Share via

Configure reverse proxy for windows update

Anonymous
2024-02-20T14:19:28+00:00

Hello,

We have the following scenario :

We have multiple windows servers in our infrastructure which needs to get updates from Microsoft but they don't have internet connection

We have deployed a reverse proxy(nginx) and in it's config we have defined a path "wsus.local" which we want to point to some online windows update location to avoid deploying a wsus in our infrastructure.

Unfortunately it is not working.....we modified the config like : gpedit ->Computer Configuration -> Windows Componenets -> Windows Update -> Configure Automatic Updates -> Specify Intranet Microsoft update service location, and also setting a proxy with netsh.

We should mention that if we are using our own wsus , it is working.

Nginx config(we tried every server mentioned without luck) :

upstream wsus_backend { 

server x.x.x.x:8530;

server windowsupdate.microsoft.com:80;

server download.windowsupdate.com:80;

server download.microsoft.com:80;

server wustat.windows.com:80;

server ntservicepack.microsoft.com:80;

server go.microsoft.com:80;

server dl.delivery.mp.microsoft.com:80;

}

Our question is : It is even possible what we are trying to achieve?

Thanks in advance

* Moved from Windows/other

Windows for business | Windows Server | Networking | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-03-08T08:22:41+00:00

    Hi,

    netsh winhttp show proxy :

    Current WinHTTP proxy settings: 

    Direct access (no proxy server).

    Logs from nginx :

    tcp-access

    ============

    x.x.x.x TCP 200 4228 0 0.301 "20.72.235.82:443" "181" "4228" "0.148"

    =============

    tcp-error :

    =============

    [info] 22#22: *13 client x.x.x.x:49975 connected to 0.0.0.0:443

    [info] 22#22: *13 proxy 172.20.0.3:37958 connected to 20.72.235.82:443

    [info] 22#22: *13 client disconnected, bytes from/to client:0/4228, bytes from/to upstream:4228/181

    nginx config :

      map $ssl_preread_server_name $name { wsus.local wsus_backend;}

      upstream wsus_backend { server windowsupdate.microsoft.com:443;}

    Was this answer helpful?

    0 comments
  2. Anonymous
    2024-02-22T22:02:21+00:00

    Hello, I will help with your problem as a support member.

    Can you share the following command result?

    Your netsh command may be incorrect.

    • netsh winhttp show proxy

    Also, can you share the nginx log file?

    I would like to investigate the reason for the connection failure from the logs.

    Best regards,

    Yu

    Was this answer helpful?

    0 comments
  3. Anonymous
    2024-02-20T16:07:03+00:00

    Hello there, I'm Gopal an Independent Advisor. I will try my best to help you.

    I apologize, Community is just a consumer forum, due to the scope of your question( Windows server updates), can you please post this question to our sister forum on Microsoft Q&A: https://learn.microsoft.com/en-us/answers/

    Windows server forum: https://answers.microsoft.com/en-us/windowserver

    This platform is specifically designed for IT administrators and professionals, providing a better chance of receiving a knowledgeable and prompt response to your query.

    Regards,

    Gopal

    Was this answer helpful?

    0 comments