Jump to content




Sign in to follow this  
StueyT

SUP - Sync issue



Recommended Posts

Hi all,

I have a SCCM SUP installed which hasn't been able to download updates for 1-2 months now, with it working fine prior to that. The error is seemingly certificate based, and I'm guessing that's with trying to connect to https://download.windowsupdate.com. I've checked our proxy and we have the certificates that are needed for all URLs that it tries to connect to, however if I browse to the above address I get a 'Mismatched address' warning in IE as the certificate presented by it is actually one issued to the URL a248.e.akamai.net. I'm guessing this is where the failure is happening. I've included the error in full below. Any ideas on a workaround? Were there any patches that I may need to apply to the SCCM server to fix this or point to another WU location on the internet? I've already disabled the certificate mismatch warning GPO and also added that url to trust sites and that's not helped. In addition, I built a new WSUS box from scratch to test this issue and the error has also occured there too...

 

 

Heres the Sync Mgr log from SCCM

 

Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS
SMS_WSUS_SYNC_MANAGER 19/02/2013 12:48:19
6276 (0x1884)
STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=OURSERVER.OURDOMAIN.COM SITE=XXX PID=4336 TID=6276 GMTDATE=Tue Feb 19 12:48:19.977 2013 ISTR0="Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS" ISTR1="UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER
19/02/2013 12:48:19 6276 (0x1884)

Share this post


Link to post
Share on other sites


Found a workaround for ours. I've got the proxy to act as a 'middleman', so essentially it acts as/impersonates the CA for download.windowsupdate.com for this connection, bypassing the akamai cert mismatch. Our SCCM's SSL connection is with our proxy server, and ou proxy is the one to have the SSL connection with download.windowsupdate.com.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×