none
How do I how to import certificate from downstream WSUS server?

    Question

  • I have one main WSUS server and 4 downstream wsus servers. For various reasons I uninstalled \ reinstalled WSUS on one of the downstream servers and it not longer synchs with the upstream server, although it works fine from the MS update site.

    The error I'm seeing is "Unable to connect to the remote server (etc)" a search of which suggests checking firewalls. Clearly there is not a problem with the upstream server as the other 3 "children" work fine. I can't see any problem with the firewall on the problem server.

    Looking through other documentation I have seen the instruction: "The certificate on downstream WSUS servers has to be imported into either the local computer's Trusted Root CA" but so far I have not seen a link to some instructions to show me how to do this.

    I suspect that it is the lack of the certificate that is causing the problem, can anyone point me to a link which will show me how to import the certificate.

    regards

    Roga

     

    Tuesday, November 01, 2011 9:12 PM

All replies

  • I suspect that the certificate is not the issue, unless you have explicitly enabled Server-to-Server synchronization for your replica synchronization configuration. Since almost nobody does that, you would be an exception, and almost certainly that would have been documented somewhere. Furthermore, the quite you cited has nothing at all to do with server-to-server synchronization but has to do with client registration and detection with the WSS server.

    "Unable to connect to the remote server" is a very generic message and SSL issues are only but one of many possible causes, and quite far down on the list of likely and possible causes.

    More likely it's something much more common -- something that lots of people miss all the time -- like configuring the WinHTTP Proxy Configuration on the replica server so that it can get through (or around) a proxy server and thus communicate with the upstream server.

    Another common mistake is misconfiguring the port number. Is the upstream server on port 80, or port 8530?

    From the browser on the replica server, can you browse to http://UpstreamServerName/iuident.cab or  http://UpstreamServerName:8530/iuident.cab?

    If not, can you resolve the IP Address of the upstream server with nslookup UpstreamServerName at a command prompt on the replica server?

    Have you compared the configuration options for the non-working replica with a working replica and confirmed that they are all identical?


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Tuesday, November 01, 2011 10:01 PM
    Moderator
  • HI Lawrence and thanks for your quick reply

    I suspect that the certificate is not the issue

    Good

    WinHTTP Proxy Configuration

    No proxies involved, BTW communication are via VPN with all servers on 192.168.x.x (each is on a 255.255.255.0 subnet) The upstream server is using port 8530.

    can you browse to http://UpstreamServerName:8530/iuident.cab

    Yes I can

    Have you compared the configuration options for the non-working replica with a working replica and confirmed that they are all identical

    Yes as far as I can, even going as far as to copy and paste the server and port addresses from a working example to the non-working example.

    The only difference between the working and non working replica servers is that the non-working one had a wsus uninstall and then reinstall. (it worked before the uninstall).

    Also there are other services communicating between the 2 servers (DFS) so I don't think that there are basic network errors.

     

     

     

    Tuesday, November 01, 2011 10:22 PM
  • The only difference between the working and non working replica servers is that the non-working one had a wsus uninstall and then reinstall. (it worked before the uninstall).

    Also there are other services communicating between the 2 servers (DFS) so I don't think that there are basic network errors.

    This would strongly suggest that something is set incorrectly in the WSUS configuration options of the new replica server.

    • What is being logged in the logfile at %ProgramFiles%\Update Services\logfiles\SoftwareDistribution.log?
    • Also, are there any relevant entries in the Application Event Log of the new replica server?
    • What other services/applications (besides DFS and WSUS) are installed on this new replica server?

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Wednesday, November 02, 2011 2:52 PM
    Moderator
  • What other services/applications (besides DFS and WSUS) are installed on this new replica server

    The poor thing is a single server in a branch office as so is a DC (DHCP,DNS), Fileserver, Anti-virus server for eset.

    I am aware that WSUS on DC is sub-optimal, but we have 3 other machines with same roles, and they are all OK.

    Also, are there any relevant entries in the Application Event Log of the new replica server?
    Not much:
    Log Name:      Application
    Source:        Windows Server Update Services
    Date:          01/11/2011 20:31:19
    Event ID:      10022
    Task Category: 7
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      xxx.domain.dom
    Description:
    The last catalog synchronization attempt was unsuccessful.
    

    (But I think you could have guessed the above)

    What is being logged in the logfile at %ProgramFiles%\Update Services\logfiles\SoftwareDistribution.log

    Have renamed old file, and forced a "broken" re-synch

    2011-11-03 10:32:47.593 UTC	Info	w3wp.11	ThreadEntry	PipelineRuntime.ProcessRequestNotification
    2011-11-03 10:32:47.609 UTC	Info	w3wp.11	DBConnection.OnReceivingInfoMessage	spSetConfiguration - SyncToMU or UpstreamServerName config value changed - no reset
    2011-11-03 10:32:47.624 UTC	Change	w3wp.11	AdminDataAccess.ExecuteSPSetConfiguration	WSUS configuration has been changed
    2011-11-03 10:32:48.467 UTC	Info	w3wp.25	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:32:48.467 UTC	Info	w3wp.23	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:32:48.482 UTC	Info	w3wp.23	ChangeNotificationDispatcher.InternalEventHandler	Get event ConfigurationChange from dispatchmanager
    2011-11-03 10:32:48.482 UTC	Info	w3wp.24	Client.OnConfigurationChange	Creating a new ClientImplementation because the DB configuration changed
    2011-11-03 10:32:48.482 UTC	Info	w3wp.24	ClientImplementation..ctor	Initializing ClientWebService ProcessID = 5476, Process Start Time = 03/11/2011 02:54:02, Product Version = 3.2.7600.226
    2011-11-03 10:32:50.916 UTC	Info	w3wp.14	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:32:50.916 UTC	Info	w3wp.6	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:32:50.916 UTC	Info	w3wp.13	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:32:50.931 UTC	Info	w3wp.22	ThreadEntry	ThreadHelper.ThreadStart
    2011-11-03 10:32:50.931 UTC	Info	w3wp.22	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:32:50.947 UTC	Info	w3wp.27	ThreadEntry	ThreadHelper.ThreadStart
    2011-11-03 10:32:50.947 UTC	Info	w3wp.28	ThreadEntry	ThreadHelper.ThreadStart
    2011-11-03 10:32:50.947 UTC	Info	w3wp.27	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:32:50.947 UTC	Info	w3wp.28	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:32:50.947 UTC	Info	w3wp.12	SusEventDispatcher.RegisterEventHandler	RegisterEventHandler called for NotificationEventName: ConfigurationChange
    2011-11-03 10:32:50.947 UTC	Info	w3wp.27	RevisionIdCacheChangeNotificationDispatcher.InternalEventHandler	Get event ConfigurationChange from dispatchmanager
    2011-11-03 10:32:51.602 UTC	Info	WsusService.7	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:32:51.602 UTC	Info	WsusService.13	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:32:54.582 UTC	Warning	w3wp.11	SoapUtilities.CreateException	ThrowException: actor = http://sat04.swllc.local/ReportingWebService/ReportingWebService.asmx, ID=629104e1-8160-4423-80ab-63eaee5c9a95, ErrorCode=ConfigChanged, Message=, Client=2be51b6a-3d25-453d-88ee-c7ca82f95fb5
    2011-11-03 10:32:54.582 UTC	Error	w3wp.11	WebService.ReportEventBatch	Exception occured in ReportEventBatch: Fault occurred
       at Microsoft.UpdateServices.Internal.Reporting.WebService.ReportEventBatch(Cookie cookie, DateTime clientTime, ReportingEvent[] eventBatch)
       at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
       at System.Web.Services.Protocols.LogicalMethodInfo.Invoke(Object target, Object[] values)
       at System.Web.Services.Protocols.WebServiceHandler.Invoke()
       at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()
       at System.Web.Services.Protocols.SyncSessionlessHandler.ProcessRequest(HttpContext context)
       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
       at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
       at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
       at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
       at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
       at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
       at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
       at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr managedHttpContext, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
    2011-11-03 10:33:02.382 UTC	Info	w3wp.16	ThreadEntry	PipelineRuntime.ProcessRequestNotification
    2011-11-03 10:33:02.382 UTC	Change	w3wp.16	AdminDataAccess.StartSubscriptionManually	Synchronization manually started
    2011-11-03 10:33:03.521 UTC	Info	w3wp.25	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:33:03.536 UTC	Info	w3wp.29	ThreadEntry	ThreadHelper.ThreadStart
    2011-11-03 10:33:03.536 UTC	Info	w3wp.29	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:33:03.536 UTC	Info	w3wp.29	ChangeNotificationDispatcher.InternalEventHandler	Get event ConfigurationChange from dispatchmanager
    2011-11-03 10:33:03.536 UTC	Info	w3wp.24	Client.OnConfigurationChange	Creating a new ClientImplementation because the DB configuration changed
    2011-11-03 10:33:03.536 UTC	Info	w3wp.24	ClientImplementation..ctor	Initializing ClientWebService ProcessID = 5476, Process Start Time = 03/11/2011 02:54:02, Product Version = 3.2.7600.226
    2011-11-03 10:33:05.986 UTC	Info	w3wp.14	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:33:05.986 UTC	Info	w3wp.13	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:33:05.986 UTC	Info	w3wp.6	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:33:05.986 UTC	Info	w3wp.32	ThreadEntry	ThreadHelper.ThreadStart
    2011-11-03 10:33:05.986 UTC	Info	w3wp.32	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:33:05.986 UTC	Info	w3wp.32	RevisionIdCacheChangeNotificationDispatcher.InternalEventHandler	Get event ConfigurationChange from dispatchmanager
    2011-11-03 10:33:06.001 UTC	Info	w3wp.30	ThreadEntry	ThreadHelper.ThreadStart
    2011-11-03 10:33:06.001 UTC	Info	w3wp.30	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:33:06.001 UTC	Info	w3wp.31	ThreadEntry	ThreadHelper.ThreadStart
    2011-11-03 10:33:06.001 UTC	Info	w3wp.31	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:33:06.001 UTC	Info	w3wp.12	SusEventDispatcher.RegisterEventHandler	RegisterEventHandler called for NotificationEventName: ConfigurationChange
    2011-11-03 10:33:06.734 UTC	Info	WsusService.7	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: CatalogSyncAgent, EventInfo: 
    2011-11-03 10:33:06.750 UTC	Info	WsusService.23	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: CatalogSyncAgent
    2011-11-03 10:33:06.750 UTC	Info	WsusService.7	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2011-11-03 10:33:06.766 UTC	Info	WsusService.19	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2011-11-03 10:33:06.766 UTC	Info	WsusService.16	EventLogEventReporter.ReportEvent	EventId=382,Type=Information,Category=Synchronization,Message=A manual synchronization was started.
    2011-11-03 10:33:06.797 UTC	Info	WsusService.16	CatalogSyncAgentCore.ExecuteSyncProtocol	Server ID is 25d5bf25-a4cb-4560-a313-df9875969d79
    2011-11-03 10:33:27.842 UTC	Warning	WsusService.16	WebServiceCommunicationHelper.ProcessWebServiceProxyException	ProcessWebServiceProxyException found Exception was WebException. Action: Retry. Exception Details: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.80.8:8350
       at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
       at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
       at System.Net.HttpWebRequest.GetRequestStream()
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
    2011-11-03 10:33:36.032 UTC	Info	w3wp.16	ThreadEntry	_TimerCallback.PerformTimerCallback
    2011-11-03 10:33:36.032 UTC	Info	w3wp.16	ServerImplementation.UpdateCache	Database change occured; check if we need to update cache.
    2011-11-03 10:33:48.871 UTC	Warning	WsusService.16	WebServiceCommunicationHelper.ProcessWebServiceProxyException	ProcessWebServiceProxyException found Exception was WebException. Action: Retry. Exception Details: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.80.8:8350
       at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
       at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
       at System.Net.HttpWebRequest.GetRequestStream()
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
    2011-11-03 10:34:06.748 UTC	Info	w3wp.5	ThreadEntry	PipelineRuntime.ProcessRequestNotification
    2011-11-03 10:34:06.748 UTC	Warning	w3wp.5	SoapUtilities.CreateException	ThrowException: actor = http://sat04.swllc.local/ClientWebService/client.asmx, ID=ce401473-8a0d-46e5-8063-cdf6f716eca9, ErrorCode=ConfigChanged, Message=, Client=d7ab09fb-c8a8-45a5-9c60-59473dce73d3
    2011-11-03 10:34:09.884 UTC	Warning	WsusService.16	WebServiceCommunicationHelper.ProcessWebServiceProxyException	ProcessWebServiceProxyException found Exception was WebException. Action: Retry. Exception Details: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.80.8:8350
       at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
       at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
       at System.Net.HttpWebRequest.GetRequestStream()
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
    2011-11-03 10:34:30.913 UTC	Error	WsusService.16	WebServiceCommunicationHelper.ProcessWebServiceProxyException	ProcessWebServiceProxyException found Exception was WebException but Retry Limit Exceeded. Action: No Retry, Fail. Exception Details: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.80.8:8350
       at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
       at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
       at System.Net.HttpWebRequest.GetRequestStream()
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
       at Microsoft.UpdateServices.Internal.WebServiceCommunicationHelper.ProcessWebServiceProxyException(SoapHttpClientProtocol& webServiceObject, Exception exceptionInfo)
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.CatalogSyncThreadProcess()
       at System.Threading.ExecutionContext.runTryCode(Object userData)
       at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
    2011-11-03 10:34:30.913 UTC	Error	WsusService.16	CatalogSyncAgentCore.ExecuteSyncProtocol	System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.80.8:8350
       at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
       at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
       at System.Net.HttpWebRequest.GetRequestStream()
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.CatalogSyncThreadProcess()
       at System.Threading.ExecutionContext.runTryCode(Object userData)
       at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
    2011-11-03 10:34:30.913 UTC	Info	WsusService.16	CatalogSyncAgentCore.UpdateSyncResultAndGenerateReportingEvent	CatalogSyncThreadProcess: report subscription USS communication error
    2011-11-03 10:34:30.913 UTC	Info	WsusService.16	EventLogEventReporter.ReportEvent	EventId=386,Type=Error,Category=Synchronization,Message=Synchronization failed. Reason: Unable to connect to the remote server.
    2011-11-03 10:34:30.929 UTC	Info	WsusService.18	CatalogSyncAgent.WaitUntilSyncFinishedOrCancelled	Agent signalled done.
    2011-11-03 10:34:30.944 UTC	Info	WsusService.18	CatalogSyncAgent.SetSubscriptionStateWithRetry	Firing event SyncFailToStart...
    2011-11-03 10:34:30.944 UTC	Info	WsusService.18	CatalogSyncAgent.WakeUpWorkerThreadProc	Found no more jobs. CatalogSyncAgent quits but will run rollup before terminating ...
    2011-11-03 10:34:30.960 UTC	Info	WsusService.18	CatalogSyncAgent.UpdateServerHealthStatusBasedOnError	ServerHealth: Updating Server Health for Component: CatalogSyncAgent, Marking as Not Running
    2011-11-03 10:34:32.411 UTC	Info	WsusService.7	SusEventDispatcher.TriggerEvent	TriggerEvent called for NotificationEventName: RollupAgent, EventInfo: 
    2011-11-03 10:34:32.411 UTC	Info	WsusService.13	SusEventDispatcher.DispatchManagerWorkerThreadProc	DispatchManager Worker Thread Processing NotificationEvent: RollupAgent 
    
    

     

    Thursday, November 03, 2011 10:37 AM
  • 2011-11-03 10:33:27.842 UTC Warning WsusService.16 WebServiceCommunicationHelper.ProcessWebServiceProxyException ProcessWebServiceProxyException found Exception was WebException. Action: Retry. Exception Details: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.80.8:8350

    Looks like either the upstream server is not answering the call, or something is blocking the connection attempt.

    Does that replica server have a firewall enabled? Did you create an egress rule to allow outbound connections on port  8530?


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com

    Thursday, November 03, 2011 4:04 PM
    Moderator
  • Does that replica server have a firewall enabled? Did you create an egress rule to allow outbound connections on port 8530

    The only firewall is the windows firewall. I just switched it off to try to see if that would make any difference and it hasn't. The upstream server is syncing with 3 other downstream replica servers so I don't think it is a firewall issue on that server.

    This is to some extent why the problem is difficult to solve, it does connect to: http://UpstreamServerName:8530/iuident.cab, the server address and port number has been copied and pasted from other working replicas and in general there is no network connection problem between the 2 servers.

    Any other ideas?

     

     

     

     

     

    Thursday, November 03, 2011 5:38 PM
  • The only firewall is the windows firewall. I just switched it off to try to see if that would make any difference and it hasn't.
    Switching the firewall off, (depending on how you switched it off), may not eliminate the issue, But since the Windows Firewall is enabled, my original question is still relevant: Does the Windows Firewall have an Outbound Rule allowing traffic for HTTP on port 8530?
    This is to some extent why the problem is difficult to solve, it does connect to: http://UpstreamServerName:8530/iuident.cab, the server address and port number has been copied and pasted from other working replicas and in general there is no network connection problem between the 2 servers.

    Any other ideas?

    Do not make the mistake of assuming that just because you can get to the server via IE (or other applications that use non-HTTP protocols), that everything else is copasetic on the replica server.

    Being able to browse to the iuident.cab file only tells us that the upstream server and network are copasetic; it gives us no conclusive information about the replica server.

    The WSUS services (and WUAgent) use WinHTTP to communicate with external resources. IE does not. When IE works and WSUS/WUAgent do not, almost always this is traceable to defects in the WinHTTP configuration on that system.

    • If this downstream server is Windows Server 2003, run the command proxycfg to display the WinHTTP proxy configuration for this system.
    • If this downstream server is Wndows Server 2008, run the command netsh winhttp show proxy to display the WinHTTP proxy configuration for this system.

    Compare these results to the output from one or more of the other three systems.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Thursday, November 03, 2011 9:11 PM
    Moderator
  • The downstream replica servers are 2008r2, the upstream is 2008 SP2

    netsh winhttp show proxy

    result for both working and non-working is:

    Current WinHTTP proxy settings:
    
        Direct access (no proxy server).
    

     

    Thursday, November 03, 2011 9:42 PM