Mihlfeld 0 Posted July 23, 2013 Share Posted July 23, 2013 I more or less have the exact same issue that was posted here back in December: hxxp://www.wilderssecurity.com/showthread.php?t=338009 I, too, am running Microsoft WIndows Server Update Services (WSUS) 3.0 SP2 on a 32-bit Windows Server 2003 R2 machine. With protocol filtering enabled, I repeatedly get these two errors in the Application log in Event Viewer when it attempts to download updates: ===== Event Type: Error Event Source: Windows Server Update Services Event Category: Core Event ID: 10032 Date: 7/23/2013 Time: 5:36:37 AM User: N/A Computer: WSUS-SERVER Description: The server is failing to download some updates. For more information, see Help and Support Center at hxxp://go.microsoft.com/fwlink/events.asp. ===== Event Type: Error Event Source: Windows Server Update Services Event Category: Synchronization Event ID: 364 Date: 7/23/2013 Time: 5:28:36 AM User: N/A Computer: WSUS-SERVER Description: Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header. Source File: /msdownload/update/software/defu/2013/07/am_delta_patch_1.155.325.0_717c923552c0311b07a5ccd36c48a9c1407028ee.exe Destination File: d:\WSUS\WsusContent\EE\717C923552C0311B07A5CCD36C48A9C1407028EE.exe. For more information, see Help and Support Center at hxxp://go.microsoft.com/fwlink/events.asp. ===== I am running ESET File Security version 4.5.12011.0. I have added the protocol filtering exception mentioned in the link above: The issue was solved after exluding the following application in Computer protection > Antivirus and antispyware > Protocol filtering > Excluded applications:"C:\Program Files\Update Services\service\bin\wsusservice.exe" This, however, is not solving the problem for me. Disabling protocol filtering does work for me, but I'd rather leave it on and fix this proper. Are there any ideas what more I can do to resolve this problem short of disabling a feature in ESET File Security on this server? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,720 Posted July 23, 2013 Administrators Share Posted July 23, 2013 Please post the information about installed modules. Link to comment Share on other sites More sharing options...
Mihlfeld 0 Posted July 23, 2013 Author Share Posted July 23, 2013 I am uncertain what you are referring to when you say installed modules. Can you elaborate? Link to comment Share on other sites More sharing options...
Guest Lawrence Garvin Posted July 24, 2013 Share Posted July 24, 2013 The wsusservice.exe is not performing the downloads for the EXE file listed; that download is performed by BITS. I'm somewhat intrigued that it made any difference in the original issue in 2006. I believe that you'll need to exclude BITS as well. However, BITS runs within the context of a svchost.exe process running in the SYSTEM context, so you may have to open that pipe a bit wider. Link to comment Share on other sites More sharing options...
Mihlfeld 0 Posted July 25, 2013 Author Share Posted July 25, 2013 I found the svchost.exe process (C:\WINDOWS\System32\svchost.exe -k netsvcs) that is responsible for BITS, and see it's responsible for maybe about 20 services after poking around a bit in Process Explorer. How exactly would I go about adding this as an exception without doing all of svchost.exe processes? Link to comment Share on other sites More sharing options...
PatrickL 21 Posted August 1, 2013 Share Posted August 1, 2013 Mihlfeld, I would love to help resolve this for you. In order to do that, I need to know precisely what ESET software and version you have installed on this server as well as the version of OS it is running. You are welcome to reply to this forum or to send me a direct message with this information. That will help me understand the modules that you have installed and help determine the best solution for you. Link to comment Share on other sites More sharing options...
Mihlfeld 0 Posted August 8, 2013 Author Share Posted August 8, 2013 Sure. I'll send you a forum PM with details. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,720 Posted August 13, 2013 Administrators Share Posted August 13, 2013 I wonder if you browse websites that you need to keep http checking enabled on the server. It's always been disabled by default on servers as it may cause issues, for instance, due to bugs in Windows Filtering Platform. Do you have SSL scanning disabled? Link to comment Share on other sites More sharing options...
ramirez1 0 Posted May 15, 2014 Share Posted May 15, 2014 Any news on this. I'm having the same issue. I had to disable Web Access Protection in order for the updates to download. Please let me know if you need me to provide more info Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 948 Posted May 15, 2014 ESET Moderators Share Posted May 15, 2014 Hello Ramirez, there are 2 possible solutions: 1. disable protocol filtering completely if you don't need it. 2. make exception from protocol filtering for the process responsible (svchost.exe has been mentioned here) May I ask why do you need the protocol filtering (web access protection) on the server? Link to comment Share on other sites More sharing options...
ramirez1 0 Posted May 15, 2014 Share Posted May 15, 2014 Hello Ramirez, there are 2 possible solutions: 1. disable protocol filtering completely if you don't need it. 2. make exception from protocol filtering for the process responsible (svchost.exe has been mentioned here) May I ask why do you need the protocol filtering (web access protection) on the server? When I did the installation I just did the default installation. I didn't think about it until I saw the issue with the WSUS download. I'll leave the protocol filtering off as suggested. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 948 Posted May 15, 2014 ESET Moderators Share Posted May 15, 2014 O.K. thank you for keeping us posted. Report back in case of any issues. Link to comment Share on other sites More sharing options...
Recommended Posts