Share via

Configure reverse proxy for windows update

Anonymous
2024-02-20T14:19:28+00:00

Hello,

We have the following scenario :

We have multiple windows servers in our infrastructure which needs to get updates from Microsoft but they don't have internet connection

We have deployed a reverse proxy(nginx) and in it's config we have defined a path "wsus.local" which we want to point to some online windows update location to avoid deploying a wsus in our infrastructure.

Unfortunately it is not working.....we modified the config like : gpedit ->Computer Configuration -> Windows Componenets -> Windows Update -> Configure Automatic Updates -> Specify Intranet Microsoft update service location, and also setting a proxy with netsh.

We should mention that if we are using our own wsus , it is working.

Nginx config(we tried every server mentioned without luck) :

upstream wsus_backend { 

server x.x.x.x:8530;

server windowsupdate.microsoft.com:80;

server download.windowsupdate.com:80;

server download.microsoft.com:80;

server wustat.windows.com:80;

server ntservicepack.microsoft.com:80;

server go.microsoft.com:80;

server dl.delivery.mp.microsoft.com:80;

}

Our question is : It is even possible what we are trying to achieve?

Thanks in advance

* Moved from Windows/other

Windows for business | Windows Server | Networking | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-02-20T16:07:03+00:00

    Hello there, I'm Gopal an Independent Advisor. I will try my best to help you.

    I apologize, Community is just a consumer forum, due to the scope of your question( Windows server updates), can you please post this question to our sister forum on Microsoft Q&A: https://learn.microsoft.com/en-us/answers/

    Windows server forum: https://answers.microsoft.com/en-us/windowserver

    This platform is specifically designed for IT administrators and professionals, providing a better chance of receiving a knowledgeable and prompt response to your query.

    Regards,

    Gopal

    0 comments
  2. Anonymous
    2024-02-22T22:02:21+00:00

    Hello, I will help with your problem as a support member.

    Can you share the following command result?

    Your netsh command may be incorrect.

    • netsh winhttp show proxy

    Also, can you share the nginx log file?

    I would like to investigate the reason for the connection failure from the logs.

    Best regards,

    Yu

    0 comments
  3. Anonymous
    2024-03-08T08:22:41+00:00

    Hi,

    netsh winhttp show proxy :

    Current WinHTTP proxy settings: 

    Direct access (no proxy server).

    Logs from nginx :

    tcp-access

    ============

    x.x.x.x TCP 200 4228 0 0.301 "20.72.235.82:443" "181" "4228" "0.148"

    =============

    tcp-error :

    =============

    [info] 22#22: *13 client x.x.x.x:49975 connected to 0.0.0.0:443

    [info] 22#22: *13 proxy 172.20.0.3:37958 connected to 20.72.235.82:443

    [info] 22#22: *13 client disconnected, bytes from/to client:0/4228, bytes from/to upstream:4228/181

    nginx config :

      map $ssl_preread_server_name $name { wsus.local wsus_backend;}

      upstream wsus_backend { server windowsupdate.microsoft.com:443;}

    0 comments