Thanks for the reply. This is what I've started doing. My problem is we can't
define safe domains by host alone on our firewall, only IP. With MS bouncing
WU off multiple subnets and domains it makes it that much more difficult to
map them all. We'll see what happens.
Thanks again.
"Technokid" wrote:
> We had a similar problem while using content filtering. We did a nslookup on
> windowsupdate.com and it sent back other domains that we listed as "allowed"
> domains. This resolved our problem
>
> "John" wrote:
>
> > Hello,
> > Forgive me if this has been answered before or should be posted in another
> > forum.
> > I have about 20 Windows 2000/2003 servers and while manually running Windows
> > Update on them they always fail with the error 0x80072EE2. We've gone through
> > every single possible "fix" article we've been able to find without any luck.
> > We regulate both ingress/egress traffic so while testing we've found this to
> > be the culprit. With normal firewall rules in place (Secure Linux OS
> > Checkpoint NG Firewall) we continue to get this error. However, if we allow
> > all outgoing traffic to the outside world from any specific server then that
> > specific server is able to run Windows Updae without any issue at all. What
> > we would like to do is not jeopardize our security by allowing everything out
> > through the firewall just so we can get successful Windows Updates.
> >
> > With the above said, my question is - Does anyone know the Windows Update
> > server(s) IP Ranges to allow outbound through a firewall to successfully
> > query the Windows Update servers? Allowing everything outbound from our
> > servers seems to be the only fix so naturally we think that by allowing all
> > 80/443 traffic to the Windows Update IP range should work.
> >
> > If you need further info please let me know. Your thoughts and/or
> > suggestions are appreciated.
> >
|
Similar Threads
Linear Mode
