How to Check if Microsoft Online Servers URLs are Allowed on Device Firewall Settings

Overview:

In certain scenarios, Windows updates configured with Microsoft online servers may not download due to firewall restrictions. This document provides steps to check and resolve firewall settings to ensure Windows updates can be downloaded.

Resolution Steps: Follow the steps below to check the status of your firewall and resolve any issues.

1. Check Windows Firewall Settings on Your Windows Device

a. Open Windows Defender Firewall with Advanced Security:

1. Press Win + R to open the Run dialog.
2. Type wf.msc and press Enter. This will open the Windows Defender Firewall with Advanced Security console.

b. Verify Firewall Rules:

1. Look for rules that might block or allow connections to the Windows Update service.
2. Rules related to Windows Update might be named something like "Windows Update" or "WUDF".
3. If you find rules that block or restrict access to certain URLs or IP addresses:
   • Right-click on the rule and select Properties.
   • Review the General and Scope tabs to see the specifics of what is being blocked or allowed.

2. Check Firewall Rules in PowerShell

a. Open PowerShell:

1. Press Win + R and type powershell.
2. Select Windows PowerShell (Admin).

b. List All Firewall Rules: Run the following command to list all firewall rules:

Get-NetFirewallRule -All

c. Filter Rules Related to Specific URLs or IP Addresses: Use the following command to filter for rules related to Windows Update:

Get-NetFirewallRule -All | Where-Object { $_.DisplayName -like '*Windows Update*' }

Note: Adjust the -like '*Windows Update*' part to match the specific criteria you are looking for. If the above command doesn't show anything useful, try searching for Microsoft-related rules:

Get-NetFirewallRule | Where-Object { $_.DisplayName -match 'Microsoft' }

This may reveal hidden rules that affect Windows Update.

3. Check Network Configuration and DNS Settings Ensure that your network configuration allows access to Microsoft's servers.

a. DNS Settings:

1. Verify the device's DNS settings are correctly resolving Microsoft's update servers.
2. Run the following command in PowerShell to verify DNS resolution:

nslookup windowsupdate.microsoft.com

4. Test Connectivity to Windows Update Servers Use the telnet command or PowerShell's Test-NetConnection cmdlet to test connectivity to the Windows Update servers.

a. Run the following commands in PowerShell:

Test-NetConnection -ComputerName windowsupdate.microsoft.com -Port 80

Test-NetConnection -ComputerName windowsupdate.microsoft.com -Port 443

Successful Connectivity:

• Since TcpTestSucceeded is True for both port 80 (HTTP) and 443 (HTTPS), the device can successfully connect to Microsoft's Windows Update servers.
• Firewall is Not Blocking Updates: If there were firewall restrictions, this test would have failed.

Conclusion:

By following these steps, you can verify and adjust your firewall settings to ensure that your device can access Microsoft's online servers for Windows updates.