(cross-post added to SBS General, WU NG)
vector090 said:
I have a Windows 2003 Small Business Server (SP1) that cannot run Windows
Update.
- All computers in the domain share the internet connection
- All computers, except the server, can get out to any websites including
windows update
- The server can go to any website except windows update
Be more precise about describing your symptoms when you need help.
E.g. there are probably things happening in each of your Status bar,
Title bar, Address bar and display area which could be significant clues
to explain the cause. Remember, your words have to substitute for what
our eyes might notice.
- I can nslookup to windowsupdate.microsoft.com and resolve
That may not be enough. E.g. notice that the name is an alias.
What happens if you try to ping using the alias? Does its lookup
resolve to the canonical name? BTW doing the ping might at least get
the lookup loaded in your dnscache but in order to cache the canonical name
you should try pinging it too. (At least that's what ipconfig /displaydns
is showing me how my cache operates. YMMV.) Also, note that the ping
may fail (e.g. timeout) but that doesn't matter; it's not what we're using
it for. In fact, as soon as it acknowledges the command I just cancel it
with Ctrl-c and then use ipconfig /displaydns to show the cached records.
After all that and in spite of how quickly I do my Ctrl-c notice the Time to live:
<example>
windowsupdate.microsoft.nsatc.net
----------------------------------------
Record Name . . . . . : windowsupdate.microsoft.nsatc.net
Record Type . . . . . : 1
Time To Live . . . . : 7
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 207.46.225.221
</example>
So if you are going to get any benefit at all from caching the ping's lookup
it looks as if you will need to be ready to do it quickly in another window. ; )
Another possibility regarding the symptoms purely from the point of view
of a DNS problem is that the lookup you are being given might be obsolete,
so if there is an ICMP server there ready to reply to a ping all it would do
is confuse the real connectivity status if there was no HTTP server active
there.
Otherwise, assuming that your DNS lookup is working fine (as you were
by using nslookup), the next logical thing to look at is if you are getting
through to an HTTP server using that address. telnet 80 or FiddlerTool
can help here by giving a clearer idea that HTTP is at least active
and that the data being served relates to Windows Update.
In fact, Fiddler is showing me that the first thing that happens would only
appear in your browser if you had disabled Active Scripting.
The simplest way to show that stage would be to change your security settings
level to High as it normally disables scripting (among other things.)
E.g. doubleclick on the security zone icon in the Status bar and then
press Alt-D,Alt-L,CursorUp
Otherwise a pure Javascript file (no HTML) would be automatically run:
http://windowsupdate.microsoft.com/redirect.js
and that might result in a redirect to a site which none of your DNS testing
so far would have proved to be possible.
So not seeing anything could perhaps be caused by the scripting.
Another possibility would be a third-party program such as an ad scraper
which actively changes the transmission by stripping out scripts. Etc.
Assuming your scripting is working fine, you could step through the
script using a script debugger or at least using prompting to be aware
of when scripts are being used. E.g. use the Custom Level of the
Security settings dialog to set Active Scripting to Prompt.
Keystrokes: Alt-D,Alt-C,W,S,P,Space,Enter (Hint: set the security
settings back to Default and then change just that one option.
The W is just a way of skipping a bunch of other labels
which start with S in order to find the one you need.)
BTW all these observations are being made on XPsp2 with IE7
so its possible that with a different User-Agent from the browser
something else entirely happens. I'm crossposting to a newsgroup
specializing in your OS in case someone can report such a difference.
- I reset all of the default levels for internet explorer
Any ideas?
Try tracing the requests and responses using Fiddler
or at least try generating some prompts to be aware if any
scripts are being driven. Unfortunately there are a *lot*
of scripts being used without anything being displayed
or changed in the Status bar, Title bar, or display area
but eventually you could get a clue from that technique.
Don't forget to change your Security settings back
to Default Level when you are through testing
if you try using the Prompt for scripting technique.
Good luck
Robert Aldwinckle
---