how to configure wsus server for port 8530

hi i have a windows 2003 domain/gpo network and i have successfully downloaded updates via my wsus domain member server via port 80.

note: i have removed port 80 and replaced gpo with:

http:wsus:8530 via gpo

step 1

i have uninstalled and removed all traces of wsus software

step 2

re-installed clean wsus software via port 8530 successfully

step 3

configured isa 2006 vpn

selected toolbox tab
selected 'user defined'
added 'outbound tcp traffic'
added from: 8530 to: 8530

name: wsus
action: allow
protocols: outbound tcp traffic
from/listener: wsus server
to: external
condition: all authenticated users/all users

step 3

ran wsus wizard to connect but failed

note: i think i may need to download some 'script' to get this to work but not sure!

qns1.  can anyone help as not sure how to activate https if this needs to also be configured ?
Who is Participating?
mikey250Author Commented:
hi bembi,

no i do not have wsus on my isa.. :)

wsus is standalone currently..! but i wish to also add exchange 2003 for now (later) as you say the following:

"wsus can produce heavy load, so should be stand olone if possible. nevertheless wsus and exchange don't bite each other (with ports)" - hence wsus on 8530 and exchange for 80..!

was advised by other expert to add web listener on isa to allow wsus to download... ok i will remove web listener and re-confirm wsus still ok... thanks!! :)

you say below comment previously:

"for isa, there is usually no need for 8530, with the exception that you want to allow clients to contact isa from outside. but in this case I would say, the traffic is incoming, not outgoing."

question 1.  so how do i also allow external clients to download wsus updates or can i do this via a remote vpn or something ?

note: previously i could not get wsus to download because on install i added selected:8530 which is ok.  then i opened wsus software and also added 8530 which still failed download.  so i changed the wsus software to 80 and it synced ok..!! so now i under stand.
DonNetwork AdministratorCommented:
DonNetwork AdministratorCommented:
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Not sure if you mean the client or the server sync?

The server connect to microsoft on the default ports (80 or 443, not configurable) or to an upstream WSUS (a second WSUS in your network, configurable).
You may have to set additionally a proxy server

WSUS - Options - Update Source

The client connects to WSUS via

The ports are configured in IIS and published to the clients via gpo.
For SSL, you need also a certificate on hte IIS

The actual port you can see, if you click in WSUS on your server name.

For ISA, there is usually no need for 8530, with the exception that you want to allow clients to contact ISA from outside. But in this case I would say, the traffic is incoming, not outgoing.
mikey250Author Commented:
hi dstewartjr, (qns = question) :)

my wsus install appears to be simular to your below url:

Install and configure WSUS 3.0 SP2 – Step-By-Step(Including ISA 2006) 


the reason for wanting to know how to download wsus updates from microsoft to a single wsus domain member server was because i wish to use exchange 2003, hence port 8530..!!

in my gpo i added:



but according to above url, it states to follow 'web publishing rule' - this i have not done for wsus via 8530 .. ?


also i do not have a webpage so do i still complete 'web publishing rule' if i still require use of port: 8530 - ?
Your GPO has to be http://wsus:8530
The GPO is only for your clients to connect to WSUS

Question 1
What do you want to do with port 8530 on the ISA?
Only if you want to connect external clients to your WSUS via ISA, there is a need to publish this port through ISA.

The port for the sync with Microsoft is set by Microsoft, no way to change it. Neither there is a possibility to cahnge the port nor MS would listen to a different port.

Question 2
same answer.

What is your concern with Exchange? I can not see any connection between Exchange and WSUS. Exchange offers Web Acces via port 80 or 443 incoming, while WSUS needs just port 80 outgoing like every client, which connects to the internet.
mikey250Author Commented:
hi bembi, i have now my wsus domain member server working now!

yes my gpo was set to: http:wsus:8530 - my previous comments showed a typo - all ok

currently i have no external clients that need to connect to my wsus so presumably i should remove my 'web listener' for my wsus server ?

i was advised that if i am to run exchange on my server and also wish to run wsus on same exchange server, then i should configure: http://wsus:8530 and exchange will use by default port 80 as normal
> should remove my 'web listener' for my wsus server ?
You want to say, you installed WSUS on a ISA Server?
Not sure if this is a good idea....
You don't need a listener for WSUS. If you have WSUS on ISA, you may have to create a protocoll definition for port 8530 and maybe a rule, that this traffic is allowed (but only if WSUS is on ISA).

> i was advised that....
WSUS can produce heavy load, so should be stand olone if possible. Nevertheless WSUS and Exchange don't bite each other (with ports).
mikey250Author Commented:
i can now download wsus updates which i resolved myself!  but will allocate points still to expert as all advice is definately useful.

the only issue i had was that all my configurations were correct except after installing wsus i added port 8530 for the initial detection, which was incorrect and should have still been port 80.  due to gpo already set to point to: 8530 also

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.