So back to the Windows Update I went. I was eventually able to get the update software to load. That’s the software that scans your system to see if you need any updates. Sure enough it said there were 3 “critical” updates I needed to install. So install I did, or tried to. When I told it to install, I received a dialog box that showed two progress bars, one for the download, and the other for installation. The download progress bar would move, ever so slowly, and would eventually appear to complete. The installation progress bar would never even start. Plus, until I rebooted my system, I couldn’t really exit out of the process. I could run other stuff, but I couldn’t close the update program.

At first I thought this was due to the fact that my installation had been an update from a Beta. But then I installed it fresh on a new machine. It didn’t work there either. At various Microsoft seminars I’d mention that I was unable to use the Windows Update feature and all I’d get was strange looks and shrugs. One Microsoft Technology Specialist promised that if I’d e-mail him, he’d send me the answer. Well, several weeks later, he responded and told me to be sure I was using the Firewall Client, which I had already told him I was.

The Firewall is a key element here however. One of my workstations has a modem installed. I found that if I connected to the Internet via the modem, I was able to run the update. Hurray! I was now at least able to do the update, albeit a bit slow. But that was just on the one machine. As any regular reader of my column knows, I run on a network and my Internet access is through my server using Microsoft’s Internet Security and Acceleration Server, ISA. My other workstation had no modem and no update. Apparently the ISA firewall was blocking me. Then my good friend, PC Alamode columnist, and fellow Saturday morning Geek, Shane Hicks, who’d been frustrated with a similar problem with Norton Antivirus updates, came up with the answer.

It seems that ISA really is a great firewall program. Nothing in or out unless you tell it to. Apparently ISA needs to be told to allow the kind of stuff that the Windows Update for XP requires. (NONE of the Windows Updates on any other OS has ever given me this problem.) Shane sent me instructions for letting NAV update and it worked for Windows Update. 

Basically what you do is create a Client Address Set in ISA and allow it to communicate with HTTP and FTP. To do this, open up the ISA Management Console and go to Policy Elements under your server. From here select Client Address Sets and right click selecting New, Set… Give the new set a name like “Everyone” and select the IP addresses of the clients you want to use this feature. I simply opened up my entire network by specifying 192.168.1.1 through 192.168.1.255. That pretty much covers the waterfront on my network. If you are running Small Business Server, there is already a Client Address Set called “Everyone”’ which covers your entire network so you could skip this step.

Next you need to go to the Access Policy section of ISA Management and select Protocol Rules.  Right click and select New, Rule. The wizard asks for a name. I called mine Update Rule. Then you tell it to “Allow’ clients” requests and hit Next. The next step allows you to select the specific protocols to apply the rule to. Here specify HTTP and FTP (hmmm, thought I could already do that). Then you can tell it when to allow it, probably “Always”. The next screen asks what requests (who) to apply the rule to. Here specify the “Specific computers (Client Address Set)” we created earlier. Add your client address set (Everyone) on the next screen, hit next and then Finish and you’re done. 

I made a point of stopping and restarting the ISA and Firewall services but I’m not sure whether that’s necessary. Now your clients should be able to merrily update their Windows XP Professional at will.