Check the box marked "Use user credentials to connect to the proxy

5. Enter the User name of an account authorized to use your proxy server. (I
suggest you create a special account just for the WSUS server that has
appropriate rules and permissions defined as needed by a WSUS server.)

6. Enter the Domain of the above User name account.

7. Enter the Password of the above User name account.

8. If your proxy server is not an MS product, or does not support NTLM or
Kerberos authentication, you may need to check the box to "Allow basic
authentication" in order to provide clear text authentication.

"this_land" <neilalastair@(hotmail).(comm)> wrote in message
news: XXXX@XXXXX.COM ...


386 error

Post by this_lan » Thu, 04 Aug 2005 18:27:46

I am using ISA 200 Standard edition.

My connection are on port 8080 and 8443. This was set up by an external
consultant and cannot be changed.
I can tell WSUS about the 8080 one as there is a box to do this. But how do
I tell it about the 443 needing to be 8443?

386 error

Post by Lawrence G » Thu, 04 Aug 2005 23:27:49

Well, they may have been set up by an external consultant, but that doesn't
mean they /cannot/ be changed. :-)

However, we'll work with what you have. The good news is that the server has
been configured to support both.j

It appears to me (though I've not actually tested this as I do not have a
proxy server deployed), is to set the port-specific proxy configurations
using Internet Explorer, and then import those configurations into the
proxycfg.exe settings using 'proxycfg -u'. There is also a syntax for
setting them directly, but it's tedious and complex, and it seems that
importing the settings from IE is much simpler and more reliable.

Open Internet Explorer, select Tools > Internet Options, or open Control
Panel, and select Internet Options

From Internet Options, select the Connections tab, and click on the LAN
Settings button.

Select "Use a proxy server for your LAN"
Add the IP Address of your proxy server, and port number for HTTP
connectrions (8080 as you've noted here).
Select "Bypass proxy server for local addresses"

Click on the Advanced button

On the Proxy Settings dialog box, uncheck the option "Use the same proxy
server for all protocols"

Then, in the port column for "Secure", change the port number to 8443.

If you also support FTP or Gopher proxies, you can assign those port
numbers, or to disable the proxies entirely, delete the values configured.

Click on OK and close out of Internet Options.

Open a Command Prompt window and execute 'proxycfg.exe -u'

Then execute 'proxycfg' to confirm your settings are in place, and restest
your synchronization.