Jump to content


MagnumVP

Software Update Fails After Requiring SSL 8531

Recommended Posts

Client logs show: 0x800b0109

I have done all the standard checking for this error and nothing seems to resolve it. I'm allowing Third Party certs via GPO to all clients but they just won't scan. I exported the cert from the server and imported it on the client (which actually shows two in both locations because SCCM client put there there for me).  All the logs indicate that it occurred last Wed the 22nd. This corresponds to the time I enabled 3rd Party Software Updates which generates a new SSL Cert. I have checked the client certs and the Self-Signed WSUS created by the the thurd party enable is in both locations.

What should the IIS "WSUS Administration" Server use for Bindings to port 8351?

Where else can I look to make sure I'm using the correct cert?

Failed.png

GPO.png

Software.JPG.0b87376a9c7163049e9fc3202c2d0b46.JPG

One other interesting note I have noticed.  In the client when I navigate to https://wsusserver.domain.com:8531/ClientWebService/client.asmx I receive a certificate error.  

The "WSUS Administration" site on the WSUS Server (SCCM) is set to our companies Universal SSL Certificate.However, from the client when I navigate to the https site it's pulling the Server SQL Cert that expires in 100 years.

On the client if I view the cert in the browser and install it under the "Trusted Root Certification Authorities" the client scans successfully. 

So my questions is, why does the Binding on the WSUS Administration site not flow down into the ClientWebService?

IIS.png.46cb0154c5ce38078bd104ce5aa60883.png

ClientError.png.463d4fbd156bdcdbcad2da7a119d3f20.png

Certs.thumb.png.ad2eec37a5491634edfba30f3e771795.png

Share this post


Link to post
Share on other sites

I was able to get it resolved.   

Rebooting the server didn't help......  IISRESET was the key.  It pushed the bindings down through all the areas needed.

Now client can scan server successfully.

Thank you everything for listening to me talk this out loud and work through it.

GoodClient.thumb.png.454e9881197b882a4b9482f7f4cfe7c9.png

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.