Windows 10 store not downloading

I've got a Sophos Web Appliance running  v4.2.1.3

I have a test machine running Windows 10 but it's unable to download any updates or new apps.

The SWA is not showing anything blocked or warned just what sites I would site expect to be shown (v10.vortex-win.data.microsoft.com, mobile.pipe.aria.microsoft.com, wns.windows.com, storeedgefd.dsx.mp.microsoft.com etc.)

This is a brand new install of Windows 10.

If I connect the Windows 10 computer to my phone via as a mobile hotspot it downloads everything correctly.

  • In reply to Bianson:

    Does anyone have this working? I've added all the recommended MS sites to the local site list as  globally allowed but neither Windows Store apps or updates will download.

    Rgds

    Will

     

  • In reply to William Bain:

    Do you have https scanning and certificate validation enabled? Some of the torrent servers have been known to use self signed certificates. Thank you.

    Bob

  • In reply to Bianson:

    And you've added microsoft.com as trusted? 

  • In reply to Bianson:

    I've disabled scanning and cert inspection for testing

    I've also noticed that if I point the traffic to our Fortinet proxies or TMGs the downloads work but the updates still fail. 

    Thanks

    Will

     

     

     

  • In reply to Bianson:

    yes I have, and all the other sites recommended in the MS articles

    Rgds

    Will

  • In reply to William Bain:

    Hi Will,

     

    Most of the W10 issues I have seen going through the swa are related to some of MS's back of house servers.   I have found a couple with self signed certificates as well as servers that still use SSLv3 .. The appliance will instantly drop a V3 connection and would only be seen in the logs.

    I recommend that you export the sophos.log file to a syslog server. 

    you will get something like this:

    h=10.99.115.13 u="DOMAIN\\johnsmith" s=200 X=- t=1336666489 T=284453Ts=0 act=1 cat="0x220000002a" app="-" rsn=- threat="-" type="text/html" ctype="text/html"
    sav-ev=4.77 sav-dv=2012.5.10.4770003 uri-dv=- cache=- in=1255 out=26198 meth=GET ref="-" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
    req="GET http://www.google.ca/ HTTP/1.1" dom="google.ca" filetype="-" rule="0" filesize=25815 axtime=0.048193 fttime=0.049360 scantime=0.011 src_cat="0x2f0000002a"
    labs_cat="0x2f0000002a" dcat_prox="-" target_ip="74.125.127.94" labs_rule_id="0" reqtime=0.027 adtime=0.001625 ftbypass=- os=Windows authn=53 auth_by=portal_cache 
    dnstime=0.000197 quotatime=- sandbox=-

    the log definition can be found in the help or online here : http://wsa.sophos.com/docs/wsa/webhelp/index.html#swa/concepts/InterpretingLogFiles.html

    You will need to use a combination of ssllabs and the output of the logs to identify either bad servers or problematic ones. RSN ACT GET will give you more info.

    The last issue you will have is W10 updates use torrents to transfer updates. Byte Range requests are blocked by default, only a site that is set as trusted will allow partial file requests.