Configuring Microsoft Internet Information Services for endpoint updating

  • Article ID: 38238
  • Rating:
  • 17 customers rated this article 3.6 out of 6
  • Updated: 30 Jan 2014

This article details the minimal number of steps required to enable your endpoint computers to update via HTTP using Microsoft Internet Information Services (IIS).  

By default endpoints are configured to update using a UNC path however you can configure what we will refer to as a 'Web CID' (Central Installation Directory) to enable endpoints to update using HTTP.

Note:

  • Before you create a Web CID you must configure Sophos Update Manager (SUM) to create a software distribution point to be shared out by IIS.
  • This article provides basic setup of a Virtual Directory under the Default Website using port 80.
  • The Web CIDs are configured for 'anonymous' access by default.  Sophos AutoUpdate supports the following HTTP authentication types:
    • Basic
    • NTLM (v1 and v2)
    • Digest (AutoUpdate may fail to update with digest authentication on some web servers)
  • The steps below configure the web server to allow all file types to be downloaded from IIS, this ensures that if new file types are added to a package they are not blocked.  If you prefer to configure each MIME type individually you can do so.
  • When installing IIS 7+, if you enable the component 'Request filtering', then packages with a 'bin' directory in the path or '++' in the file name, such as Linux packages, will fail to download and will give a 404.8 HTTP error. See Microsoft article: Error message..."HTTP Error 404.8 – HIDDEN_NAMESPACE" for more information.

Known to apply to the following Sophos product(s) and version(s)

Sophos Update Manager

What To Do

Please follow the steps below for your version of IIS.

Creating a Web CID on IIS 7.0 / 8.0

The following instructions are for configuring a Web CID on Microsoft Internet Information Server version 7.0 on Windows Server 2008 using a Virtual Directory.

  1. Open Internet Information Services (IIS) Manager.
  2. In the left pane, expand the ‘Server’ configuration by clicking on the arrow symbol.
  3. In the left pane, expand the ‘Sites’ configuration by clicking on the arrow symbol.
  4. Right-click on ‘Default Web Site’.
  5. Select ‘Add Virtual Directory’.
  6. In the ‘Alias’ field type: SophosUpdate.
  7. In the ‘Physical path:’ field Click on the ‘…’ button and browse to: "C:\ProgramData\Sophos\Update Manager\Update Manager".
    Note: To ensure the directory can be browsed to, you will have to ensure: "Show hidden files, folders, and drives" is enabled.
  8. Click on 'OK'.
  9. In the left pane, expand the ‘Default Website’ configuration by clicking on the arrow symbol. 
  10. Select the newly created ‘SophosUpdate' virtual directory.
  11. Double-click on the 'MIME Types' icon in the center pane.
  12. In the 'Actions' pane on the right, click on 'Add'.
  13. In the ‘File name extension’ field type: *
  14. In the 'MIME type:' field type: application/octet-stream
  15. Click OK
  16. Close IIS Manager.

Creating a Web CID on IIS 6.0

The following instructions are for configuring a Web CID on Microsoft Internet Information Server 6.0 on Windows Server 2003 using a Virtual Directory.

  1. Open Internet Information Services (IIS) Manager.
  2. In the left pane, expand 'Web Sites' by clicking on the plus (+) symbol.
  3. Right-click on 'Default Web Site'.
  4. Select 'New Virtual Directory'.
  5. Click ‘Next’ in the 'Virtual Directory Creation Wizard' dialog box.
  6. In the 'Alias' field type: SophosUpdate.
  7. Click 'Next'.
  8. Click 'Browse'.
  9. Browse to "C:\Documents and Settings\All Users\application data\Sophos\Update Manager\Update Manager\".
  10. Click 'OK'
  11. Click 'Next'.
  12. In the 'Virtual Directory Access Permissions' dialog box ensure that 'Read' is selected.
  13. Click 'Next'.
  14. Click 'Finish'.
  15. In the left pane right-click on 'SophosUpdate'.
  16. Select ‘Properties’.
  17. Remove the tick mark next to 'Log visits' and 'Index this resource'.
  18. In the 'SophosUpdate Properties' dialog box, click on the 'HTTP Headers' tab.
  19. Click on 'MIME Types'.
  20. In the 'MIME Types' dialog box click 'New'.
  21. In the 'MIME Type' dialog box in the 'Extension' field type: .*
  22. In the 'MIME type' field type: application/octet-stream.
  23. Click 'OK'.
  24. Click 'OK'.
  25. Close 'IIS Manager'.

Configure Updating Policies

  1. Open the Sophos Enterprise Console.
  2. Open the Updating Policy that you want to configure.
  3. Click on the ‘Initial Install Source’ tab.
  4. Remove the tick mark from 'Use primary server address'.
  5. Click on the 'Primary Server' tab.
  6. Modify the 'Address' to reflect the new Web CID. E.g.:
    http://[servername]/SophosUpdate
    Click 'OK' to save the Updating policy.

Note:

  • We highly recommend that you test downloading a couple of files from the web CID using a web browser, this will ensure that IIS is configured correctly.  A good test would be to download a DLL file.
  • To initially protect clients that are configured to use a http updating address see: Deployment to endpoints from web folder fails with no error message

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments