WSUS unable to synchronize with Microsoft Update Service. Error: remote certificate is invalid according to the validation procedure RRS feed

  • Question

  • Running WSUS 3 off Windows 2008. After 6 Feb, synchronizations with Microsoft failed.

    Checking the error, it's reported that a HTTP error occurred.

    Details reports the following:

    WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
    at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
       at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
       at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
       at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
       at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
       at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
       at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
       at Microsoft.UpdateServices.Serve

    Checked our firewalls and traffic is flowing through with no issues. Seems like a certificate problem. Tested and able to reach update.microsoft.com through https. Any way to perform deeper troubleshooting?

    Tuesday, February 28, 2017 8:33 AM

All replies

  • Hi tanchankai,

    1. What is the version of the WSUS server? If it's not the latest version of WSUS 3.0 SP2, please install the following KB to upgrade the WSUS server, if you want to upgrade to .274, just install KB2938066.

    WSUS 3.0 (SP2): Build 3.2.7600.226
    WSUS 3.0 (SP2) + KB2720211: Build 3.2.7600.251
    WSUS 3.0 (SP2) + KB2734608: Build 3.2.7600.256
    WSUS 3.0 (SP2) + KB2828185: Build 3.2.7600.262
    WSUS 3.0 (SP2) + KB2938066: Build 3.2.7600.274

    2. Besides, it's recommended to upgrade the WSUS to 4.0 version, since WSUS 3.0 SP2 only support minimal win10 and win2016 updates, you may upgrade your WSUS server as soon as possible.

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 1, 2017 5:34 AM
  • Thanks for the reply.

    From the console, it's reported as versions 3.2.7600.256 so it's SP2. We could look into version 4.0 but we would really want this working in the interim.

    Thursday, March 2, 2017 12:25 AM
  • Just setup a fresh WSUS installation off a fresh Windows Server 2012 R2 VM and am seeing the same error message when trying to sync with Microsoft source.
    Thursday, March 2, 2017 3:41 AM
  • Hi tanchankai,

    1. Before you re-install, do you ensure the Content folder, SUSDB and WSUS site are removed totally, then, install again?

    2. Do you install KB2938066 to upgrade the version to 3.2.7600.274?

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 3, 2017 2:05 AM
  • To fix this problem, download and install Update for Windows Server 2008 R2 for x64-based Systems (KB4484071) that was released on November 12, 2019 which will bring your installation to Build 3.2.7600.325. It fixed my installation.

    Credit to "WSUS does not sync with Microsoft on WSUS 3.0 SP2 - 2008 R2 servers because of certificate error"

    Thursday, February 6, 2020 10:01 PM