How to Determine the Port Settings Used by WSUS
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
When creating and configuring an active software update point or active Internet-based software update point in Configuration Manager 2007, the port settings used by the Microsoft Windows Server Update Services (WSUS) 3.0 server must be specified.
Use one of the following procedures to determine the port settings used by WSUS.
To determine the port settings in IIS 6.0
- On the WSUS server, open Internet Information Services (IIS) Manager.
- Expand Web Sites, right-click the Web site for the WSUS server, and then click Properties. It is recommended that the WSUS custom Web site be used, but the default Web site might have been chosen when WSUS was being installed.
- Click the Web Site tab. The HTTP port setting is displayed in TCP port, and the HTTPS port setting is displayed in SSL port.
To determine the port settings used in IIS 7.0
- On the WSUS server, open Internet Information Services (IIS) Manager.
- Expand Sites, right-click the Web site for the WSUS server, and then click Edit Bindings. It is recommended that the WSUS custom Web site be used, but the default Web site might have been chosen when WSUS was being installed. The port is displayed for each binding.
To configure the firewall for software updates
- Configure the firewall to allow communication for the HTTP and HTTPS ports used by the WSUS server. By default, a WSUS server that is configured for the default Web site uses port 80 for HTTP and port 443 for HTTPS. By default, the WSUS server uses port 8530 for HTTP and port 8531 for HTTPS if it is using the WSUS custom Web site. For more information
Proxy Settings
- If your organization does not allow the ports and protocols used by the WSUS Web site to be open to all addresses, you can restrict access to the following domains so that WSUS and Automatic Updates can communicate with Microsoft Update:
- http://windowsupdate.microsoft.com
- http://*.windowsupdate.microsoft.com
- https://*.windowsupdate.microsoft.com
- http://*.update.microsoft.com
- https://*.update.microsoft.com
- http://*.windowsupdate.com
- http://download.windowsupdate.com
- http://download.microsoft.com
- http://*.download.windowsupdate.com
- http://test.stats.update.microsoft.com
- http://ntservicepack.microsoft.com
sevenitblog.com 