This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 63%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Good Afternoon,
I allow myself to pose my problem here. Here I have 1 MP and 4 DP, one of the DP is in a DMZ. The problem is that all my client workstations in the DMZ are getting application packages but not receiving Windows security updates. My Wsus Server is not in the DMZ. I had already configured the software update point on my DP DMZ. despite this, client workstations in DMZ do not receive updates. I see nothing blocked on my Stormshiel firewall. Do you know what escapes me?
Thank you for your help.
May we know the current status of the question? If there is any other assistance we can provide, please feel free to let us know, we will do our best to help you.
Hi,
It seems there is no update for a couple of days. Have you tried the suggestions provided? How about the status of the problem? Here is a short summary of this problem.
Symptom:
The problem is that all my client workstations in the DMZ are getting application packages but not receiving Windows security updates.
Suggestions:
We could check if the boundary group is set correctly. Clients don't change SUPs unless they fail to access their current SUP three times. Failure in this case equates to a limited set of result codes. Not being able to connect because of a firewall restriction does in not included though.
Besides, please review the client logs and wuahandler.log and locationservices.log to start with software updates.
Reference Links:
Regards,
Amanda
Hi,
Do you have configured the boundary groups related to the DMZ subnets with your internal SUP ? Make sure also that the 8530 & 8531 ports are allowed between your DMZ clients and the Software Update Point.
Regards,
Youssef
First, the boundary groups need to configured correctly as noted by @YoussefSaad-6209 so that the clients map to the proper SUP.
Next, Clients don't change SUPs unless they fail to access their current SUP three times. Failure in this case equates to a limited set of result codes. Not being able to connect because of a firewall restriction does in not included though.
Finally, have you reviewed the client logs? wuahandler.log is always the place to start with software updates and for site role location issues, review locationservices.log.
Hi,
Thanks for posting in TechNet.
Agree with Jason and YoussefSaad, we could check if the boundary group is set correctly. Here is the article about configuring boundary group:
https://learn.microsoft.com/en-us/mem/configmgr/core/servers/deploy/configure/boundary-groups#bkmk_sup
In addition to the logs mentioned by Jason, the client could not receive update, kindly check policyagent.log to see if the policy is received.
Thanks for your time.