Regarding WSUS server Update Issue & High bandwidth utilization

Rakesh Kumar 6 Reputation points
2021-07-20T05:52:43.783+00:00

Hi All,

We are facing a strange issue with our WSUS server. we are using a WSUS server in our Organization and all the microsoft patch we push to client through WSUS server only. We are using GPO for WSUS configuration in Client Pcs .

Recently we have faced an incident in which our entire network bandwidth got choked ( 100 % ) 200 MB utilized.

As we checked our Proxy log we found that many of clients connected with following Microsoft URL and used most of the bandwidth.

We blocked all these URL temp and then Utilization got reduced from 200 MB to 30-35 MB.

http://dl.delivery.mp.microsoft.com
http://2.tlu.dl.delivery.mp.microsoft.com
http://3.tlu.dl.delivery.mp.microsoft.com
http://7.tlu.dl.delivery.mp.microsoft.com
So can anyone suggest what are the uses of these URLs . If we push update from WSUS server only than why client are communicating directly with Microsoft site for any kind of update ?

Thanks in Advance
Rakesh Kumar

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,067 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Rita Hu -MSFT 9,641 Reputation points
    2021-07-20T07:08:54.883+00:00

    @Rakesh Kumar
    Thanks for your posting on Q&A.

    According to this link, the WSUS will connect to the belowb links to get the required update files:
    http://windowsupdate.microsoft.com

    http://*.windowsupdate.microsoft.com

    https://*.windowsupdate.microsoft.com

    http://*.update.microsoft.com

    https://*.update.microsoft.com

    http://*.windowsupdate.com

    http://download.windowsupdate.com

    https://download.microsoft.com

    http://*.download.windowsupdate.com

    http://wustat.windows.com

    http://ntservicepack.microsoft.com

    http://go.microsoft.com

    http://dl.delivery.mp.microsoft.com

    https://dl.delivery.mp.microsoft.com

    Also we could apply the below policy to prevent the clients from scanning updates from the Internet:
    116099-2.png

    Please review this link and apply the above policy for the clients. Hope the above will be helpful.

    Please keep us in touch if your have any quetions.

    Regards,
    Rita


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Rakesh Kumar 6 Reputation points
    2021-07-20T08:05:46.193+00:00

    Hi Rita,

    Thanks for your reply.!

    I will try this and let you know.

    Also i would like to add one more point that in Apr I have make a new GPO to install optional component installation Policy so that user can install language pack directly without going to WSUS. Basically after joining domain our client not able to download the language pack so I created this policy.

    But I am not sure if this may be one of the reason client getting connect with Microsoft site for patch update also.

    ![116182-image.png]1

    https://www.stephenwagner.com/2018/10/08/enable-windows-update-features-on-demand-and-turn-windows-features-on-or-off-in-wsus-environments/


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.