SUS in DMZ

I've got two windows 2003 servers, one in the main local network, one on the
mail server in the DMZ, which I use to test distributions before releasing
them on the main one.

Suddenly I'm unable to access the SUSAdmin site on the server in the DMZ (an
"orange" sort of zone) from the local ("green") zone. It sort of half loads
the page layout, but not the pane on the right. Instead it keeps asking me
for the password. After three attempts it fails that pane.

I've tried by netbios name, dns name and ip address, all with the same
result.
If it's of any consequence, the internal SUS server is in AD, the one in the
DMZ is not, because I can't replicate across the firewall.

I try to RDC to the DMZ server and run it on http://127.0.0.1/susadmin,
where after entering the password, it just leaves a blank page frame, only
this big:

<meta http-equiv="refresh"
content="0;url=/autoupdate/administration/en/default.asp" />
</HEAD>
<BODY>
</BODY>
</HTML>

How can I get this thing to work?

Also, as another point, does SUS use signed checking? That is to say, I'd
like the internal SUS server to take updates from the one in the DMZ, and be
sure they're untampered with.
Because I can't access the internal one from the DMZ without making pinholes
which would defeat the purpose of a DMZ.

--
Dave Harry

Have you or someone else been altering the security settings in IIS?



"Dave Harry" <(E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
> I've got two windows 2003 servers, one in the main local network, one on
> the
> mail server in the DMZ, which I use to test distributions before releasing
> them on the main one.
>
> Suddenly I'm unable to access the SUSAdmin site on the server in the DMZ
> (an
> "orange" sort of zone) from the local ("green") zone. It sort of half
> loads
> the page layout, but not the pane on the right. Instead it keeps asking me
> for the password. After three attempts it fails that pane.
>
> I've tried by netbios name, dns name and ip address, all with the same
> result.
> If it's of any consequence, the internal SUS server is in AD, the one in
> the
> DMZ is not, because I can't replicate across the firewall.
>
> I try to RDC to the DMZ server and run it on http://127.0.0.1/susadmin,
> where after entering the password, it just leaves a blank page frame, only
> this big:
>
> <meta http-equiv="refresh"
> content="0;url=/autoupdate/administration/en/default.asp" />
> </HEAD>
> <BODY>
> </BODY>
> </HTML>
>
> How can I get this thing to work?
>
> Also, as another point, does SUS use signed checking? That is to say, I'd
> like the internal SUS server to take updates from the one in the DMZ, and
> be
> sure they're untampered with.
> Because I can't access the internal one from the DMZ without making
> pinholes
> which would defeat the purpose of a DMZ.
>
> --
> Dave Harry
>
>

I wouldn't think so. Which security settings in particular should I look
for?

--
Dave Harry

"Michael Kleef [MSFT]" <(E-Mail Removed)> wrote in message
news:%23nqjE$(E-Mail Removed)...
> Have you or someone else been altering the security settings in IIS?
>
>
>
> "Dave Harry" <(E-Mail Removed)> wrote in
> message news:(E-Mail Removed)...
> > I've got two windows 2003 servers, one in the main local network, one on
> > the
> > mail server in the DMZ, which I use to test distributions before
releasing
> > them on the main one.
> >
> > Suddenly I'm unable to access the SUSAdmin site on the server in the DMZ
> > (an
> > "orange" sort of zone) from the local ("green") zone. It sort of half
> > loads
> > the page layout, but not the pane on the right. Instead it keeps asking
me
> > for the password. After three attempts it fails that pane.
> >
> > I've tried by netbios name, dns name and ip address, all with the same
> > result.
> > If it's of any consequence, the internal SUS server is in AD, the one in
> > the
> > DMZ is not, because I can't replicate across the firewall.
> >
> > I try to RDC to the DMZ server and run it on http://127.0.0.1/susadmin,
> > where after entering the password, it just leaves a blank page frame,
only
> > this big:
> >
> > <meta http-equiv="refresh"
> > content="0;url=/autoupdate/administration/en/default.asp" />
> > </HEAD>
> > <BODY>
> > </BODY>
> > </HTML>
> >
> > How can I get this thing to work?
> >
> > Also, as another point, does SUS use signed checking? That is to say,
I'd
> > like the internal SUS server to take updates from the one in the DMZ,
and
> > be
> > sure they're untampered with.
> > Because I can't access the internal one from the DMZ without making
> > pinholes
> > which would defeat the purpose of a DMZ.
> >
> > --
> > Dave Harry
> >
> >
>
>