Can't download updates from Windows Update from behind a firewall or proxy server

Symptoms

When you check for updates from Windows Update on a device that's behind a firewall or a proxy server, you discover that you can't download the updates. Additionally, you may receive a message that resembles the following:

We couldn't get online to download your updates. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet.

Cause

Windows uses Microsoft Windows HTTP Services (WinHTTP) to communicate with the Microsoft Update servers, and Background Intelligent Transfer Service (BITS) is used to download the updates. There may be multiple reasons why the client cannot make calls externally:

Resolution

To resolve this issue, check the following conditions and requirements:
  • The proxy or firewall must support TLS 1.2. Otherwise, you may have to disable protocol detection.
  • If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, make sure that the following URLs are white-listed to permit Windows devices to communicate with Microsoft Update services:
    • update.microsoft.com
    • *.update.microsoft.com
    • download.windowsupdate.com
    • *.download.windowsupdate.com
    • download.microsoft.com
    • *.download.microsoft.com
    • windowsupdate.com
    • *.windowsupdate.com
    • ntservicepack.microsoft.com
    • wustat.windows.com
    • login.live.com (this is required if you have connected a Microsoft Account)
    • mp.microsoft.com
    • *.mp.microsoft.com
  • By default, Windows Update impersonates the user who's logged on to the computer in order to obtain updates. If you're using a proxy.pac file or have proxy settings deployed through Group Policy or another method, make sure that your Internet Explorer proxy settings are configured correctly. If you are manually defining a proxy setting, make sure that the Automatically detect settings check box is not selected. This check box may override your manual proxy settings and cause connection issues. 

    To verify, go to Internet Options > Connections > LAN Settings. Or, in Windows 10, go to Settings > Network & Internet > Proxy.
Properties

Article ID: 3084568 - Last Review: Oct 28, 2016 - Revision: 1

Feedback