Greetings,

Like many of you, I've been struggling with getting Windows Update to work
through my proxy with XP SP2 machines.

Iíve seen Craigís Tip #29 (http://nscsysop.hypermart.net/winupdat.html)
and was able to see (with a "netstat Ėan") that the Windows Update process
was indeed bypassing my proxy configuration and attempting to connect
directly.

Iíve found a solution (for me) and would like to see if it works for
everyone else:
proxycfg -p "http://192.168.100.100:8080"

The problem appears to stem from the new WinHTTP Proxy Configuration
Utility, "proxycfg.exe", and the fact that it does not (by design!)
support "proxy.pac" configuration scripts. So, while my IE clients are
auto-configuring with my "proxy.pac" file, this "proxycfg.exe" beastie was
ignoring that completely, and trying to connect directly.

For example, when I type "proxycfg Ėu", which is supposed to "import proxy
settings from current user's Microsoft Internet Explorer manual settings
(in HKCU)", it returns:

************************************************** ********************
C:\>proxycfg -u
Microsoft (R) WinHTTP Default Proxy Configuration Tool
Copyright (c) Microsoft Corporation. All rights reserved.

Updated proxy settings
Current WinHTTP proxy settings under:
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\
WinHttpSettings :

Direct access (no proxy server).
************************************************** ********************

This is, of course, wrong, but shows why Windows Update was connecting
over port 80.

When I manually set "proxycfg.exe" to talk to my BorderManager server, it
works correctly:
************************************************** ********************
C:\>proxycfg -p "http://192.168.100.100:8080"
Microsoft (R) WinHTTP Default Proxy Configuration Tool
Copyright (c) Microsoft Corporation. All rights reserved.

Updated proxy settings
Current WinHTTP proxy settings under:
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\
WinHttpSettings :

Proxy Server(s) : http://192.168.100.100:8080
Bypass List : (none)
************************************************** ********************

This setting does seem to survive reboots, so I probably just need to
include it as part of my "standard image", but Iím also thinking of
putting it in my login script (perhaps right before clntrust.exe,
hmmmmÖ..) to catch the people Iíve missed.

Please let me know what you see,

Scott Stowers
Manager, IT
Plastic Suppliers, Inc.

PS: More info on the WinHTTP Proxy Configuration Utility can be found
here: http://msdn.microsoft.com/library/de...l=/library/en-
us/xmlsdk/html/serverxmlhttpproxy.asp