I have a few servers trying to patch through the gateway and we discovered an issue this morning preventing these servers from downloading the updates. WIthin our environment, we have two domains which I'll call DOMAIN1.CA and DOMAIN2.XY.CA and here is a summary of our config:
1. Agent configuration has core specified as LDSERVER.DOMAIN1.CA
2. Patch manager configuration has the web URL for clients to access patches specified as http://LDSERVER.DOMAIN2.XY.CA/LDLOGON/Patch
3. We run a batch file on the servers outside the gateway to do the patching.
With the above settings, the servers are able to run a vulscan successfully. However running the batch file results in a "Failed to download updates from http://LDSERVER.DOMAIN2.XY.CA/LDLogon/Patch/" If I change the patch location to be http://LDSERVER.DOMAIN1.CA/LDLOGON/PATCH/, then it works.
Basically, if I use the same domain as specified in the agent config, it works. Now I could change it, but we have been patching like this for sometime and I'm afraid I'll break more than I'll fix if I do this. So I'd prefer to figure out if there is a way to correct this some other way. Is there a gateway config setting? Or is this purely a DNS issue for our servers outside the gateway?
Any info/input would be appreciated.