List of update server addresses

Question

_{Wednesday, August 1, 2018 7:22 AM}

I use the "Whitelist Only" option on OpenDNS.   The feature blocks all websites except those listed under your "Never block" individual domains.  Unfortunately, this also blocks Microsoft from updating.   I need a list of the domains used by Microsoft to update Windows 10 and 365 to add to my "Never Block" list.

Topper Fox

All replies (5)

_{Wednesday, August 1, 2018 8:33 AM | 1 vote}

Hello,

 

Glad to help.

 

If there is a corporate firewall between WSUS and the Internet, you might have to configure that firewall to ensure WSUS can obtain updates. To obtain updates from Microsoft Update, the WSUS server uses port 443 for HTTPS protocol. Although most of corporate firewalls allow this type of traffic, there are some companies that restrict Internet access from the servers due the company's security policies. if your company restricts access, you need to obtain authorization to allow Internet access from WSUS to the following list of URLs:

• http://windowsupdate.microsoft.com

• http://*.windowsupdate.microsoft.com

• https://*.windowsupdate.microsoft.com

• http://*.update.microsoft.com

• https://*.update.microsoft.com

• http://*.windowsupdate.com

• http://download.windowsupdate.com

• https://download.microsoft.com

• http://*.download.windowsupdate.com

• http://wustat.windows.com

• http://ntservicepack.microsoft.com

• http://go.microsoft.com

 

Refer to this (search for Connection from the WSUS server to the Internet): 

/en-us/windows-server/administration/windows-server-update-services/deploy/2-configure-wsus

 

Best Regards,

Ray Jia

Please remember to mark the replies as answers if they help.

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

---

_{Wednesday, August 1, 2018 9:21 AM}

I added these to the "Always Allow" list on OpenDNS and my computers immediately started updating.   Thank you, this worked.

Topper Fox

---

_{Sunday, August 5, 2018 3:52 AM}

They can only white list valid domains.   So everything you have an "*" in it of could not be added to the white list.   Is there so many on this list that to add them all would be a great issue?

I thought my computer was updating, but the updates failed.   

Topper Fox

---

_{Monday, August 6, 2018 12:50 AM}

Hello Fox,

 

Thanks for your feedback.

 

I have checked OpenDNS rules and "*" indeed have not been supported currently. But when you allow a domain, it's all subdomains are all allowed too. For example, if you want allow *.windowsupdate.com, just allow windowupdate.com.

 

Refer to this:

https://support.opendns.com/hc/en-us/articles/227986747-How-do-I-add-Domain-Wildcards-to-My-Block-or-Allow-Lists-

 

And you also should allow port 80 for http and port 443 for https.

  

However, above information is documented by Microsoft, and if your computer still fails to update please upload the windowsupdate.log. 

 

Hope my answer could help you and look forward to your feedback.

 

Best Regards,

Ray Jia

Please remember to mark the replies as answers if they help.

If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

---

_{Monday, March 30, 2020 12:16 PM}

Create a rule which allow connection to http://*microsoft.com.
This will ease your admin's life and avoid a mess in proxy rules

OK