User profile for user: MRCUR
MRCUR Author
User level: Level 2
426 points

Software Update Server with Proxy

Hi Everyone,

I'm trying to get the SUS server running on our 10.5.7 server for our Mac clients. Is it true that SUS does NOT support running through a proxy server? I have the proxy settings set manually in the network settings on the server (I'm using the two NICs bound together) - I have it set to bypass the proxy for http://FQDN:8088 and https://FQDN:8088 (where FQDN is the server).

When I start the SUS service the log shows that it cannot contact Apple to get the update list. At one point it apparently got the list as there are a whole list of updates but only 10 downloaded (the oldest 10 - I manually tried to download a few and it would not happen).

Any ideas?

Thanks,
-MRCUR

Posted on Jul 14, 2009 11:58 AM

Reply
11 replies
User profile for user: Mabel O'Farrell
Mabel O'Farrell
User level: Level 3
975 points

Jul 17, 2009 7:15 AM in response to MRCUR

SUS will not function through a proxy that requires authentication. If you want this to work without tearing your hair out, you must configure your proxy server to allow the IP address of _*the server that is running SUS*_ to be allowed to bypass the proxy server or to have the IP address of _*the server that is running SUS*_ be whitelisted in the proxy server configuration for outbound requests. You cannot whitelist the IP addresses of the Apple SUS masters as they can and do change. Often.

Users on this thread:

http://discussions.apple.com/thread.jspa?threadID=2047169&tstart=0

have been battling this at their sites with respect to proxy servers and SUS. One proposed solution -that has yet to be proven- is to use a program called ' Authoxy'. This software seems to have been written with client systems in mind and nowhere is it documented to work -or not work- properly with OS X Server.
Reply
User profile for user: MRCUR
MRCUR Author
User level: Level 2
426 points

Jul 20, 2009 10:38 AM in response to Mabel O'Farrell

Hi Mabel,

Our proxy server (which is a Novell BorderManager box) does not require authentication. I've tried giving the server an external IP address and running it directly to our T1 switch with no luck - it refuses to connect to the Internet at all. This makes no sense to me, but I'm not sure if it's really related to the issue.

I checked to be sure that I can get to the site which is failing directly in Safari and I can. I see the plist file just fine so it's not being blocked by our filter (an 8e6).

Any other ideas? I'm about to just move on with the rest of what I need the server to do since we're running out of time in the summer.

Thanks,
-MRCUR
Reply
User profile for user: Mabel O'Farrell
Mabel O'Farrell
User level: Level 3
975 points

Jul 20, 2009 11:31 AM in response to MRCUR

What you want to achieve here is a bypass of the proxy -and since you're using an 8e6 device you'll want to bypass that, also- which will require some changes to the configuration so that your server's IP number and FQDN are not subject to the rules on the proxy. The configuration of the 8e6 device would have to go along the same lines. Allow all access to any Apple URLs and networks from the server's IP and FQDN.

The other thing that might have to be done is to turn off any 'content accelerators' or caching engines on a selective basis -if that's even possible with the Novell device. Sometimes caching engines can cause downloads to not complete properly -which would indicate a problem with the cache controller- which can cause the server to fail on downloads of packages.
Reply
User profile for user: MRCUR
MRCUR Author
User level: Level 2
426 points

Jul 21, 2009 11:40 AM in response to Mabel O'Farrell

I've already tried those things and it's still a no go. I'm guessing this is just an issue with SUS and proxies at this point since I've read other places about these same issues. It's not a huge deal for the Macs to be installing the updates themselves, it's just a strain on our bandwidth at times.

Thanks for your assistance Mabel.

-MRCUR
Reply
User profile for user: Richard Cartledge
Richard Cartledge
User level: Level 2
449 points

Aug 7, 2009 3:16 AM in response to MRCUR

Same problem here, we have been running it through a proxy since 10.5, and now not sure whether it was 10.5.7 or 10.5.8 or some update in between, but the server will not pick updates up from Apple.

The SUS connects through a proxy. It works fine on another XServe with the same software which doesn't go through the proxy, so I have set clients to get their updates from that one.

It is also possible that my proble with SUS was because it was setup on a server running 10.5.7 rather than on an older version subsequently updated to this. As the problem coincided with me doing a clean install of all our servers.
Reply
User profile for user: MRCUR
MRCUR Author
User level: Level 2
426 points

Aug 7, 2009 4:55 AM in response to Richard Cartledge

10.5.7 could definitely be the issue. I never had the SUS running before .7 since I would always update everything before setting up the services. I just updated to .8 yesterday with the downloaded update but I probably won't be trying SUS again until someone can get it working through a proxy.

That said, we are hopefully dumping the entire proxy itself soon since it's causing too many headaches. And we want every Novell product gone.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Software Update Server with Proxy

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up