maharlika
asked on
Sonicwall blocking windows automatic updates?
All of the PCs on our network stopped getting automatic updates for windows right after we put in a Sonicwall 2040. I think the Sonicwall is the culprit, but don't know. Both Sonicwall and Microsoft have looked at this, but have not come up with a solution. I get a number of different errors in the windowsupdate.log.
(1) Download job failed because of insufficient range support.
(2) Download failed, error = 0x80200013
(3) Init failed with 0x80246001
I have made exceptions in the firewall for the following sites, as per sonicwall's suggestion: download.windowsupdate.com ; windowsupdate.microsoft.co m, update.microsoft.com, but no luck so far.
Any suggestions?
(1) Download job failed because of insufficient range support.
(2) Download failed, error = 0x80200013
(3) Init failed with 0x80246001
I have made exceptions in the firewall for the following sites, as per sonicwall's suggestion: download.windowsupdate.com
Any suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I came across this EE article then an article on Sonicwalls website
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3555&keyword=windows+update
This article says to EXCLUDE http://
Download.windowsupdate.com
Windowsupdate.microsoft.co m
Update.microsoft.com
Tick "Do not block Java..."
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3555&keyword=windows+update
This article says to EXCLUDE http://
Download.windowsupdate.com
Windowsupdate.microsoft.co
Update.microsoft.com
Tick "Do not block Java..."
FYI this article was on the money. I set the FQDN's maharlika posted and it worked like a champ. Using a TZ 100, did not see options Enable HTTP byte range.
I set firewall rules with FQDN address objects for each one listed above, added to my approved group and it worked great. for address objects it is like rwallacej said:
Download.windowsupdate.com
Windowsupdate.microsoft.co m
Update.microsoft.com
etc....
I set firewall rules with FQDN address objects for each one listed above, added to my approved group and it worked great. for address objects it is like rwallacej said:
Download.windowsupdate.com
Windowsupdate.microsoft.co
Update.microsoft.com
etc....
rwallacej's post was on the money... Thank you
One other item to check:
Security Services>Content Filter>Configure
Under the Policy tab select the Edit button for the active (probably default) policy and select the Settings tab. Disable Allowed Domains needs to be unchecked for the above to work.
Security Services>Content Filter>Configure
Under the Policy tab select the Edit button for the active (probably default) policy and select the Settings tab. Disable Allowed Domains needs to be unchecked for the above to work.
ASKER
Log on to sonicwall Click on Security services tab. Click on content filter tab. Please enter the following URL's in the Allowed domains http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://wustat.windows.com http://ntservicepack.microsoft.com Click on Ok Please check whether windows updates are happening or not. Also log to the sonicwall Change the URL from main.html to diag.html Click on internal settings Enable the option Enable HTTP Byte-Range requests with Gateway AV Click on apply Restart the sonicwall once and check whether windows updates are happening or not.