Zscaler blocks windows update

Hello i’m new in the community , so maybe this potentially could be an easy-to-solve problem.
I notice that in our environment (we use azure-intune) Zscaler client connector is blocking windows update.
Turning off the client connector infact everything works.
I was checking in the Zia Management console (the whole configuration was done of course not by me…) adding a rule in URL & Cloud App Control for Operating System and Software Updates and also SSL Inspection off , but is not working: still Windows updates are blocked.
Any suggestion will be really appreciate!

Interesting, there are a few topics on this, not sure if any of them might be of assistance.

There is also this post that discusses Strict Enforcement also raising some issues

Thanks Ben, unfortunately any of your suggestions were helpful for resolving the issue.
The only way to perform the windows update on any single machine in our environment is to turn off the Zscaler client connector.
With Zscaler on i receive always the message : We couldn’t connect to the update service. We’ll try again later, or you can check now. If it still doesn’t work, make sure you’re connected to the Internet.

On the insight logs i see every time i lunch the windows update - fe2cr.update.microsoft.com → Access denied due to bad server certificate
Do you have any thoughts @Ben_Garrison ?

Thank you!

Hi,
Have you tried bypassing SSL inspection + allowing untrusted cert

^ Step 5.

Good afternoon Sanaa, unfortunately i have tried this already (and double checked again after your suggestion) but still no luck…

Antonio,

if you added all proper URLs mentioned e.g. here to SSL exemptions you can also check if your Zscaler configuration blocked/cautioned download of executables. You can check for these in Web Insights log and filtering for “allowed with caution” (see also Web Action in Insight Logs).

BR
Manuel

2 Likes

Hey Manuel ,
I came to your conclusion about an hour ago and in fact after doing a test with some users I saw that it works!

Thanks to all
:slight_smile:

2 Likes

They @Antonino, glad to hear things are working out. If you wouldn’t mind marking the best answer as the proper solution that would be great!

Thanks!