Why read this post?

  • The CentraStage patch management feature may need some additional WinHTTP proxy settings to work correctly when connecting through a proxy server
  • The following post details the addition and removal of WinHTTP proxy settings as well as how to do this using by using a ComStore component

For a more detailed overview of the topics covered in this blog post please visit http://support.microsoft.com/kb/900935

The CentraStage patch management feature interacts directly with the Windows Update Agent (WUA) API and as a result relies on the WinHTTP proxy settings that are configured within Windows.

Often you will find that in fact no WinHTTP proxy settings have been set up as Windows Updates is normally run from within a user session. This means that it can inherit the proxy settings as configured from within Internet Explorer.

When the WUA is called by CentraStage from the Local System account it doesn’t have the luxury of having the Internet Explorer proxy settings to draw upon and therefore cannot find a valid route out onto the internet.

The symptoms that you would see within CentraStage patch management are that the lists of installed/missing patches audited do not match the list displayed when running Windows Updates locally on the target device. Typically there would be a lot less packages displayed in the CentraStage audit.

As a result it is necessary to explicitly declare the proxy name and port that you want to use in this situation.

There are two commands that allow the proxy name and port to be set depending on the type of operating system that you are running:

XP/2003

proxycfg -p {proxyservername}:{portnumber}

Vista/7/2008

netsh winhttp set proxy {proxyservername}:{portnumber}

Removing a configured proxy can be done by using the following commands depending on your target operating system:

XP/2003

proxycfg -d

Vista/7/2008

netsh winhttp reset proxy

As this could be considered a bit of a pain to work out which of the two commands to use on your target devices, I’ve made a pair of components which make the decisions for you which are both available in the ComStore.

WinHTTP Proxy (Add)

This component will add a system level proxy setting on the target device. The Microsoft Windows Update client requires Microsoft Windows HTTP Services (WinHTTP) to scan for available updates. Microsoft Windows HTTP Services run independently of Microsoft Internet Explorer and cannot auto detect proxy settings that may have been set from within a user account. Please see http://support.microsoft.com/kb/900935 for further details

WinHTTP Proxy (Remove)

This component will remove a system level proxy setting on the target device. The Microsoft Windows Update client requires Microsoft Windows HTTP Services (WinHTTP) to scan for available updates. Microsoft Windows HTTP Services run independently of Microsoft Internet Explorer and cannot auto detect proxy settings that may have been set from within a user account. Please see http://support.microsoft.com/kb/900935 for further details

All you need to do is specify the {proxyservername} and {portnumber} as input variables at run time and the components will make the decision as to use either the PROXYCFG or the NETSH command to achieve the desired results in your environment.