Protocol filtering problem with Windows 10 and SME Server

[Peasantmk2 0]

Hello,

 

I have a small network that uses SME server as a gateway (https://wiki.contribs.org/Main_Page). I run 6 workstations in this, two of which run windows 10. One is a clean install, the other an upgrade from Windows 8.1. In both cases I am having problems with running Windows update when protocol filtering is enabled in ESET Smart Security or NOD32. Windows update errors with error 0x80245006. If protocol filtering is disabled, or enabled, but with ssl/tls filtering disabled, Windows update works fine.

 

I worked with technical support at ESET UK yesterday, and they managed to pin it down to an invalid certificate at the following URL:

 

https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx

 

They found this in the Windows update log.

 

This morning I decided to try connecting one of the workstations to a separate network that did not use SME Server, and Windows update worked as normal. I have raised a bug with the SME project, and the developers are asking for documentation on what is checked when protocol filtering is turned on. I have a copy of the user guide, but as I'm not a developer myself I'm not sure if that will go into enough depth for them. Is there any other documentation I could send them?

 

Also, if anyone has any further ideas as to what may be happening it would be much appreciated.

 

Thank you.

[Marcos 5,070]

If SSL communication is not intercepted and inspected on the gateway, there should be no issues with Windows update as the communication would not be scanned due to Microsoft's certificate being used. I'd suggest switching the SSL scanner to interactive mode and excluding the certificated from scanning, when prompted for an action. Then make a screen shot of the "List of known certificates" so that the text in all fields is fully visible and post it here.

[Peasantmk2 0]

Sorry, I've been busy for a while. I'll get onto this hopefully later this week. Thanks for replying.