.. on Windows XP Pro (volume licence).

The PCs are configured to use an HTTP proxy (squid) for Internet access and there is no NAT. (but global-unicast IPv6 connectivity is present, this network is more tightly controlled than most.)

Despite being configured to use the proxy, Windows Update is still trying to use NAT to download updates and about 10 TCP-SYN (half-open connection) to microsoft's update servers will time-out before it will even begin to use the proxy to download the updates. as a result updating stalls for 10 minutes while these connections time out.

I called Microsoft about this, they were not very helpful and diddn't like being told something might be wrong with their product. They told me there was a problem on my proxy - which there is not - and tried to charge me $500 for further support :-\

I would prefer not to let these computer have NAT access to the Internet because of the risk of unauthorised connection out. These are library computers that should only be used for searching a catalog.

This isn't a serious problem just an annoyance because Updating still works (eventually). I just have to start the updates, make some coffee while the attempted NAT connections timeout, then the updates will start rolling in.

Is there a solution to this? I've looked on Microsoft's knowledge base to no avail.