Link to home
Start Free TrialLog in
Avatar of maharlika
maharlika

asked on

Sonicwall blocking windows automatic updates?

All of the PCs on our network stopped getting automatic updates for windows right after we put in a Sonicwall 2040.  I think the Sonicwall is the culprit, but don't know.  Both Sonicwall and Microsoft have looked at this, but have not come up with a solution. I get a number of different errors in the windowsupdate.log.
(1) Download job failed because of insufficient range support.
(2) Download failed, error = 0x80200013
(3) Init failed with 0x80246001
 I have made exceptions in the firewall for the following sites, as per sonicwall's suggestion: download.windowsupdate.com; windowsupdate.microsoft.com, update.microsoft.com, but no luck so far.

Any suggestions?
ASKER CERTIFIED SOLUTION
Avatar of ccomley
ccomley
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of maharlika
maharlika

ASKER

Yes! Here's the response I got from sonicwall:

Log on to sonicwall Click on Security services tab. Click on content filter tab. Please enter the following URL's in the Allowed domains http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://wustat.windows.com http://ntservicepack.microsoft.com Click on Ok Please check whether windows updates are happening or not. Also log to the sonicwall Change the URL from main.html to diag.html Click on internal settings Enable the option Enable HTTP Byte-Range requests with Gateway AV Click on apply Restart the sonicwall once and check whether windows updates are happening or not.
I came across this EE article then an article on Sonicwalls website

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3555&keyword=windows+update 

This article says to EXCLUDE http://

Download.windowsupdate.com
Windowsupdate.microsoft.com
Update.microsoft.com  

Tick "Do not block Java..."
FYI this article was on the money.  I set the FQDN's maharlika posted and it worked like a champ.  Using a TZ 100, did not see options Enable HTTP byte range.

I set firewall rules with FQDN address objects for each one listed above, added to my approved group and it worked great.  for address objects it is like rwallacej said:

Download.windowsupdate.com
Windowsupdate.microsoft.com
Update.microsoft.com


etc....
rwallacej's post was on the money... Thank you
One other item to check:

Security Services>Content Filter>Configure

Under the Policy tab select the Edit button for the active (probably default) policy and select the Settings tab. Disable Allowed Domains needs to be unchecked for the above to work.