I've recently added some Windows Server 2016 servers to a domain and noticed that inspecting the local Windows Update log is now done by generating it using the following PowerShell cmdlet:
Get-WindowsUpdateLog
The problem is that these servers have all but explicitly required outbound access blocked for security compliance reasons, so no general access out to the Internet. This causes issues when generating the log file with the output on each line reading:
GUID=1234.... (No Format Information found)
I'm aware this is related to access to the Microsoft public symbol server at msdl.microsoft.com/download/symbols, and have allowed this site on both ports 80/443. Browsing to both versions of the site shows a page confirming access is possible but Windows Update log generation still doesn't work.
I know this is web filtering related as disabling the filter altogether allows generation of this file with correct translation.
Unfortunately I don't have direct access to manage the web filtering solution as is managed by a third party so troubleshooting/monitoring this has not been as straight-forward as I'd hope.
Are there any other URLs that this process requires access to that I'm missing?
The URL is behind a CDN:
I recommend you to copy the following folder to another server with internet access: C:\windows\logs\WindowsUpdate
and use
Get-WindowsUpdateLogwith-LogPathparameter.Note that internet access is not required since Windows 10 1709 :