WPAD DNS make Windows Updates stuck (win10)

Discussion room for Proxy Server package
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
ABM
I'm New!
I'm New!
Posts: 4
Joined: Wed Mar 02, 2016 12:37 am

WPAD DNS make Windows Updates stuck (win10)

Postby ABM » Thu May 26, 2016 1:00 pm

Dear all,

We try to deploy the proxy server in our little environment here. One of the things that 'broke' was Windows updates. Each time you click on windows update (under Windows 10) it seems to never download anything or gives all kind of errors.

Previously I used to share the proxy discovery by
1) DHCP wpad --> extended option 252
2) create a dns record (cname) wpad.domain.lan

I have made numerous attempts to adapt and extent the wpad.dat file, but didn't help. Out of frustration I removed the extended option 252 in the dhcp. This didn't solve the 'issue' with updates. While I try many things to 'fix' the windows updates on our local machines, it seems that the culprit was the dns records. When I removed it from the dns server, and the dns was expired from the local computers, Windows update started to work 'normally' again.

Now I am testing the proxy server without dhcp. I just configured 2 pc's with manual proxy setting pointing to the proxy server. It all seems to work fine.

Anyone have any idea why a dns wpad record can obstruct windows updates?


Thanks!

ABM
z3r03d
Student
Student
Posts: 68
Joined: Tue Aug 20, 2013 11:27 am

Re: WPAD DNS make Windows Updates stuck (win10)

Postby z3r03d » Thu May 26, 2016 4:28 pm

Hi

What is the content of your WPAD.DAT File?
DS1812+ & DS213j
QNAP TS-212 & TS-653 PRO & TS-853 PRO
PROMISE SMARTSTOR NAS NS4700 x2
NetGear STORA x2
ABM
I'm New!
I'm New!
Posts: 4
Joined: Wed Mar 02, 2016 12:37 am

Re: WPAD DNS make Windows Updates stuck (win10)

Postby ABM » Fri May 27, 2016 5:46 pm

Hello,

I used two types, simple/standard and elaborated, but both didn't work (with DHCP wpad, but manual proxy setting did work as explained)

simple

Code: Select all

function FindProxyForURL(url, host)
{
        return "PROXY 192.168.0.80:3128; DIRECT";
}


elaborated

Code: Select all

function FindProxyForURL(url, host) {
           
// Updates are directly accessible //support.google.com/drive/answer/2589954
    if (((localHostOrDomainIs(host, "www.google.com:443")) ||
      (localHostOrDomainIs(host, "accounts.google.com:443")) ||
        (localHostOrDomainIs(host, "googledrive.com:443")) ||
        (localHostOrDomainIs(host, "drive.google.com:443")) ||
      (localHostOrDomainIs(host, "*.drive.google.com:443")) ||
        (localHostOrDomainIs(host, "docs.google.com:443")) ||
        (localHostOrDomainIs(host, "*.docs.google.com:443")) ||
      (localHostOrDomainIs(host, "*.c.docs.google.com:443")) ||
        (localHostOrDomainIs(host, "sheets.google.com:443")) ||
        (localHostOrDomainIs(host, "slides.google.com:443")) ||
      (localHostOrDomainIs(host, "talk.google.com:5222")) ||
        (localHostOrDomainIs(host, "gg.google.com:443")) ||
        (localHostOrDomainIs(host, "script.google.com:443")) ||
      (localHostOrDomainIs(host, "ssl.google-analytics.com:443")) ||
        (localHostOrDomainIs(host, "video.google.com:443")) ||
        (localHostOrDomainIs(host, "s.ytimg.com:443")) ||
      (localHostOrDomainIs(host, "apis.google.com:443")) ||
        (localHostOrDomainIs(host, "*.googleapis.com:443")) ||
        (localHostOrDomainIs(host, "*.googleusercontent.com:443")) ||
      (localHostOrDomainIs(host, "*.gstatic.com:443")) ||
        (localHostOrDomainIs(host, "lh*.google.com:443")) ||
        (localHostOrDomainIs(host, "*.client-channel.google.com:443")) ||
      (localHostOrDomainIs(host, "clients[N].google.com:443")) ||
        (localHostOrDomainIs(host, "www.amaravati.org")) ||
        (localHostOrDomainIs(host, "update.microsoft.com")) ||
      (localHostOrDomainIs(host, "*.update.microsoft.com")) ||
        (localHostOrDomainIs(host, "download.windowsupdate.com")) ||
        (localHostOrDomainIs(host, "*.download.windowsupdate.com")) ||
      (localHostOrDomainIs(host, "download.microsoft.com")) ||
        (localHostOrDomainIs(host, "*.download.microsoft.com")) ||
        (localHostOrDomainIs(host, "windowsupdate.com")) ||
      (localHostOrDomainIs(host, "*.windowsupdate.com")) ||
        (localHostOrDomainIs(host, "ntservicepack.microsoft.com")) ||
        (localHostOrDomainIs(host, "wustat.windows.com")) ||
      (localHostOrDomainIs(host, "login.live.com ")) ||
        (localHostOrDomainIs(host, "mp.microsoft.com")) ||
        (localHostOrDomainIs(host, "*.mp.microsoft.com")) ||
        (localHostOrDomainIs(host, "trust.zscalertwo.net")) ||
        (localHostOrDomainIs(host, "trust.zscloud.net")) )
        )
    return "DIRECT";

// FTP
   if (url.substring(0,4)=="ftp:") return "DIRECT";

// If the requested website is hosted within the internal network, send direct.
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.lan") ||
        shExpMatch(host, "*.local") ||      
        isInNet(dnsResolve(host), "192.168.0.0", "255.255.254.0") ||
        isInNet(dnsResolve(host), "192.168.1.0",  "255.255.254.0") ||
        isInNet(dnsResolve(host), "172.16.11.0",  "255.255.255.0") ||
        isInNet(dnsResolve(host), "172.16.12.0",  "255.255.255.0") ||
        isInNet(dnsResolve(host), "172.16.13.0",  "255.255.255.0") ||
        isInNet(dnsResolve(host), "172.16.14.0",  "255.255.255.0") ||
        isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
        return "DIRECT";

// If during the period 8am to 6pm, proxy1.example.com will be returned, otherwise
// users will go direct for any time outside this period.
 
//if (timeRange(8, 20)) return "PROXY 192.168.0.80:3128";
//    else return "DIRECT";


// DEFAULT RULE: All other traffic, use below proxies, in fail-over order.
    return "PROXY 192.168.0.80:3128; DIRECT";

}
z3r03d
Student
Student
Posts: 68
Joined: Tue Aug 20, 2013 11:27 am

Re: WPAD DNS make Windows Updates stuck (win10)

Postby z3r03d » Sat May 28, 2016 7:28 am

Hi

I've done all my Win10 upgrades on my network running the Synology Proxy and it worked for me. All my devices (Smart phone, Surface, Computer) are on the Proxy.

i have added DNS for WPAD and also ticked the "Enable Web Proxy Automatic Deployment" both on DHCP and PROXY SERVER.

I find that whenever I do changes, I would always RESTART my Synology BOX and RESTART my CISCO SWITCH. only then i can tell if the settings worked.

just to trouble shoot, can you ping your wpad from a CMD? Paste the result if you can.

I didn't have to use the below because my network is fine and works well.

maybe try to add

if (shExpMatch(url, "*microsoft.com*")) {return "DIRECT";}
if (shExpMatch(url, "*windows.com*")) {return "DIRECT";}

not sure what else win10 uses but if you have a look at syslog logs (or whatever you use to monitor your network traffic) you can easily identify it through the logs.

give it a try.
DS1812+ & DS213j
QNAP TS-212 & TS-653 PRO & TS-853 PRO
PROMISE SMARTSTOR NAS NS4700 x2
NetGear STORA x2
ABM
I'm New!
I'm New!
Posts: 4
Joined: Wed Mar 02, 2016 12:37 am

Re: WPAD DNS make Windows Updates stuck (win10)

Postby ABM » Sun May 29, 2016 2:18 pm

z3r03d wrote:Hi

I've done all my Win10 upgrades on my network running the Synology Proxy and it worked for me. All my devices (Smart phone, Surface, Computer) are on the Proxy.

i have added DNS for WPAD and also ticked the "Enable Web Proxy Automatic Deployment" both on DHCP and PROXY SERVER.

I find that whenever I do changes, I would always RESTART my Synology BOX and RESTART my CISCO SWITCH. only then i can tell if the settings worked.

just to trouble shoot, can you ping your wpad from a CMD? Paste the result if you can.

I didn't have to use the below because my network is fine and works well.

maybe try to add

if (shExpMatch(url, "*microsoft.com*")) {return "DIRECT";}
if (shExpMatch(url, "*windows.com*")) {return "DIRECT";}

not sure what else win10 uses but if you have a look at syslog logs (or whatever you use to monitor your network traffic) you can easily identify it through the logs.

give it a try.


Hello,

thanks for your advice. I have removed the wpad.domain.local out of the dns registers, and then it seemed to work. Out of curiosity, what do you have in your wpad? (anything extensive like mine, or you have the 'standard' wpad file?)
z3r03d
Student
Student
Posts: 68
Joined: Tue Aug 20, 2013 11:27 am

Re: WPAD DNS make Windows Updates stuck (win10)

Postby z3r03d » Tue Jun 07, 2016 12:56 pm

ABM wrote:Hello,

thanks for your advice. I have removed the wpad.domain.local out of the dns registers, and then it seemed to work. Out of curiosity, what do you have in your wpad? (anything extensive like mine, or you have the 'standard' wpad file?)


all good. glad i could help.

I too have an extensive wpad file like your one.

the only difference is at the end.

i have
return "PROXY 10.x.x.x:3128";
DS1812+ & DS213j
QNAP TS-212 & TS-653 PRO & TS-853 PRO
PROMISE SMARTSTOR NAS NS4700 x2
NetGear STORA x2

Return to “Proxy Server”

Who is online

Users browsing this forum: No registered users and 1 guest