Suppose you’ve got Windows VMs that are hosted in the Microsoft Azure cloud and you have your machines hosted behind an Azure Firewall. In that case, you’ve probably got settings in the Azure firewall to allow access to Windows Update. This is usually done by opening up access using the “Windows Update” tag that’s available in Azure Firewall. However, if you have this rule set up and are blocking Internet traffic to other domain names (which are blocked by default), your Windows update may not be working correctly.
Thankfully, this is an easy fix to get Windows Update working again. Allow access to the domain name ctldl.windowsupdate.com on port 80 (I allowed ports 80 and 443 in case it changes to SSL in the future), and as soon as the firewall rules are saved, Windows Update should start working again.
Denny
