Fix ISA Server Update Status on SBS Management Console By Robert Pearman sbs management console, isa 2006, updates If you have installed ISA Server 2006 into your SBS Server network, you may notice on the SBS Console, Updates page that the ISA Server’s update status is Unknown. That is no good because we need to be able to have this information in our console. Otherwise we will need to actually logon to the ISA Server every time we want to check the update status. So, what is wrong? ISA Server is configured to connect to the SBS Server on TCP port 8530 for updates, and to update the SBS with it’s status. By default this is an unknown protocol and ISA will block this traffic. We must create a custom protocol and an access rule to allow this traffic to the SBS Server. Open up ISA Server Management, go to the firewall Policy and click Toolbox. On the toolbox click Protocols. Click new, Protocol. Name your new protocol, I am naming mine ‘SBS WSUS Protocol’ then click Next. On the primary connection information page, click New. Enter in the port number required. In this case From : 8530 To : 8530, leave it to Outbound and then click Ok. The protocol information is now displayed in the list, click Next. Select No – you do not want any secondary connections. Click Next. Click Finish to finish creating your protocol. Now your custom protocol appears in the list. Now we must add a new access rule to allow this protocol from the ISA Server to the SBS Server. Right Click Firewall Policy, click New > Access Rule Name your rule, I am naming my rule ‘SBS – ISA to WSUS Access Rule’ click Next. Set the rule to Allow, and click Next. Next we need to add the protocol, Click Add, expand ‘User Defined’ and select ‘SBS WSUS Protocol’ then click Add. Then Click Close. Click Next. Now we must add the access rule source. click Add, expand Networks, click Local Host and click Add. Then click Close. Then click next. On the access rule destinations page we must add the SBS2008Server computer object. This ensures that this traffic will only be allowed to go to the SBS Server. Click Add, Expand Computers, select sbs2008server, and click Add. Click Close and then click Next. Accept the default ‘All Users’ on the next page, and click next. Review your rule settings and click Finish to save your rule to the firewall policy. Click Apply to save your changes. Now we must initiate the Windows Update client software. Click Start > Run > CMD and in the CMD window enter ‘wuauclt.exe /detectnow’ this forces the WUAU client software to check for new updates and refresh it’s information with the WSUS Server. If we now go back to our SBS Server console, switch to the updates tab, you should now see the ISA Server report it’s update status.