none
Connexions to ctldl.windowsupdate.com RRS feed

  • Question

  • Hello,

    Our network service asks me about connections to ctldl.windowsupdate.com

    All connections to Microsoft update sites are blocked by the firewall of our network and all the denieds connections to ctldl.windowsupdate.com fill the logs of the network service.

    We use WSUS servers for updates and the GPO for the WUServer registry keys is functional. Despite this, the computers continue trying to join Windows Update sites.

    The addresses that the computers attempt to join are the following (the sequence of x is a variable alphanumeric string):

    Http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?xxxxxxxxxxxxxxxx

    Http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?xxxxxxxxxxxxxxxx

    By doing some research, it would seem that the responsible is Internet Explorer and the option "Verify revocation of server certificates" but even by disabling the option (and also the revocation of the publisher's certificates), communications persist (tests with Wireshark).

    I also tried to follow the resolution in this article https://support.microsoft.com/en-us/help/2677070/ but it does not change anything.

    Could anyone help me?

    Thank you in advance,

    Pierre NICHELE
    Wednesday, May 3, 2017 8:42 AM

Answers

All replies