I have removed the server and tried to re-add it with it's Public name. I have also checked the SSL Box (using port 8531), but getting the error:
Cannot Connect to 'UPDATE.DOMAIN.COM'. Please make sure the Post-Installation task is completed successfully in that server. If it was, please verify if the server is using another port og different Secure Sockets Layer (SSL) setting.
Remove the server from the console then connect again, but this time use the 443 port option from the drop-dwon box.
Adrian Costea - MCP, MCTS, MCSA 2003, MCITP: Windows 7
My Blog: www.vkernel.ro/blog
Hi!
I have configured an "Internet facing" WSUS With Windows Server 2012 and WSUS With SSL. The WSUS is set up With an external FQDN and corresponding SSL (internal CA signed) certificate.
I have changed my WSUS GPO and Clients are able to Connect to the WSUS and get their updates (both on the LAN and over the Internet).
My problem is that since I configured the WSUS for SSL, I can no longer Access it from the MMC on my WSUS server. I also get the error 12012 "The API Remoting Web Service is not working" error in the event log on the server.
I am, however, able to Connect to the WSUS MMC from another server (2008R2) and I am able to manage the server from there, but I would like to be able to do it from the WSUS server itself also.
Thanks,
Robert
Hi,
What is your current situation?My suggestion would be log onto this machine using the account which you start installation.After the installation and reboot,maybe you don't log onto the WSUS server to finish the post-Installation task?Are there any errors
in the eventlog?
If there are nothing else to provide,i suggest you try a reinstallation with the remaining DB,LOG files and update files to see whether you can connect locally.
Regards,
Clarence
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Adrian Costea - MCP, MCTS, MCSA 2003, MCITP: Windows 7
My Blog: www.vkernel.ro/blog
I have removed the server and tried to re-add it with it's Public name. I have also checked the SSL Box (using port 8531), but getting the error:
Cannot Connect to 'UPDATE.DOMAIN.COM'. Please make sure the Post-Installation task is completed successfully in that server. If it was, please verify if the server is using another port og different Secure Sockets Layer (SSL) setting.
I am having the same problem. Have tried EVERYTHING. I can get SSL working with WSUS on 2008R2 no problem, so I know that to get it to work on server 2012 must require some level of tweaking. Also, once I enable SSL, even after rolling back changes, I cannot access the server anymore via the MMC (gives the error above)
I did the following steps to try and get it working (without any luck of course):
On the WSUS server, open Internet Information Services (IIS) Manager.
Expand Sites, and then expand the Web site for the WSUS server. We recommend that you use the WSUS Administration custom Web site, but the default Web site might have been chosen when WSUS was being installed.
Perform the following steps on the APIRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService virtual directories that reside under the WSUS Web site.
Close Internet Information Services (IIS) Manager.
Run the following command from <WSUS Installation Folder>\Tools: WSUSUtil.exe configuressl <Intranet FQDN of the software update point site system>.
Hello,
The error I get in the WSUS server Application log is: Event ID 12012, The API Remoting Web Service is not working.
OK..
To recap this issue a bit..
I am able to Connect to the WSUS from Clients (both internally and externally over the Internet) AND I am able to Connect to the WSUS console from another server, but NOT from the WSUS server itself.
So my problem is why/how can't I Connect to WSUS console on the server?
Remove WSUS then reinstall using these guides:
Install WSUS 3.0 on Windows Server 2008 R2
http://www.vkernel.ro/blog/install-wsus-3-0-on-windows-server-2008-r2
Configure WSUS to use SSL
It really is preferred, that when posting in Microsoft forums, that you use links to theMicrosoft official documentation.
http://technet.microsoft.com/en-us/library/dd939849(v=ws.10).aspx
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
I did the following steps to try and get it working (without any luck of course):
This is only part of what needs to be done. I'm not sure where this copy-and-paste came from, but the complete procedure can be found in the current WSUS Deployment Guide (July 2011) in the sectionSecure the WSUS 3.0 SP2 Deployment, which contains this (edited for relevancy) follow-up section:
Configure SSL on client computers
When you configure SSL on client computers, you should consider the following issues:
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Reinstall WSUS using default site witch is running on port 80.
Something I recently learned.. which I'm still in shock over...
The default installation port for WSUS on Windows Server 2012 is 8530. :-//
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Did you install the SSL certificate on the WSUS server (as a client)?My problem is that since I configured the WSUS for SSL, I can no longer Access it from the MMC on my WSUS server.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Remove WSUS then reinstall using these guides:
Install WSUS 3.0 on Windows Server 2008 R2
http://www.vkernel.ro/blog/install-wsus-3-0-on-windows-server-2008-r2
Configure WSUS to use SSL
http://www.vkernel.ro/blog/configure-wsus-to-use-ssl
Adrian Costea - MCP, MCTS, MCSA 2003, MCITP: Windows 7
My Blog: www.vkernel.ro/blog
I am not able to connect w/o SSL, as I have already done the bindings you are asking about, and also required SSL on some of the directories in IIS (as per the deployment guide).
I have removed the server and tried to re-add it with it's Public name. I have also checked the SSL Box (using port 8531), but getting the error:
Cannot Connect to 'UPDATE.DOMAIN.COM'. Please make sure the Post-Installation task is completed successfully in that server. If it was, please verify if the server is using another port og different Secure Sockets Layer (SSL) setting.
If you can connect w/o SSL using port 8530, then think you need to add ssl binding in IIS on port 8531
c:\windows\system32\inetsrv\appcmd set site "Default Web Site" /+bindings.[protocol='https',bindingInformation='*:8531:']
Yes, I have.
WSUS settings are controlled through Group Policy, and the WSUS server itself also has this policy applied to it. In regards to certificates, I have used an internal (Microsoft) CA, which is used in conjunction with an Automatic certificate request GPO, so that all Clients have the root CA certificate installed on them, so certificate trust should not be an issue. I can confirm that the SSL (webserver) certificate issued to and used by the WSUS IIS has the internal root CA as root. The internal root CA is also installed in Trusted Root Certification Authorities on both the Computer account, and the User account on the WSUS server.
I am able to Connect to the WSUS from Clients (both internally and externally over the Internet) AND I am able to Connect to the WSUS console from another server, but NOT from the WSUS server itself.
So my problem is why/how can't I Connect to WSUS console on the server?
As asked... but not appearing to be answered.... have you performed the Configure SSL on client computers procedure on the WSUS server so that the WSUS server can be a 'client' of itself.
This procedure is not required just for the WUAgent to be able to talk to an SSL-enabled WSUS server, but also to allow the MMC to be able to talk to the SSL-enabled server. Inasmuch as you can connect from everywhere else, this seems to be the most logical cause.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Yes, the SSL certificate used by the WSUS IIS (update.organization.com) is installed in the Computer account personal store of the WSUS server.
No, the WSUS server itself is not registered in the WSUS as a Client.
Yes, I have.
WSUS settings are controlled through Group Policy, and the WSUS server itself also has this policy applied to it. In regards to certificates, I have used an internal (Microsoft) CA, which is used in conjunction with an Automatic certificate request GPO, so that all Clients have the root CA certificate installed on them, so certificate trust should not be an issue. I can confirm that the SSL (webserver) certificate issued to and used by the WSUS IIS has the internal root CA as root. The internal root CA is also installed in Trusted Root Certification Authorities on both the Computer account, and the User account on the WSUS server.
Please forgive my pedantic nature.. but in scenarios like this, I quite often find the fact assumed is the fact bitten by.
But I don't see anywhere that you have confirmed that the *SSL* certificate has been installed in the Computer store of the WSUS server -- in the same manner that it has (apparently) been installed on all of the other systems in your network (as evidenced by their ability to establish an SSL connection to WSUS).
Question: Can the Windows Update Agent of the WSUS server successfully detect/report to the WSUS server?
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin