my Win 7 clients are reporting Updatefailure 80072F8F when transperent proxy with SSL ist enabled. If only transparent proxy is enabled it works. Certifikates are installed. https sites are working perfectly. I red that this is a known issue with squid 3.4 and above, but NS 6.7 final uses Squid 3.3. Disabling disk chaching doesn’t help. I added some url i found in that article on squid-chache.org Squid FAQ Windows Update in /etc/squid/acls/ssl_bypass.acl and did “service squid restart”, but that doesen’t help ether.
Can anybody please help me, because i want SSL enabled, to block facebook and co. Thank you.
EDIT: No one can give me a hint?
Maybe someone can help me think. In squid.conf there is “ssl_bump none bypass_ssl”. So every url witch is in this acl is bypassed. This acl is in /etc/squid/acls/ssl_bypass.acl. Bypass means that there will be no decryption. So there shouldn’t be a problem with ssl-certificates, right? So the problem itself must be a url that isn’t in this acl?? Has anyone recognised that MS has change update-urls?
I had the same error today. I had 7 PCs to install from scratch with Win 7 Pro; I have installed one of them with full updates and then I have cloned the HDDs; One of the PCs had the date in BIOS set to november 2016 …
Yes. The certificate is installed as “trustet authorities”.
Do you know where the difference between “config setprop squid SSLBypass” and the acl stored in /etc/squid/acls/ssl_bypass.acl" ? Every url stored in that acl should bypass ssl-proxy?
EDIT: Just recognised that the db-property squid SSLBypass ist the custom part auf the templatepart “30custom”
I love the dolomits too, but ufortunatrly i wasn’t there for skiing yet. I’m often there for motocycling. Falzarego, Pordoi, Ronde Sella, passo Giau, etc. I love that mountains.
I’m completely confused! I made 4 firewallobject for the server noted in wuredir.xml. (IP 65.52.108.153 / 207.46.114.58 / 104.96.91.34 / 65.54.226.187) and included them in a hostgroup. Then i gave the proxy this group as sites with out proxy.
Update work for exactly 1 time. But now i can’t reproduce.
Going for weekend!! Next work on monday. Need some time to think.
I wish the “Microsoft-Free-Office” comes true soon!
@GG_jr Unfortunaltely weekend didn’t last that long…
I found a workaround, but i don’t understand why. When i define a proxy server in internetoptions (connections/lan…) updates are working. I configured nethserver-proxy as transparently with ssl. My config in windows network is “workgroup”. No PDC. Any hint why internetoptions need to be configured with proxy? It seems that only winupdate need that. Any other http-connections seem to work.
Many thanks. Ralf
You’re welcome!
I’m glad that you solved the problem!
If I understand well, the windows update works with transparent proxy with ssl on NS and with proxy server defined in browser options. I’m I right?
As we seen on microsoft sites, there are downloads sites with HTTP and with HTTPS. I think they forced the download access to HTTPS.
The same thing is with google, facebook and I think and with other sites. Even if you type in browser www or http://…, the sites are opened with HTTPS.
Yes, Gabriel you understand right. I red on a microsoft site something about this failure and that a proxydifinition with netsh winhttp would help. But that didn’t work. So i tried it with internet options and that worked. I recognised that the dwonload is forced to https. But why all other https-sites are working exept, win-update is a mirakle to me.
Nevertheless i will mark this thread as solved. Have a nice time and thaks.