This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

List of update server addresses

Question
0

Sign in to vote

I use the "Whitelist Only" option on OpenDNS. The feature blocks all websites except those listed under your "Never block" individual domains. Unfortunately, this also blocks Microsoft from updating. I need a list of the domains used by Microsoft to update Windows 10 and 365 to add to my "Never Block" list.

Topper Fox

Wednesday, August 1, 2018 7:22 AM

All replies

1

Sign in to vote
Hello,

Glad to help.

If there is a corporate firewall between WSUS and the Internet, you might have to configure that firewall to ensure WSUS can obtain updates. To obtain updates from Microsoft Update, the WSUS server uses port 443 for HTTPS protocol. Although most of corporate firewalls allow this type of traffic, there are some companies that restrict Internet access from the servers due the company's security policies. if your company restricts access, you need to obtain authorization to allow Internet access from WSUS to the following list of URLs:

http://windowsupdate.microsoft.com

http://*.windowsupdate.microsoft.com

https://*.windowsupdate.microsoft.com

http://*.update.microsoft.com

https://*.update.microsoft.com

http://*.windowsupdate.com

http://download.windowsupdate.com

https://download.microsoft.com

http://*.download.windowsupdate.com

http://wustat.windows.com

http://ntservicepack.microsoft.com

http://go.microsoft.com

Refer to this (search for Connection from the WSUS server to the Internet):

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsus

Best Regards,

Ray Jia

Please remember to mark the replies as answers if they help.

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Edited by Ray JiaMicrosoft contingent staff Wednesday, August 1, 2018 8:35 AM
- Marked as answer by Topper Fox Wednesday, August 1, 2018 9:20 AM
- Unmarked as answer by Topper Fox Sunday, August 5, 2018 3:49 AM
Wednesday, August 1, 2018 8:33 AM
0

Sign in to vote

I added these to the "Always Allow" list on OpenDNS and my computers immediately started updating. Thank you, this worked.
Topper Fox

Wednesday, August 1, 2018 9:21 AM
0

Sign in to vote

They can only white list valid domains. So everything you have an "*" in it of could not be added to the white list. Is there so many on this list that to add them all would be a great issue?

I thought my computer was updating, but the updates failed.
Topper Fox

Sunday, August 5, 2018 3:52 AM
0

Sign in to vote

Hello Fox,

Thanks for your feedback.

I have checked OpenDNS rules and "*" indeed have not been supported currently. But when you allow a domain, it's all subdomains are all allowed too. For example, if you want allow *.windowsupdate.com, just allow windowupdate.com.

Refer to this:

https://support.opendns.com/hc/en-us/articles/227986747-How-do-I-add-Domain-Wildcards-to-My-Block-or-Allow-Lists-

And you also should allow port 80 for http and port 443 for https.

However, above information is documented by Microsoft, and if your computer still fails to update please upload the windowsupdate.log.

Hope my answer could help you and look forward to your feedback.

Best Regards,

Ray Jia
Please remember to mark the replies as answers if they help.

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, August 6, 2018 12:50 AM
0

Sign in to vote

Create a rule which allow connection to http://*microsoft.com.
This will ease your admin's life and avoid a mess in proxy rules
OK

Monday, March 30, 2020 12:16 PM