Windows Server 2019 required outbound connections

Question

Windows Server 2019 required outbound connections

asked

Bruno 1

Situation: Windows Server 2019 behind firewall which blocks outboud traffic
Allready opened paths: DNS, NTP, SMPT to specific servers and HTTP/S to the following Windows Update servers:

ntservicepack.microsoft.com
windowsupdate.microsoft.com
*.windowsupdate.microsoft.com
download.microsoft.com
*.update.microsoft.com
wustat.windows.com (invalid)
*.windowsupdate.com

Beside these open paths the Windows Server tries to open HTTPS connections to the following IP:

10.64.90.137
13.64.90.137
13.88.21.125
34.249.145.219
40.88.32.150
52.147.198.201
52.255.188.83
104.43.193.48
168.61.161.212

They belong all to Microsoft but have no DNS reverse lookup entries.

Question: What are these servers used for and is there an FQND which resolves to these IP?

Thanks for any help!

Daisy Zhou 12,911 Reputation points Microsoft Employee

2021-04-26T07:01:23.57+00:00

Hello @Bruno ,
I'm just following up to make sure you received my last reply and that my answers properly address your questions. If you have any further questions or concerns about this post, please let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Daisy Zhou 12,911 Reputation points Microsoft Employee

2021-04-26T07:01:23.57+00:00

Hello @Bruno ,
I'm just following up to make sure you received my last reply and that my answers properly address your questions. If you have any further questions or concerns about this post, please let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 1

Hello @Bruno ,

Thank you for posting here.

Based on the description above, do you want to know why your server connect to the following address?

ntservicepack.microsoft.com

windowsupdate.microsoft.com

*.windowsupdate.microsoft.com

download.microsoft.com

*.update.microsoft.com

wustat.windows.com (invalid)

*.windowsupdate.com

Please go to the resource monitor on this server to check the network activity, which contains the corresponding IP address and service process.

Please check what process is sending packets to those IP addresses.

For example:

In my lab.

Hope the information above is helpful

Should you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Bruno 1 Reputation point

2021-04-26T13:51:09.773+00:00

Thank you very much for your answer @Daisy Zhou . The problem with this solution is that I see only established connections in resmon i.e. blocked traffic never shows up. I found some useful information in the DNS servers cache but could not map it to all of the IP listed above.

Best Regards,
Bruno

Answer 2

answered

David Watson 1

Following
I have devices failing to get windows update. Not seeing anything blocked on the "Windows Update" uri list

Answer 3

answered

Bruno 1

Finally I found a feasable solution:

Use a separate DNS server for the specific host
Turn on debug log on that DNS server
Match droped packets in the firewall log to the DNS debug log

It turned out that most of the traffic commes from watson.telemetry.microsoft.com which resolves to a bunch of IP.

Have a nice day!

Daisy Zhou 12,911 Reputation points Microsoft Employee

2021-05-05T05:35:51.393+00:00

Hello @Bruno ,
Thank you for your update and sharing. I am so glad that you found the solution.
As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you!

Best Regards,
Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Windows Server 2019 required outbound connections

3 answers

Activity