WUS / WSUS failing behind SonicWall

One of my SBS 2008 sites has had a problem since installation where Windows Update Services (WUS / WSUS) has been advising there are updates for client machines, but these updates have been stuck in a pending state – the client machines also never receive their updates.

Investigation revealed the following error in the Application Log:

Source: Windows Server Update Services
Event ID: 364
Description: Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.

This particular client uses a SonicWall TZ150 firewall appliance. The Gateway Antivirus feature is the culprit. To enable the HTTP Byte-Range protocol header, and allow WUS to download the updates into the repository, do the following:

  1. Log in to your SonicWall
  2. In the address bar you should have something similar to “http://10.0.0.1/main.html“. change “main” to “diag” (Should read similar to “http://10.0.0.1/diag.html“)
  3. Click “Internal Settings” on the left-hand navigation bar
  4. Check the box next to “Enable HTTP Byte-Range requests with Gateway AV” (approximately 2/3 down the page)
  5. Click “Apply” in the top right corner of the screen
  6. Click “Close” in the bottom left of the screen.
  7. WSUS should shortly begin downloading updates – to confirm, open the “Windows Server Update Services 3.0 SP1” management console from Administrative Tools.

Thanks to ComputerX’s post on the WSUSWiki for this info.