decrypt-cert-validation while performing windows update

Reply
L1 Bithead

decrypt-cert-validation while performing windows update

Hey Guys ... I am doing a normal Windows Update and i am getting error.

While analysing the application type is ms-update and reason for session end is decrypt-cert-validation.

 

Appreciate if you guys can support.

L3 Networker

Re: decrypt-cert-validation while performing windows update

L7 Applicator

Re: decrypt-cert-validation while performing windows update

Hello,

Dont decrypt Microsoft updates. We have a no decrypt policy just for it.

 

Regards,

L4 Transporter

Re: decrypt-cert-validation while performing windows update

@Otakar.Klier 

 

What does that no decrypt policy look like?   You can't do no decrypt by application right? Thinking you have a destination list, or list of URL's you are triggering the no decrypt on?

L7 Applicator

Re: decrypt-cert-validation while performing windows update

Hello,

Sorry for not clarifying earlier. A no decrypt policy is just a decryption policy with the action set to 'no-decrypt'. We use this for URL's and URL categories.

image.png

image.png

 

Regards,

L4 Transporter

Re: decrypt-cert-validation while performing windows update

Did you add those directly to your No decrypt policy, or where is that list getting populated from?  - Just asking in reference to where the actual second screenshot resides on your firewall.  Thank you for the quick reply!

L7 Applicator

Re: decrypt-cert-validation while performing windows update

Hello, 

Its a list we came up with when googling. Here is one just for wsus:

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy...

 

https://kc.mcafee.com/corporate/index?page=content&id=KB88947&actp=null&viewlocale=en_US&showDraft=f...

 

 

 

The main issue we face at times is taht the update will fail since the firewall is blocking something. This is mainly due to the backend IP's and DNS changing at a faster rate than the PAN does. Not a knock against PAN, its just the backend MS Updates change and are not all documented.

 

Regards,

 

L1 Bithead

Re: decrypt-cert-validation while performing windows update

Greetings ... 

Thanks a lot for your inputs and suggestions.

I followed your screenshot and added all URL's but i am still not able to update windows.

I am also sharing my Decryption Profile screenshot.

Decryp.jpg

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!