none
W7x64 clients unable to contact 2008 R2 downstream WSUS 3.2 server

    Question

  • I have been working on implementing WSUS 3.2 using SSL for the past two months, and am perilously close to going live with it.  I have clients connecting to my upstream server just fine.  I have created two downstream servers, configured as replicas, but my test clients are unable to check into either downstream server.  All of my servers are 2008 R2.

    I have no errors in the event logs of either server, save for the warning that says no clients have checked in.  I have mimicked all security and configuration settings from the upstream server on the downstream ones to the best of my ability.  The GPOs are the same, save for the server addresses.  Registry settings are being set correctly on the clients.  If I go to http://downstreamserver.domain.tld/selfupdate/wuident.cab, I am prompted to open or save the file.  The same goes for http://downstreamserver.domain.tld:8530/selfupdate/wuident.cab.  The problem comes from trying to communicate over SSL, apparently.

    As these are 64-bit clients, I used the Solar Winds diagnostic tool and I get ConnectFailure for:

    clientwebservice/client.asmx

    simpleauthwebservice/simmpleauth.asmx

    content

    selfupdate/iuident.cab

    iuident.cab

    Again, I have triple checked that all of the NTFS permissions on the Program Files\Update Services folders match those set on the working upstream server.  I installed KB2720211 and KB2734608 on both servers.  I even removed the WSUS and IIS roles on one of the servers, as I've seen forum posts, both here and elsewhere, say that reinstalling 'magically' resolved the issue.

    I've tried everything I could find pertaining to this issue, and nothing has seemed to help.  I'm getting 80072ee2 in my client's WindowsUpdate.log.  Please, O great and wise Internets, please save me from bashing my skull against this brick wall any further and guide me to the path of enlightenment!

    Friday, January 31, 2014 11:20 PM

Answers

  • Hi,

    First, confirm your DNS works fine. The downstream server name can be resolved correctly.

    Check your firewall rules, make sure traffic is allowed.

    You can also try the solution provided in the following blog:

    http://blog.ronnypot.nl/?p=310

    Hope this helps.

    • Marked as answer by Drew JM Monday, February 03, 2014 5:14 PM
    Monday, February 03, 2014 7:31 AM

All replies

  • Hi,

    First, confirm your DNS works fine. The downstream server name can be resolved correctly.

    Check your firewall rules, make sure traffic is allowed.

    You can also try the solution provided in the following blog:

    http://blog.ronnypot.nl/?p=310

    Hope this helps.

    • Marked as answer by Drew JM Monday, February 03, 2014 5:14 PM
    Monday, February 03, 2014 7:31 AM
  • Great $dieties.  THANK YOU.

    The firewall was the issue.  I assumed that the exceptions would have been created automatically.  They were, but only the non-SSL rule was enabled, the SSL one was not.  Once I enabled it my test clients connected wonderfully.

    You've saved me from completely rebuilding this server!

    Monday, February 03, 2014 5:16 PM