Forum Discussion
How do I verify network endpoint connectivity.
Hi,
Is there an easy way to verify internet endpoint connectivity. I come across this regularly where a product documents that I need to verify internet endpoint connectivity to various url's and ports.
For example, for windows update: -
this page
https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting
has this entry -
Ensure that devices can reach necessary Windows Update endpoints through the firewall. For example, for Windows 10, version 2004, the following protocols must be able to reach these respective endpoints:
Protocol Endpoint URL
TLS 1.2 *.prod.do.dsp.mp.microsoft.com
HTTP emdl.ws.microsoft.com
HTTP *.dl.delivery.mp.microsoft.com
HTTP *.windowsupdate.com
HTTPS *.delivery.mp.microsoft.com
TLS 1.2 *.update.microsoft.com
TLS 1.2 tsfe.trafficshaping.dsp.mp.microsoft.com
How do I test that. obviously using ICMP is no test for verifying http, https or TLS connectivity. What is the process?
I haven't found anything powershell to do it as everything seems to rely on ping.
i figure for the standard addresses, I could do something like this for http
Telnet address1.microsoft.com 80
but I figure Telnet is old school, there should be something newer around these days and also
- how do I test the entries with * on the front of the name
- how do I test TLS 1.2
I'm sure there are hundreds of tech support people out there doing this currently, somebody should be able to point me in the right direction.
7 Replies
PaulKlerkx Hi... I am looking at deploying AutoPatch and am running through the pre-requisites and have the same question... Did you find a method to test connectivity to these endpoint URL's?
ShepEd Hi, Sorry no, I wasn't able to find any way of testing this. When Companies say "Ensure that devices can reach necessary endpoints through the firewall. "; and give you protocols or wildcard addresses, that does not seem to be possible as far as I can tell. The only thing I found useful is to send these details to the managers of each of our Firewalls if there is a problem and hope they can find something. What I also found with our firewalls is often traffic is blocked outside the rules inside the firewall and is within configuration of the firewalls so isn't logged which makes that process hit and miss too, so one firewall manager could verify the traffic passed through their firewall, then the next firewall has no record of it ever arriving. If you discover anything, I'd love to know. good luck.
- Normally we recommend you to use WSUS or other Windows Update Management tools and when you deploy update , they will report back of status of the update and if a client is not reachable or update didn't installed, it will show it in diagram and report. This way, you don't need to perform manual check but you just look into report to see what cause the failure and you may investigate only affected clients.
- Reza_Ameri thanks for your response.
My question was more generic and windows update was just one example. We use MECM (with WSUS)
I guess it comes back to - something is wrong, how do i verify connectivity to the required sites as part of your comment "investigate only affected clients".
I have had the requirement for Cloud management gateway and various M365/azure products previously and would like to know how to verify the sites as part of my pre-deployment checks to be sure everything is going to work before I deploy something.
Background : -
The reason I mentioned the windows update sites is because I was investigating the use of Dism repair options which defaults to windows update as the source and we have Group policy in place to enforce that but I regularly see "source not found" messages when running Dism repairs and I'd rather use Windows update rather than constantly maintain offline source images.PaulKlerkx you may tracert command which it will show connectivity traces to the client , so the ping only shows if the connection is available but the tracert showing the route to the device. Take a look at tracert | Microsoft Docs.
In the Configuration Manager , you may check the Assets and Compliance to see the connectivity status of your device, take a look at Monitor clients - Configuration Manager | Microsoft Docs.
