Why is the Windows Update fail


When the device is used in Trusted NW (ZCC ZIA OFF), Windows Update fails.
However, there is no evidence of blocking in the ZIA logs (Web & FW).
When using UnTrusted NW (ZCC ZIA ON), Windows Update succeeds.
The Trusted NW uses Cisco SD-WAN, but no access control is set for Windows Update.
CiscoRouter and Zscaler are connected via IP-SecVPN.

Could you please tell me why Windows Update failed?

This is happening on all devices and the OS is Windows 10.

Hi, I’m seeing the same issue too. Did you get anywhere in resolving this issue?


I solved it by making the following settings.
■ ZIA portal
Policy-> Advanced Settings-> Authentication Exemptions

Specify the following categories in the “Exempted URL Categories” setting.
・ Operating System and Software Update

that’s all.

For more information, please contact support or Zscaler.


thank you ill give it a shot

1 Like

I would try the AUTH exemptions for the URLs and also look into the BITs traffic at the SD-WAN and IPsec tunnel configurations and make sure it is given full access ------ also BITs for updates can be cumbersome and slow ---- watch for idle timeouts and session drops

You could also use SCCM / Intune / Tanium / Altiris — these will push via configuration the updates off BITs and into 443 downloads much easier to deliver

1 Like