how to configure wsus server for port 8530

Posted on 2013-06-05
Medium Priority
Last Modified: 2013-07-02
hi i have a windows 2003 domain/gpo network and i have successfully downloaded updates via my wsus domain member server via port 80.

note: i have removed port 80 and replaced gpo with:

http:wsus:8530 via gpo

step 1

i have uninstalled and removed all traces of wsus software

step 2

re-installed clean wsus software via port 8530 successfully

step 3

configured isa 2006 vpn

selected toolbox tab
selected 'user defined'
added 'outbound tcp traffic'
added from: 8530 to: 8530

name: wsus
action: allow
protocols: outbound tcp traffic
from/listener: wsus server
to: external
condition: all authenticated users/all users

step 3

ran wsus wizard to connect but failed

note: i think i may need to download some 'script' to get this to work but not sure!

qns1.  can anyone help as not sure how to activate https if this needs to also be configured ?
Question by:mikey250
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 800 total points
ID: 39226055
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 800 total points
ID: 39226073
LVL 35

Assisted Solution

Bembi earned 1200 total points
ID: 39226512
Not sure if you mean the client or the server sync?

The server connect to microsoft on the default ports (80 or 443, not configurable) or to an upstream WSUS (a second WSUS in your network, configurable).
You may have to set additionally a proxy server

WSUS - Options - Update Source

The client connects to WSUS via

The ports are configured in IIS and published to the clients via gpo.
For SSL, you need also a certificate on hte IIS

The actual port you can see, if you click in WSUS on your server name.

For ISA, there is usually no need for 8530, with the exception that you want to allow clients to contact ISA from outside. But in this case I would say, the traffic is incoming, not outgoing.
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.


Author Comment

ID: 39229991
hi dstewartjr, (qns = question) :)

my wsus install appears to be simular to your below url:

Install and configure WSUS 3.0 SP2 – Step-By-Step(Including ISA 2006)


the reason for wanting to know how to download wsus updates from microsoft to a single wsus domain member server was because i wish to use exchange 2003, hence port 8530..!!

in my gpo i added:



but according to above url, it states to follow 'web publishing rule' - this i have not done for wsus via 8530 .. ?


also i do not have a webpage so do i still complete 'web publishing rule' if i still require use of port: 8530 - ?
LVL 35

Assisted Solution

Bembi earned 1200 total points
ID: 39230738
Your GPO has to be http://wsus:8530
The GPO is only for your clients to connect to WSUS

Question 1
What do you want to do with port 8530 on the ISA?
Only if you want to connect external clients to your WSUS via ISA, there is a need to publish this port through ISA.

The port for the sync with Microsoft is set by Microsoft, no way to change it. Neither there is a possibility to cahnge the port nor MS would listen to a different port.

Question 2
same answer.

What is your concern with Exchange? I can not see any connection between Exchange and WSUS. Exchange offers Web Acces via port 80 or 443 incoming, while WSUS needs just port 80 outgoing like every client, which connects to the internet.

Author Comment

ID: 39241136
hi bembi, i have now my wsus domain member server working now!

yes my gpo was set to: http:wsus:8530 - my previous comments showed a typo - all ok

currently i have no external clients that need to connect to my wsus so presumably i should remove my 'web listener' for my wsus server ?

i was advised that if i am to run exchange on my server and also wish to run wsus on same exchange server, then i should configure: http://wsus:8530 and exchange will use by default port 80 as normal
LVL 35

Assisted Solution

Bembi earned 1200 total points
ID: 39249489
> should remove my 'web listener' for my wsus server ?
You want to say, you installed WSUS on a ISA Server?
Not sure if this is a good idea....
You don't need a listener for WSUS. If you have WSUS on ISA, you may have to create a protocoll definition for port 8530 and maybe a rule, that this traffic is allowed (but only if WSUS is on ISA).

> i was advised that....
WSUS can produce heavy load, so should be stand olone if possible. Nevertheless WSUS and Exchange don't bite each other (with ports).

Accepted Solution

mikey250 earned 0 total points
ID: 39249621
hi bembi,

no i do not have wsus on my isa.. :)

wsus is standalone currently..! but i wish to also add exchange 2003 for now (later) as you say the following:

"wsus can produce heavy load, so should be stand olone if possible. nevertheless wsus and exchange don't bite each other (with ports)" - hence wsus on 8530 and exchange for 80..!

was advised by other expert to add web listener on isa to allow wsus to download... ok i will remove web listener and re-confirm wsus still ok... thanks!! :)

you say below comment previously:

"for isa, there is usually no need for 8530, with the exception that you want to allow clients to contact isa from outside. but in this case I would say, the traffic is incoming, not outgoing."

question 1.  so how do i also allow external clients to download wsus updates or can i do this via a remote vpn or something ?

note: previously i could not get wsus to download because on install i added selected:8530 which is ok.  then i opened wsus software and also added 8530 which still failed download.  so i changed the wsus software to 80 and it synced ok..!! so now i under stand.

Author Closing Comment

ID: 39292586
i can now download wsus updates which i resolved myself!  but will allocate points still to expert as all advice is definately useful.

the only issue i had was that all my configurations were correct except after installing wsus i added port 8530 for the initial detection, which was incorrect and should have still been port 80.  due to gpo already set to point to: 8530 also


Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question