Solved

Ports to Open on SBS 2011 for Windows/7 Updates

Posted on 2013-11-01
8
1,010 Views
Last Modified: 2013-11-01
hi -

Does anyone know which specific ports have to be opened on the server to allow Window/7 updates to run.   I have a new SBS 2011 installation and Window/7 64 Bit client attached to it.  When I tried to run updates they failed with error code 80072ee2.  I ran the FixIT (which didn't fix it), added the Microsoft update websites to the "trusted" sites, which didn't help either.  Then I dropped the firewall on the server temporarily (only for the local) and the updates came right in without a problem.  For some reason the Firewall doesn't open ports automatically when applications are installed.  I had to manually add Exchange and TrendMicro rules.

Any help would be appreciated.

Thanks
Rich
0
Comment
Question by:webentpr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 39617376
With an SBS2011 server install you should have WSUS running on the server and ALL Your clients should get the updates from the SBS server itself.

Read here.. http://technet.microsoft.com/en-us/library/dd939915(v=ws.10).aspx
0
 

Author Comment

by:webentpr
ID: 39617395
Thanks -

The server is setup for WSUS (whichi is why the daily log identified this as a problem for this workstation) but it is a new workstation and it takes a lot of updates.  

As long as the firewall is down I can manually apply the updates.  Sooner or later I am sure WSUS will catch up.  In the meantime i want the workstation up to date.

thanks
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 39617412
IF WSUS is correctly configured then you dont need to wait for anything to catchup.  I "Fudge" is never the correct answer. It is always better to address the real problem rather than fix a symptom.
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 

Author Comment

by:webentpr
ID: 39617416
Great - thanks for your insight
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39617448
I know a LOT of people like trend BUT in my experience, they've caused MANY problems with connectivity.  I have solved multiple issues of connectivity by uninstalling Trend at client's locations.

Separately, have you run the wizards to setup the SBS server - they should open the necessary fire wall ports or if they can't, tell you which ones (there's only 4 or so if I remember correctly)
0
 

Author Comment

by:webentpr
ID: 39617465
Thanks - i did run the wizard - but for some reason the firewall rules were not updated.  I've finished updating the the workstation (which, along with the server and a second workstation here) will be installed at the client's tomorrow morning.  

i didn't want the daily log to show the outstanding updates messsage on this workstation - which was installed just yesterday.

in any case I am good right now but I would love to know which rule has to be setup on the Firewall to allow for the updates.
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 200 total points
ID: 39617521
Rerun the wizard - or run the Fix My Network Wizard.  If it cannot update the firewall (UPNP must be enabled for it to do it itself - once done, DISABLE UPNP as it's a potentially HUGE security issue.  

Internally, the Windows firewall should not apply - I've done dozens of SBS setups and never (to my memory) had to modify the SBS firewall for internal access.  REMOVE TREND to test if that's the problem - if you remove it and you still have issues, then put it back and look elsewhere... but it's been often a problem for me so until you do, I'd favor that as the cause.

External ports required.
http://www.sbsfaq.com/?p=2559
0
 

Author Closing Comment

by:webentpr
ID: 39617629
Nice call on the Fix my network.  It worked.  Thanks
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question