Windows Server 2019 required outbound connections

asked 2021-04-22T12:24:04.19+00:00
Bruno 1 Reputation point

Situation: Windows Server 2019 behind firewall which blocks outboud traffic
Allready opened paths: DNS, NTP, SMPT to specific servers and HTTP/S to the following Windows Update servers:

  • ntservicepack.microsoft.com
  • windowsupdate.microsoft.com
  • *.windowsupdate.microsoft.com
  • download.microsoft.com
  • *.update.microsoft.com
  • wustat.windows.com (invalid)
  • *.windowsupdate.com

Beside these open paths the Windows Server tries to open HTTPS connections to the following IP:

  • 10.64.90.137
  • 13.64.90.137
  • 13.88.21.125
  • 34.249.145.219
  • 40.88.32.150
  • 52.147.198.201
  • 52.255.188.83
  • 104.43.193.48
  • 168.61.161.212

They belong all to Microsoft but have no DNS reverse lookup entries.

Question: What are these servers used for and is there an FQND which resolves to these IP?

Thanks for any help!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
2,180 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,297 questions
{count} votes

3 answers

Sort by: Most helpful
  1. answered 2021-04-23T06:31:21.097+00:00
    Daisy Zhou 12,911 Reputation points Microsoft Employee

    Hello @Bruno ,

    Thank you for posting here.

    Based on the description above, do you want to know why your server connect to the following address?

    ntservicepack.microsoft.com

    windowsupdate.microsoft.com

    *.windowsupdate.microsoft.com

    download.microsoft.com

    *.update.microsoft.com

    wustat.windows.com (invalid)

    *.windowsupdate.com

    Please go to the resource monitor on this server to check the network activity, which contains the corresponding IP address and service process.

    Please check what process is sending packets to those IP addresses.

    For example:

    In my lab.

    90599-add1.png

    Hope the information above is helpful

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


  2. answered 2021-04-26T17:50:57.45+00:00
    David Watson 1 Reputation point

    Following
    I have devices failing to get windows update. Not seeing anything blocked on the "Windows Update" uri list

    No comments

  3. answered 2021-05-01T09:57:12.237+00:00
    Bruno 1 Reputation point

    Finally I found a feasable solution:

    • Use a separate DNS server for the specific host
    • Turn on debug log on that DNS server
    • Match droped packets in the firewall log to the DNS debug log

    It turned out that most of the traffic commes from watson.telemetry.microsoft.com which resolves to a bunch of IP.

    Have a nice day!