none
The handshake failed due to an unexpected packet format.

    Question

  • I have a somewhat confusing WSUS setup I'm trying to configure.  Two sites over vpn, the local site works great as a downstream wsus server.  I am trying to connect a remote downstream server to this one.  It is over a NAT, but some testing with wireshark appears to show that there are no issues with this (the correct IP's get the correct responses).  I can get it to connect on port 8530 if the SSL checkbox isn't enabled, but if it is, i receive this error text:

    ---------------------------
    Synchronization Error Details
    ---------------------------
    WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: The handshake failed due to an unexpected packet format.

    at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
       at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
       at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
       at Microsoft.UpdateServices.Serve
    ---------------------------
    OK  
    ---------------------------

     

    I do need SSL to function in this environment so I can't just go forward without it.

    Any help is greatly appreciated!

    Monday, March 29, 2010 11:13 PM

Answers

All replies

  • I can get it to connect on port 8530 if the SSL checkbox isn't enabled, but if it is, i receive this error text:

    I do need SSL to function in this environment so I can't just go forward without it.

    Any help is greatly appreciated!


    My best suggestion is to start by referring to the product documentation and correctly configure the server to use SSL if that's what you need.

    Merely checking the SSL checkbox is not going to produce any functional results at all.

    WSUS Deployment Guide - Secure WSUS 3.0 SP2 Deployment


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2010)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Tuesday, March 30, 2010 2:12 AM
    Moderator
  • I do have the certificates in the appropriate stores, but upon further inspection I'm wondering if the certificate chains are fully query-able in dns for both servers due to the NATing.

    I should specify my servers are both server 2008 and server 2008 R2 with wsus 3.0 sp2.

    I will go through some more SSL Documentation to make sure I didn't miss something, however note that I do have the first server setup correctly and it is syncing via SSL to it's upstream server.

    Tuesday, March 30, 2010 6:05 PM
  • The answer to this was simply the fact that my upstream server's IIS config wasn't setup to properly use it's own certificate.
    Tuesday, April 06, 2010 6:12 PM