What port(s) does Windows Update use?
I have recently set up a firewall for egress filtering that blocks all traffic originating in my DMZ unless it is HTTP, HTTPS, or DNS. I have a web server in there running Windows 2000 Server that I would like to check for patches, but Windwos Update no longer works. I can get to the web site, but when I click check for updates, I get a failure message. I suspect, but have not tried it, that I could resolve the issue by unblocking all traffic temporarily. I would prefer to poke a hole in the firewall for this instead. Can you tell me the port number(s) and destination servers that I need to create exceptions for in order to make this work?
Thanks in advance!
Thanks in advance!
ASKER
Hi prashsax,
TCP 80 is open for any destination. I am able to browse other web sites.
Added FTP ports as suggested. Still getting the failure message...
TCP 80 is open for any destination. I am able to browse other web sites.
Added FTP ports as suggested. Still getting the failure message...
ASKER
Wait, let me try that again. FTP was closed on port 20... back in 5 minutes.
ASKER
Nope, that didn't work. More info on Error message:
Error Number 0xC8000408
"The website has encountered a problem and cannot display the page you are trying to view."
Microsoft then offers a faq link that did not contain the word "port" when I searched for it.
Error Number 0xC8000408
"The website has encountered a problem and cannot display the page you are trying to view."
Microsoft then offers a faq link that did not contain the word "port" when I searched for it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Windows uses port 80 or 443 or both to download updates.
Now, we need to make sure it windows update is not happening because of firewall or for some other reason.
Could you make a rule which allow all ports to any destination. ( just to test if update works).
Now, we need to make sure it windows update is not happening because of firewall or for some other reason.
Could you make a rule which allow all ports to any destination. ( just to test if update works).
ASKER
Thanks prashsax! That was it exactly.
ASKER
BTW, I closed the FTP ports and it was still able to do the Windows updates.
Thanks again!
Thanks again!
Thanks!.
Are you able to browse other internet sites easily. e.g google.com, yahoo.com etc.
Just try and enable access to FTP port 20-21 as well.