WSUS - Default Sync Connection with Microsoft Update?

In a simple scenario with a single WSUS 3 server configured to synchronize
with Microsoft Update, does the WSUS server connect to synchronize & update
via standard HTTP? or HTTPS? (no proxies configured)

We had a period over the weekend (about 8-10am Saturday morning) when our
Internet connection slowed considerably. The ISP's network expert did some
packet sniffing & other analysis (not sure what) and said that a single
connection from the server was hogging all the bandwidth - see below (from a
netstat printout):

TCP <servername>:2226 cds179.sjc9.llnw.net:http ESTABLISHED

Additionally, the expert says that WSUS was the culprit, and that this
connection was due to some hung-up download on WSUS's part. He says that
WSUS's connection was to Limelight (although the IP that the FQDN resolves to
comes back as registered to Microsoft), and says that when talking to a
support engineer from Limelight, they said that Limelight does sometimes host
Microsoft downloads.

I manage the WSUS service, and WSUS logged no errors at all - in fact, on
the day in question it synchronized at 12:32am & completed less than a minute
later with no new updates to download. I'm convinced that WSUS had nothing to
do with it.

When I run a manual sync, netstat shows:

TCP <servername>:4756 64.4.21.91:https ESTABLISHED 184
[WsusService.exe]

If it's true that WSUS uses SSL to sync with Microsoft, then it's very clear
that the "problem" connection over the weekend had nothing to do with WSUS!
Can anyone confirm the default WSUS connection behavior when syncing with
Microsoft Update? I've been hunting for clear documentation, but haven't
found it yet.

TIA.

Forwarded to the WSUS NG for OP's convenience:

Web-based reader <for the kidz>
http://www.microsoft.com/communities...pdate_services

NNTP reader <for adults>
news://msnews.microsoft.com/microsof...pdate_services


Sara Windsor wrote:
> In a simple scenario with a single WSUS 3 server configured to synchronize
> with Microsoft Update, does the WSUS server connect to synchronize & update
> via standard HTTP? or HTTPS? (no proxies configured)
>
> We had a period over the weekend (about 8-10am Saturday morning) when our
> Internet connection slowed considerably. The ISP's network expert did some
> packet sniffing & other analysis (not sure what) and said that a single
> connection from the server was hogging all the bandwidth - see below (from a
> netstat printout):
>
> TCP <servername>:2226 cds179.sjc9.llnw.net:http ESTABLISHED
>
> Additionally, the expert says that WSUS was the culprit, and that this
> connection was due to some hung-up download on WSUS's part. He says that
> WSUS's connection was to Limelight (although the IP that the FQDN resolves to
> comes back as registered to Microsoft), and says that when talking to a
> support engineer from Limelight, they said that Limelight does sometimes host
> Microsoft downloads.
>
> I manage the WSUS service, and WSUS logged no errors at all - in fact, on
> the day in question it synchronized at 12:32am & completed less than a minute
> later with no new updates to download. I'm convinced that WSUS had nothing to
> do with it.
>
> When I run a manual sync, netstat shows:
>
> TCP <servername>:4756 64.4.21.91:https ESTABLISHED 184
> [WsusService.exe]
>
> If it's true that WSUS uses SSL to sync with Microsoft, then it's very clear
> that the "problem" connection over the weekend had nothing to do with WSUS!
> Can anyone confirm the default WSUS connection behavior when syncing with
> Microsoft Update? I've been hunting for clear documentation, but haven't
> found it yet.
>
> TIA.


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============

The metadata sync uses HTTPS. The download of the updates themselves uses HTTP
(they are digitally signed so why use SLL/TLS)

On Thu, 24 Jul 2008 11:19:13 -0700, "MowGreen [MVP]" <>
wrote:

>Forwarded to the WSUS NG for OP's convenience:
>
>Web-based reader <for the kidz>
>http://www.microsoft.com/communities...pdate_services
>
>NNTP reader <for adults>
>news://msnews.microsoft.com/microsof...pdate_services
>
>
>Sara Windsor wrote:
>> In a simple scenario with a single WSUS 3 server configured to synchronize
>> with Microsoft Update, does the WSUS server connect to synchronize & update
>> via standard HTTP? or HTTPS? (no proxies configured)
>>
>> We had a period over the weekend (about 8-10am Saturday morning) when our
>> Internet connection slowed considerably. The ISP's network expert did some
>> packet sniffing & other analysis (not sure what) and said that a single
>> connection from the server was hogging all the bandwidth - see below (from a
>> netstat printout):
>>
>> TCP <servername>:2226 cds179.sjc9.llnw.net:http ESTABLISHED
>>
>> Additionally, the expert says that WSUS was the culprit, and that this
>> connection was due to some hung-up download on WSUS's part. He says that
>> WSUS's connection was to Limelight (although the IP that the FQDN resolves to
>> comes back as registered to Microsoft), and says that when talking to a
>> support engineer from Limelight, they said that Limelight does sometimes host
>> Microsoft downloads.
>>
>> I manage the WSUS service, and WSUS logged no errors at all - in fact, on
>> the day in question it synchronized at 12:32am & completed less than a minute
>> later with no new updates to download. I'm convinced that WSUS had nothing to
>> do with it.
>>
>> When I run a manual sync, netstat shows:
>>
>> TCP <servername>:4756 64.4.21.91:https ESTABLISHED 184
>> [WsusService.exe]
>>
>> If it's true that WSUS uses SSL to sync with Microsoft, then it's very clear
>> that the "problem" connection over the weekend had nothing to do with WSUS!
>> Can anyone confirm the default WSUS connection behavior when syncing with
>> Microsoft Update? I've been hunting for clear documentation, but haven't
>> found it yet.
>>
>> TIA.
>
>
>MowGreen [MVP 2003-2008]
>===============
> *-343-* FDNY
>Never Forgotten
>===============
--
Dave Mills
There are 10 type of people, those that understand binary and those that don't.