Why can't I get Windows or Office 2010 updates?

Article #: Product Castle
1074 All All


Windows Update client does not fully support Microsoft's NTLM protocol.


I am using NTLM or Proxy authentication on Guardian, and Windows Office 2010 updates do not work. What can be done?

Windows updates and Office 2010 do not support the NTLM authentication protocol.


  1. Add the following to authentication exceptions:
    • SSL/CRL
    • Software Updates
  2. Create the following web filter policy:
    • Who: Everyone
    • What: SSL/CRL, Software Updates
    • Where: Everywhere
    • When: Always
    • Action: Whitelist
  3. Move the policy you created up the Web filter policies table until it is above any block or blanket block in place for the Unauthenticated IPs group. You may have this group in a policy folder in position 2 in the table by default if you did not have Unauthenticated IPs allowed to use the web proxy prior to migrating.

If you continue to experience issues, filter the Web filter logs by the IP of a test client and attempt to open the site or application. Add the domains that appear in the Web filter logs to the authentication exceptions. You may need to create a custom category for these domains first.


Last updated: Author: Contributions by:
30 August 2016   Tanja