Traffic is being generated from some Windows Servers to Microsoft IPs.

Rony Paul 6 Reputation points
2020-12-27T06:33:52.127+00:00

We have some Windows Server 2019 servers in our environment. There are excessive unusual traffic directed to Microsoft IP's is being generated from a few systems to our firewall.
The IPs are like: 40.88.32.150, 54.175.105.2019, 52.139.153.205.

These server have no internet and Windows Update is managed from SCCM.
We have tried below GPO but no luck.
“Remove access to use all Windows Update features"
User Configuration\Administrative Templates\Windows Components\Windows Update

"Do not connect to any Windows Update Internet Locations"
User Configuration\Administrative Templates\Windows Components\Windows Update

We have also disabled Automatically update certificates in the Microsoft Root Certificate Program (recommended)

https://support.microsoft.com/en-us/help/2677070/an-automatic-updater-of-untrusted-certificates-is-available-for-window

Still Windows Server is generating huge traffic.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,483 questions
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,718 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,803 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,210 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 32,586 Reputation points
    2020-12-27T20:46:29.62+00:00

    Hi,

    This link will help you to disable automatically update certificate in the Microsoft Root certificate :
    manage-connections-from-windows-operating-system-components-to-microsoft-services

    ----------

    Please Don't forget to mark helpful reply as answer

    0 comments
  2. Hannah Xiong 6,231 Reputation points
    2020-12-28T05:49:16.527+00:00

    Hello,

    Thank you so much for posting here.

    We mainly focus on the group policy issue. Since we configured the group policies, have we checked whether these policies are successfully applied or not?

    We could check by running “gpresult /h” to get a detailed group policy result report, then check if the specific settings get applied or not.

    For computer configuration:
    Logon one client and open CMD, run as administrator. Type gpresult /h C:\report.html and click Enter. Open report file to check the policies under Computer Details.

    For user configuration:
    Logon one client with domain user account who is within the OU linked by the GPO.
    Create a new folder in C drive named Folder.
    Open CMD, type gpresult /h C:\Folder\report.html and click Enter.
    Open report file to check the policies under User Details.

    As for the excessive unusual traffic, we could refer to the below link to check whether it helps.
    https://answers.microsoft.com/en-us/windows/forum/windows_7-performance/huge-amount-of-unexpected-internet-traffic/059c8ef4-cc45-4abd-b122-23023745a414

    For any question, please feel free to contact us.

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments