I have a somewhat confusing WSUS setup I'm trying to configure. Two sites over vpn, the local site works great as a downstream wsus server. I am trying to connect a remote downstream server to this one. It is over a NAT, but some testing with wireshark appears to show that there are no issues with this (the correct IP's get the correct responses). I can get it to connect on port 8530 if the SSL checkbox isn't enabled, but if it is, i receive this error text:
Synchronization Error Details
WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: The handshake failed due to an unexpected packet format.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object parameters)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
I do need SSL to function in this environment so I can't just go forward without it.
Any help is greatly appreciated!
I can get it to connect on port 8530 if the SSL checkbox isn't enabled, but if it is, i receive this error text:
I do need SSL to function in this environment so I can't just go forward without it.Any help is greatly appreciated!
My best suggestion is to start by referring to the product documentation and correctly configure the server to use SSL if that's what you need.
Merely checking the SSL checkbox is not going to produce any functional results at all.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com
I do have the certificates in the appropriate stores, but upon further inspection I'm wondering if the certificate chains are fully query-able in dns for both servers due to the NATing.
I should specify my servers are both server 2008 and server 2008 R2 with wsus 3.0 sp2.
I will go through some more SSL Documentation to make sure I didn't miss something, however note that I do have the first server setup correctly and it is syncing via SSL to it's upstream server.