Jan 06 2022 10:01 PM
Hi,
Is there an easy way to verify internet endpoint connectivity. I come across this regularly where a product documents that I need to verify internet endpoint connectivity to various url's and ports.
For example, for windows update: -
this page
https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting
has this entry -
Ensure that devices can reach necessary Windows Update endpoints through the firewall. For example, for Windows 10, version 2004, the following protocols must be able to reach these respective endpoints:
Protocol Endpoint URL
TLS 1.2 *.prod.do.dsp.mp.microsoft.com
HTTP emdl.ws.microsoft.com
HTTP *.dl.delivery.mp.microsoft.com
HTTP *.windowsupdate.com
HTTPS *.delivery.mp.microsoft.com
TLS 1.2 *.update.microsoft.com
TLS 1.2 tsfe.trafficshaping.dsp.mp.microsoft.com
How do I test that. obviously using ICMP is no test for verifying http, https or TLS connectivity. What is the process?
I haven't found anything powershell to do it as everything seems to rely on ping.
i figure for the standard addresses, I could do something like this for http
Telnet address1.microsoft.com 80
but I figure Telnet is old school, there should be something newer around these days and also
I'm sure there are hundreds of tech support people out there doing this currently, somebody should be able to point me in the right direction.
Jan 07 2022 06:51 AM
Jan 10 2022 04:14 PM
Jan 11 2022 07:35 AM
@PaulKlerkx you may tracert command which it will show connectivity traces to the client , so the ping only shows if the connection is available but the tracert showing the route to the device. Take a look at tracert | Microsoft Docs.
In the Configuration Manager , you may check the Assets and Compliance to see the connectivity status of your device, take a look at Monitor clients - Configuration Manager | Microsoft Docs.
Jan 11 2022 07:27 PM
Jan 12 2022 07:54 AM
Jul 19 2023 03:23 AM
@PaulKlerkx Hi... I am looking at deploying AutoPatch and am running through the pre-requisites and have the same question... Did you find a method to test connectivity to these endpoint URL's?
Jul 19 2023 06:36 PM
@ShepEd Hi, Sorry no, I wasn't able to find any way of testing this. When Companies say "Ensure that devices can reach necessary endpoints through the firewall. "; and give you protocols or wildcard addresses, that does not seem to be possible as far as I can tell. The only thing I found useful is to send these details to the managers of each of our Firewalls if there is a problem and hope they can find something. What I also found with our firewalls is often traffic is blocked outside the rules inside the firewall and is within configuration of the firewalls so isn't logged which makes that process hit and miss too, so one firewall manager could verify the traffic passed through their firewall, then the next firewall has no record of it ever arriving. If you discover anything, I'd love to know. good luck.