locked
FCS Updates URL RRS feed

  • Question

  • Hi

    I have our FCS client configured to update from the internet if no corporate WSUS/SCCM server available. I need to know which URL's / Ip addresses to permit thuogh our firewall to enable this to happen. Up to now I can see that when I initiate an updates scan the FCS client is trying to connect to cds246.lon9.msecn.net and others such as cds248, cds281, cds281, cds11 etc.

    Have already added the windows updates URL's.

    Does anyone have a definitive list?

    Thanks


    Douks
    Monday, July 25, 2011 9:00 AM

Answers

  • Hi Douks,

    Yes, you just need to adjust your firewall rule to allow(access and download) all files from *.update.microsoft.com and *.windowsupdate.com. 


    Regards,
    Rick Tan
    • Marked as answer by Rick Tan Thursday, August 4, 2011 4:07 AM
    Wednesday, July 27, 2011 9:43 AM

All replies

  • Hi Douks,

    Thank you for your post.

    As far as I know, no URL need to permit in firewall to update FCS from Internet.
    If the first time Client Security prompts you to agree to use Microsoft Update, you must do so or you cannot enable fallback to Microsoft Update. More details please refer to Configuring fallback for updates article.

    If there are more inquiries on this issue, please feel free to let us know.


    Regards,
    Rick Tan
    Tuesday, July 26, 2011 3:51 AM
  • Thanks, but our firewall blocks outboud access by default, so it won't work without the addresses configured.
    Douks
    Tuesday, July 26, 2011 8:01 AM
  • Hi Douks,

    Thank you for your updates.

    Our firewall? You mean FCS client update blocked by Lan firewall not OS firewall?

    I test to update FCS with OS firewall enabled successful, FCS connect two URLs listed in file C:\windows\windowsupdate.log:


    https://www.update.microsoft.com
    http://download.windowsupdate.com


    Cds246/cds248/cds281 just means FCS update server DNS name. FCS clients connect to which FCS update server depend on the local ISP DNS resolve these two URLs. So please add these two URL to your firewall rules or use the wildcard like https://*.update.microsoft.com.

    If there are more inquiries on this issue, please feel free to let us know.


    Regards,
    Rick Tan
    Wednesday, July 27, 2011 3:16 AM
  • Yes, perimeter firewall (non Microsoft).

    So are you saying the something.update.microsoft.com will resolve to the same IP as cds246.lon9.msecn.net for example?

    Thanks


    Douks
    Wednesday, July 27, 2011 7:14 AM
  • Hi Douks,

    Yes, you just need to adjust your firewall rule to allow(access and download) all files from *.update.microsoft.com and *.windowsupdate.com. 


    Regards,
    Rick Tan
    • Marked as answer by Rick Tan Thursday, August 4, 2011 4:07 AM
    Wednesday, July 27, 2011 9:43 AM