Quantcast
Channel: WSUS not working properly with SSL
Viewing all 110 articles
Browse latest View live

WSUS not working properly with SSL

December 20, 2013, 10:27 am
$
0
0
Biggest thing is make sure you don't already have something using port 80 and 443 or just go with the other port assignment.

WSUS v6.2 (on Server 2012 R2) doesn't use ports 80 and 443, so this would not likely be relevant. (Unless the configuration had been reverted using WSUSUTIL.)

SSL on WSUS v6.2 would be accessed via port 8531.

Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Search

WSUS not working properly with SSL

December 20, 2013, 10:26 am
$
0
0

Has anyone found a solution for this issue?

I am experiencing the excact same thing on a newly installed server 2012R2 server.

Then, like above, I would say that the WSUS Server has not been properly configured as a *SSL CLIENT*.

Did you install the SSL certificate (and root certs) in the proper cert store of the WSUS server?

Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

WSUS not working properly with SSL

December 20, 2013, 3:32 am
$
0
0
Biggest thing is make sure you don't already have something using port 80 and 443 or just go with the other port assignment.

David Jenkins

WSUS not working properly with SSL

December 20, 2013, 1:08 am
$
0
0

Has anyone found a solution for this issue?

I am experiencing the excact same thing on a newly installed server 2012R2 server.

WSUS not working properly with SSL

December 4, 2013, 7:26 am
$
0
0
I have the same issue on Windows 2012 as soon as you setup SSL the MMC fails when on the server.  Connecting remotely works fine.

David Jenkins

WSUS not working properly with SSL

November 19, 2012, 7:40 am
$
0
0

No, the WSUS server itself is not registered in the WSUS as a Client.

Then, as a diagnostic measure, if not as an operational requirement -- I would start by getting the WSUS server's WUAgent to properly register with the WSUS server.

If the WSUS server is configured (via policy) as a WSUS client, and it's not registered, then I can almost guarantee you that these two conditions:

  • WUAgent does not register with SSL-enabled WSUS server.
  • Local MMC cannot establish a connection to SSL-enabled WSUS server.

are caused by exactly the same thing.

If the WSUS server is not configured as a WSUS client, the reason why is yet another conversation to be had, but configuring it as a client, and having it successfully register, detect, and report, will eliminate the client-side of the SSL certificate as a consideration and then we can move on to other more obscure possibilities.

Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

WSUS not working properly with SSL

November 15, 2012, 11:26 pm
$
0
0

Yes, the SSL certificate used by the WSUS IIS (update.organization.com) is installed in the Computer account personal store of the WSUS server.

No, the WSUS server itself is not registered in the WSUS as a Client.

WSUS not working properly with SSL

November 15, 2012, 3:37 pm
$
0
0

Yes, I have.

WSUS settings are controlled through Group Policy, and the WSUS server itself also has this policy applied to it. In regards to certificates, I have used an internal (Microsoft) CA, which is used in conjunction with an Automatic certificate request GPO, so that all Clients have the root CA certificate installed on them, so certificate trust should not be an issue. I can confirm that the SSL (webserver) certificate issued to and used by the WSUS IIS has the internal root CA as root. The internal root CA is also installed in Trusted Root Certification Authorities on both the Computer account, and the User account on the WSUS server.


Please forgive my pedantic nature.. but in scenarios like this, I quite often find the fact assumed is the fact bitten by.

  • You've used an Enterprise CA to create and distribute a root certificate.
  • You created an SSL certificate derived from that root certificate.
  • The root CA is installed in the Trusted Root CA store of the Computer account. (As noted in the cited documentation, the root cert in the User store is meaningless.)

But I don't see anywhere that you have confirmed that the  *SSL* certificate has been installed in the Computer store of the WSUS server -- in the same manner that it has (apparently) been installed on all of the other systems in your network (as evidenced by their ability to establish an SSL connection to WSUS).

Question: Can the Windows Update Agent of the WSUS server successfully detect/report to the WSUS server?

Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

Search

WSUS not working properly with SSL

November 13, 2012, 11:10 pm
$
0
0

Yes, I have.

WSUS settings are controlled through Group Policy, and the WSUS server itself also has this policy applied to it. In regards to certificates, I have used an internal (Microsoft) CA, which is used in conjunction with an Automatic certificate request GPO, so that all Clients have the root CA certificate installed on them, so certificate trust should not be an issue. I can confirm that the SSL (webserver) certificate issued to and used by the WSUS IIS has the internal root CA as root. The internal root CA is also installed in Trusted Root Certification Authorities on both the Computer account, and the User account on the WSUS server.


WSUS not working properly with SSL

November 13, 2012, 3:10 pm
$
0
0

I am able to Connect to the WSUS from Clients (both internally and externally over the Internet) AND I am able to Connect to the WSUS console from another server, but NOT from the WSUS server itself.

So my problem is why/how can't I Connect to WSUS console on the server?

As asked... but not appearing to be answered.... have you performed the Configure SSL on client computers procedure on the WSUS server so that the WSUS server can be a 'client' of itself. 

This procedure is not required just for the WUAgent to be able to talk to an SSL-enabled WSUS server,  but also to allow the MMC to be able to talk to the SSL-enabled server. Inasmuch as you can connect from everywhere else, this seems to be the most logical cause.

Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

WSUS not working properly with SSL

November 12, 2012, 11:00 pm
$
0
0

OK..

To recap this issue a bit..

I am able to Connect to the WSUS from Clients (both internally and externally over the Internet) AND I am able to Connect to the WSUS console from another server, but NOT from the WSUS server itself.

So my problem is why/how can't I Connect to WSUS console on the server?

WSUS not working properly with SSL

November 12, 2012, 3:07 pm
$
0
0

Remove WSUS then reinstall using these guides:

Install WSUS 3.0 on Windows Server 2008 R2

http://www.vkernel.ro/blog/install-wsus-3-0-on-windows-server-2008-r2

Configure WSUS to use SSL

http://www.vkernel.ro/blog/configure-wsus-to-use-ssl

It really is preferred, that when posting in Microsoft forums, that you use links to theMicrosoft official documentation.

http://technet.microsoft.com/en-us/library/dd939849(v=ws.10).aspx

 

Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

WSUS not working properly with SSL

November 12, 2012, 3:05 pm
$
0
0

I did the following steps to try and get it working (without any luck of course):

This is only part of what needs to be done. I'm not sure where this copy-and-paste came from, but the complete procedure can be found in the current WSUS Deployment Guide (July 2011) in the sectionSecure the WSUS 3.0 SP2 Deployment, which contains this (edited for relevancy) follow-up section:

Configure SSL on client computers

When you configure SSL on client computers, you should consider the following issues:

  • You must include a URL for a secure port on the WSUS server. Because you cannot require SSL on the server, the only way to make sure that client computers can use a security channel is by using a URL that specifies HTTPS. If you use any port other than 443 for SSL, you must include that port in the URL also. For example, https://<ssl-servername>specifies a WSUS server that uses port 443 for HTTPS. https://<ssl-servername>:8531 specifies a WSUS server that uses a custom SSL port of 8531. </ssl-servername></ssl-servername>
  • The certificate on a client computer must be imported into the Local Computer Trusted Root CA store or Automatic Update Service Trusted Root CA store. If the certificate is imported to the Local User's Trusted Root CA store only, Automatic Updates will fail server authentication.
  • <ssl-servername><ssl-servername>The client computers must trust the certificate that you bind to the WSUS server. Depending on the type of certificate that is used, you might have to set up a service to enable the client computers to trust the certificate that is bound to the WSUS server. For more information about certificates, see Additional SSL resources.</ssl-servername></ssl-servername>

Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

WSUS not working properly with SSL

November 12, 2012, 2:57 pm
$
0
0
Reinstall WSUS using default site witch is running on port 80.

Something I recently learned.. which I'm still in shock over...

The default installation port for WSUS on Windows Server 2012 is 8530. :-//

Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

WSUS not working properly with SSL

November 12, 2012, 2:54 pm
$
0
0

My problem is that since I configured the WSUS for SSL, I can no longer Access it from the MMC on my WSUS server. 

Did you install the SSL certificate on the WSUS server (as a client)?

Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

Search

WSUS not working properly with SSL

November 12, 2012, 12:58 am

WSUS not working properly with SSL

November 12, 2012, 12:49 am
$
0
0

I am not able to connect  w/o SSL, as I have already done the bindings you are asking about, and also required SSL on some of the directories in IIS (as per the deployment guide).


WSUS not working properly with SSL

November 12, 2012, 12:46 am
$
0
0

I have removed the server and tried to re-add it with it's Public name. I have also checked the SSL Box (using port 8531), but getting the error:

Cannot Connect to 'UPDATE.DOMAIN.COM'. Please make sure the Post-Installation task is completed successfully in that server. If it was, please verify if the server is using another port og different Secure Sockets Layer (SSL) setting.


If you can connect w/o SSL using port 8530, then think you need to add ssl binding in IIS on port 8531

c:\windows\system32\inetsrv\appcmd set site "Default Web Site" /+bindings.[protocol='https',bindingInformation='*:8531:']

WSUS not working properly with SSL

October 23, 2012, 5:18 pm
$
0
0

I have removed the server and tried to re-add it with it's Public name. I have also checked the SSL Box (using port 8531), but getting the error:

Cannot Connect to 'UPDATE.DOMAIN.COM'. Please make sure the Post-Installation task is completed successfully in that server. If it was, please verify if the server is using another port og different Secure Sockets Layer (SSL) setting.


I am having the same problem. Have tried EVERYTHING. I can get SSL working with WSUS on 2008R2 no problem, so I know that to get it to work on server 2012 must require some level of tweaking. Also, once I enable SSL, even after rolling back changes, I cannot access the server anymore via the MMC (gives the error above)

I did the following steps to try and get it working (without any luck of course):

To configure SSL on the WSUS server by using IIS 7.0

  1. On the WSUS server, open Internet Information Services (IIS) Manager.

  2. Expand Sites, and then expand the Web site for the WSUS server. We recommend that you use the WSUS Administration custom Web site, but the default Web site  might have been chosen when WSUS was being installed.

  3. Perform the following steps on the APIRemoting30, ClientWebService,DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService virtual directories that reside under the WSUS Web site.

    1. In Features View, double-click SSL Settings.
    2. On the SSL Settings page, select the Require SSL checkbox. Ensure thatClient certificates is set to Ignore.
    3. In the Actions pane, click Apply.

  4. Close Internet Information Services (IIS) Manager.

  5. Run the following command from <WSUS Installation Folder>\Tools:WSUSUtil.exe configuressl <Intranet FQDN of the software update point site system>.


WSUS not working properly with SSL

October 21, 2012, 11:02 pm
$
0
0

Hello,

The error I get in the WSUS server Application log is: Event ID 12012, The API Remoting Web Service is not working.

Viewing all 110 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>