Unauthorised access problems in WSUS3 SP1

Discussion in 'Update Services' started by Blood, Apr 7, 2008.

  1. Blood

    Blood Guest

    Hi folks

    I have WSUS3 SP1 installed on a Windows 2003 server 'Appliance' Edition on a
    Dell Powervault 745n.

    Although the server is part of the (single) domain, it is usually run using
    the local administrator account. I have been using using WSUS for over a year.

    Recently, I have been getting unuathorised access errors in the logs e.g.:

    2008-04-07 00:08:01 192.168.0.70 GET
    /selfupdate/WSUS3/x86/Other/wsus3setup.cab 0804070008 80 - 192.168.0.2
    Windows-Update-Agent 401 2 2148074254

    2008-04-07 00:09:32 192.168.0.70 POST /ApiRemoting30/WebService.asmx - 80 -
    192.168.0.70
    Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.1433) 401 1 0

    I use group policy on our domain controller to direct all clients (30) to
    the server and all clients are configured to join the single computer group
    setup in WSUS3.

    I have looked at the permissions of the SelfUpdate tree in both IIS6 and in
    Program Files\Update Services\Selfupdate etc and both local and domain users
    (local server/Users, domain/Everyone and domain/Authenticated Users) have
    read/execute/traverse and list folder contents permissions.

    I've done some research on this but do not really understand how this
    functions and what may be causing this problem.

    Can anyone offer any advice please?

    Many thanks
     
    Blood, Apr 7, 2008
    #1
    1. Advertisements

  2. I'm not aware of any "Appliance Edition", but I do know that there are three
    versions you can get exclusively from an OEM.
    [a] Web Edition
    Data Center Edition
    [c] Storage Server

    Given that this is a PowerVault, I'll guess [c] Storage Server, at which
    point I then must observe that installation of non-OEM approved applications
    on a Storage Server may invalidate your support agreement with Dell, not to
    mention the more basic point that WSUS not been tested, and (to my
    knowledge) is not supported on Storage Server.
    This is likely because the access permissions on the ~/selfupdate virtual
    directory are no longer set to enable Anonymous Access.
    Or that the virtual =server= has had Anonymous Access disabled

    Or that a remote admin client is trying to connect to the WSUS Server
    without the requisite trust (I.e. members of the same domain).


    --
    Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
    Senior Data Architect, APQC, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2008)

    MS WSUS Website: http://www.microsoft.com/wsus
    My Websites: http://www.onsitechsolutions.com;
    http://wsusinfo.onsitechsolutions.com
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
     
    Lawrence Garvin [MVP], Apr 8, 2008
    #2
    1. Advertisements

  3. Blood

    Blood Guest

    Hello Lawrence

    Many thanks for your reply. I understand your point about support issues,
    thanks for mentioning them.

    I checked the permissions and Anonymous access had been unchecked.

    I hope that sorts it out.

    Thank you very much
     
    Blood, Apr 8, 2008
    #3
  4. Blood

    Blood Guest

    Just to clarify the situation - everything is working as it should now. I had
    been getting lots of 'SelfUpdate is not working' messages in the Application
    log. after checking the Enable Anonymous access control, a message appeared
    stating SelfUpdate was working followed by another stating wsus was working
    properly.

    Thanks again Lawrence.
     
    Blood, Apr 10, 2008
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.