Windows Updates don't work after blocked all inbound and outbound traffic

Question

Windows Updates don't work after blocked all inbound and outbound traffic

SC 236

Hi, I blocked all inbound and outbound traffic using PowerShell:

Set-NetFirewallProfile -All -DefaultInboundAction Block -DefaultOutboundAction Block

I allowed Windows Updates using the following command, but the updates don't work.

New-NetFirewallRule -DisplayName 'Allow Windows Updates' -Profile Any -Direction Outbound -Action Allow -Protocol Any -LocalPort Any -RemotePort Any -Program '%SystemRoot%\ImmersiveControlPanel\SystemSettings.exe' -Service 'wuauserv'

Only an error is displayed: "We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet."

It is virtual machine with Windows Server 2019.

Can you advise me what else needs to be allowed, please? WindowsUpdates_Error

vipullag-MSFT 26,492 Reputation points Moderator

2024-01-22T16:49:54.3966667+00:00

Hello SC

Welcome to Microsoft Q&A Platform, thanks for posting your query here.

Based on the details shared, look like the issue is not with the firewall rules, but rather with the Windows Update service itself.

-Check if the Windows Update service is running.

-Check if there are any pending updates.

-Reset the Windows Update components.

If none of these help, you might need help from Microsoft Support team on this. Hope this helps.
SC 236 Reputation points

2024-01-22T16:54:27.7666667+00:00

Hello vipullag-MSFT

If the firewall is turned off, Windows Update works.
Windows Update service is running.
New updates are pending, also for Defender.
vipullag-MSFT 26,492 Reputation points Moderator

2024-01-22T17:02:58.2366667+00:00

Hello SC Thanks for your quick response on this. Support team will be able to check and help on this. I would recommend you to open a azure support case.

1 answer

Your answer

vipullag-MSFT 26,492 Reputation points Moderator

2024-01-22T16:49:54.3966667+00:00

Hello SC

Welcome to Microsoft Q&A Platform, thanks for posting your query here.

Based on the details shared, look like the issue is not with the firewall rules, but rather with the Windows Update service itself.

-Check if the Windows Update service is running.

-Check if there are any pending updates.

-Reset the Windows Update components.

If none of these help, you might need help from Microsoft Support team on this. Hope this helps.
SC 236 Reputation points

2024-01-22T16:54:27.7666667+00:00

Hello vipullag-MSFT

If the firewall is turned off, Windows Update works.
Windows Update service is running.
New updates are pending, also for Defender.
vipullag-MSFT 26,492 Reputation points Moderator

2024-01-22T17:02:58.2366667+00:00

Hello SC Thanks for your quick response on this. Support team will be able to check and help on this. I would recommend you to open a azure support case.

Answer 1

Hello

We may need to allow the following urls:

http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
https://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://go.microsoft.com
http://dl.delivery.mp.microsoft.com
https://dl.delivery.mp.microsoft.com
http://*.delivery.mp.microsoft.com
https://*.delivery.mp.microsoft.com

Step 2 - Configure WSUS | Microsoft Learn If the issue persists, we could open administrator powershell command line and run "get-windowsupdatelog" to check the failed details for more information.

Share via

Windows Updates don't work after blocked all inbound and outbound traffic

1 answer

Your answer