cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1669
Views
0
Helpful
5
Replies

NAC using WSUS server

ralicaway
Level 1
Level 1

Hi,

Does anyone know how to use WSUS Server in NAC Appliance. I can able to authenticate in the network with the clean access agent. But everytime I used the WSUS requirement it pass through from normal login role to temporarily role for remediation. Im using a WSUS server. So it will lookup to WSUS requirement but the problem I cannot able to remediate using it, I got error message. Do I need to allow some ports in the network to make it work? What ports do I have to open? Please see attachment. Thanks.

Regards,

Richard

1 Accepted Solution

Accepted Solutions

Richard,

When you use WSUS with NAC, all the NAC agent does is to tell the Windows Update agent to go update itself. Now it depends on the WSUS setting on the client where it will go to check for updates. If you have it configured for MS servers, it will go talk to them. If you have your clients configured for internal WSUS server, it will check in with them.

Here are details on how to set the registry keys for both scenarios (AD and non-AD)

Non-AD: http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx

AD: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx

HTH,

Faisal

View solution in original post

5 Replies 5

Lauren Sullivan
Level 1
Level 1

Are you doing it against the Microsoft servers or an internal server?  If Microsoft, you'll want to allow access to the normal update servers.

The WSUS log is stored under %windir&/WindowsUpdate.log, so you can check that to see what errors WSUS itself is reporting.

Hi Lauren,

What do you mean by against the microsoft server? I have setup a microsoft server which I made it as a DC,DNS,DHCP and WSUS Server. I want my client users to authenticate to microsoft server as well as getting updates to the WSUS server. I dont know if my nac sever is communicating to the WSUS server for getting updates, it shows an error message to nac agent. Do you know how can I able to make my WSUS server and nac to work? Thanks a lot for the reply.

Richard

Richard,

When you use WSUS with NAC, all the NAC agent does is to tell the Windows Update agent to go update itself. Now it depends on the WSUS setting on the client where it will go to check for updates. If you have it configured for MS servers, it will go talk to them. If you have your clients configured for internal WSUS server, it will check in with them.

Here are details on how to set the registry keys for both scenarios (AD and non-AD)

Non-AD: http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx

AD: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx

HTH,

Faisal

Thanks Faisal, that really helps me to configure my WSUS server properly. Now the client workstation gets updates from the WSUS server.

One more question dude how about the anti-virus, currently I have setup an McAfee server. How will the client gets update to the AV server through NAC. What I saw from the manual of the nac there is no function of pointing  the AV rule to the AV server to gets update. Or just need to setup the requirement for the AV in the nac and the AV itself will be the one to  map to the AV server.. Please let me know about the function of it. Thanks.

Richard

Richard,

This again is the function of the AV program. The program has to know where to get its updates from. If it's a managed program then you can more than likely make it point to an internal AV server first, and then hit the internet.

Checking out the Mcafee documentation to see if they support such a thing would be a good place to start.

HTH,

Faisal

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: