Remove From My Forums

WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote

Question
0

Sign in to vote

I know there are loads of posts with same issue and most of them were related to proxy and connectivity .

This was case for me as well (few months back). Now the same error is back. But I've confirmed that FW ports and proxy are fine this time around.

server is configured on http port 80

ERROR

Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncWSUS

............

I've checked proxy server connectivity. I'm able browse following site from WSUS server

http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8

I did telnet proxy server on the particular port (8080) and that is also fine.

I've doubt on certificates, any idea which are the certificates which we need to look? And if certificate is expired then (my guess) we won't be able open the above mentioned windows update catalog site?

Any tips appreciated !

Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM

Thursday, June 19, 2014 2:13 PM

Answers

0

Sign in to vote
Any other hints where I can prove them it's a sure shot problem from their side.

I'd say Wireshark the sync session and see where the traffic goes.. or doesn't.. as the case may be.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.
- Marked as answer by Anoop C NairMVP Monday, June 23, 2014 3:37 AM
Saturday, June 21, 2014 12:59 AM

All replies

0

Sign in to vote

Greetings Anoop!

The error message pretty much describes the issue.

Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

SSL is enabled/configured, and the certificate being used is invalid (or the cert does not exist or cannot be obtained), or the SSL connection could not be established.

Not sure about your use of port 8080, but unless the proxy server is properly remapping the port, that will likely be problematic.

ALSO... a common problem when using proxy servers... WSUS needs to be able to SYNC on SSL, and DOWNLOAD CONTENT on HTTP. If you're forcing port 8080 to redirect to port 80 outbound, then WSUS has no way to build an SSL connection to Microsoft Update. You'll need to set up a second proxy listener to handle the SSL-based sync.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Thursday, June 19, 2014 9:59 PM
0

Sign in to vote
Hi Lawrence ! - Many thanks for looking into this thread and replying. Appreciate your help.

Your reply ("SSL is enabled/configured, and the certificate being used is invalid (or the cert does not exist or cannot be obtained), or the SSL connection could not be established.") is very helpful.

I've already tested CONTENT DOWNLOAD and it's working fine. WSUS Sync was also working fine for years with proxy server configured on port (8080) and WSUS server on port 80.

My Guess (this is my best guess ;)) is this something to do with Firewall or Proxy side configuration rather than WSUS. However, I'm not finding a way to prove this to proxy/firewall team. From their perspective all the required port communication open and proxy server is also reachable. More over we're able to access internet (Microsoft Update Catalog site) over same port (8080).

Any other hints where I can prove them it's a sure shot problem from their side.

Thanks again !!

Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM
- Edited by Anoop C NairMVP Friday, June 20, 2014 6:28 AM typo and
Friday, June 20, 2014 1:58 AM
0

Sign in to vote
Any other hints where I can prove them it's a sure shot problem from their side.

I'd say Wireshark the sync session and see where the traffic goes.. or doesn't.. as the case may be.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.
- Marked as answer by Anoop C NairMVP Monday, June 23, 2014 3:37 AM
Saturday, June 21, 2014 12:59 AM
0

Sign in to vote

Thank you Lawrence !
Anoop C Nair (My Blog www.AnoopCNair.com) - Twitter @anoopmannur - FaceBook Forum For SCCM

Monday, June 23, 2014 3:37 AM
0

Sign in to vote

Hi, I know this is an old thread, but we started getting this on our WSUS server a few weeks ago, and it hasn't been able to synchronize successfully since. Here is the error we are getting:

WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
at Microsoft.UpdateServices.Serve

As noted above, I too can browse to http://catalog.update.microsoft.com/v7/site/Home.aspx?sku=wsus&version=3.2.7600.226&protocol=1.8 fine on the WSUS server.

Not sure why this thread was marked answered. Wireshark is hardly a solution. Please advise on how to resolve this issue.

Monday, April 9, 2018 2:00 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

WSUS Sync is not working Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote

Question

Answers

All replies