Jump to content


StueyT

SUP - Sync issue

Recommended Posts

Hi all,

I have a SCCM SUP installed which hasn't been able to download updates for 1-2 months now, with it working fine prior to that. The error is seemingly certificate based, and I'm guessing that's with trying to connect to https://download.windowsupdate.com. I've checked our proxy and we have the certificates that are needed for all URLs that it tries to connect to, however if I browse to the above address I get a 'Mismatched address' warning in IE as the certificate presented by it is actually one issued to the URL a248.e.akamai.net. I'm guessing this is where the failure is happening. I've included the error in full below. Any ideas on a workaround? Were there any patches that I may need to apply to the SCCM server to fix this or point to another WU location on the internet? I've already disabled the certificate mismatch warning GPO and also added that url to trust sites and that's not helped. In addition, I built a new WSUS box from scratch to test this issue and the error has also occured there too...

 

 

Heres the Sync Mgr log from SCCM

 

Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS
SMS_WSUS_SYNC_MANAGER 19/02/2013 12:48:19
6276 (0x1884)
STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=OURSERVER.OURDOMAIN.COM SITE=XXX PID=4336 TID=6276 GMTDATE=Tue Feb 19 12:48:19.977 2013 ISTR0="Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS" ISTR1="UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER
19/02/2013 12:48:19 6276 (0x1884)

Share this post


Link to post
Share on other sites

Found a workaround for ours. I've got the proxy to act as a 'middleman', so essentially it acts as/impersonates the CA for download.windowsupdate.com for this connection, bypassing the akamai cert mismatch. Our SCCM's SSL connection is with our proxy server, and ou proxy is the one to have the SSL connection with download.windowsupdate.com.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...