locked
SCE Remote Console Cannot Connect to Server (Error Connecting to Update Server) RRS feed

  • Question

  • I've successfully upgraded SCE/WSUS to SP1.  I uninstalled the agent on my desktop machine, installed the Remote Console, upgraded it to SP1, but cannot connect to the server.  Here's the error:

    Date: 6/18/2008 11:44:42 AM
    Application: System Center Essentials
    Application Version: 6.0.1885.0
    Severity: Error
    Message: Error connecting to Update server 'CORP'

    System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Net.TlsStream.CallProcessAuthentication(Object state)
       at System.Threading.ExecutionContext.runTryCode(Object userData)
       at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
       at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
       at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.ConnectStream.WriteHeaders(Boolean async)
       --- End of inner exception stack trace ---
       at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
       at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
       at Microsoft.EnterpriseManagement.SCE.Internal.UI.Console.UpdateServerService.TryConnect(String serverName, Boolean connectSecurely, Int32 socketNumber)
       at Microsoft.EnterpriseManagement.SCE.Internal.UI.Console.UpdateServerService.TryConnect(String serverName)
       at Microsoft.EnterpriseManagement.SCE.Internal.UI.Console.EssentialsConsoleWindow.ChangeConnection(String serverName)
    System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Net.TlsStream.CallProcessAuthentication(Object state)
       at System.Threading.ExecutionContext.runTryCode(Object userData)
       at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
       at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
       at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.ConnectStream.WriteHeaders(Boolean async)

    Wednesday, June 18, 2008 3:51 PM

Answers

All replies

  • Hi,

     

    Does remote console works fine before installing SP1? Please ensure the user logging on remote console is a local admin on SCE server. Meanwhile, verify the certificates of WSUSSSLCert and WSUSCodeSigningCert have been imported into Trusted Root certification Authorities. If this is not the case, uninstall SCE remote console and install UI SP1 from following link:

     

    http://www.microsoft.com/downloads/details.aspx?FamilyID=246df207-f051-47c3-bd64-c9072281c3c8&DisplayLang=en

     

    Then, try to see if it make no difference.
    Friday, June 20, 2008 6:41 AM
  • No luck.  I uninstalled the WSUS Server Console 3.0 SP1 (that's what it's called, even though it was installed from the SCE install CD image), then uninstalled the MOM agent, reinstalled from the SCE SP1 Eval CD Image from your link above, and imported the two certs as instructed.  Same error.
    Friday, June 20, 2008 6:07 PM
  • Hi Gary,

     

    No need to uninstall WSUS console. Let's try to a clean UI install on an another client using SCE SP1. Then, configure certificates locally and connect to  to the server using a full FQDN for the SCE server and ensure the console is running under a user that is an local admin on the SCE server machine. Meanwhile, Make sure that the AD user that you are using to open the remote SCE 2007 console is in the local WSUS Administrator's User group on the SCE 2007 server.

    The following link is for your reference:

     

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1668459&SiteID=17

     

    http://technet.microsoft.com/en-us/library/bb437322.aspx

     

    HTH.

    Saturday, June 21, 2008 3:39 AM
  • I do need this however on the first client (the system administrator's machine).

    I've done yet another uninstall/reinstall, using the full FQDN for the SCE server.  I'm using a login that is a local administrator on the SCE server.  However, where there are no certificates on the SCE server in the d:\program files\system center essentials 2007\certificates folder.  Where else might they be?  Or how can I re-create the certificates?
    Monday, June 23, 2008 2:34 PM
  • Hi,

     

    Lauch MMC command and add the certificates snap-in for computer account of the local computer on SCE server. Navigate to trusted root  certification authorities node, it is supposed to find two certificateis with friendly name (FQND of Server, WSUS publishers self-signed). You can choose to export to %programfiles%\system center essentials 2007\certificates folder. Then, copy them to a target computer and import it.

     

    http://technet.microsoft.com/en-us/library/bb437322.aspx

     

    HTH.

    Tuesday, June 24, 2008 7:00 AM
  • Unfortunately, I don't find a certificate listed under the TRCA for FQDN.  There is one for WSUS publisher self-signed is from our initial install of SCE/WSUS on another server, which failed when we upgraded to SP1.  That server was uninstalled and this one done as a new installation, first to SCE 3.0/WSUS 3.0 and then successfully upgraded to SP1. However, those two certificates aren't anywhere to be found.

    What's next?
    Tuesday, June 24, 2008 3:54 PM
  • Hi,

     

    Did you choose to back up these two certificates when upgrading? You also can check if certificates are there in SCE agents. If certificates are missing, I am sorry to say you need to reinstall SCE to re-create these two certificate.

     

    HTH.
    Wednesday, June 25, 2008 2:49 AM
  • I think so.  Where would they have been backed up to?
    Wednesday, June 25, 2008 3:11 AM
  • Hi Gary,

     

    When launch upgrading SP1, it would ask you to back up certifiicates to a directory as you specified. If these two certificates cannot be found, you need to reinstall SCE to recreate them.

     

    For your reference:

     

    http://www.microsoft.com/downloads/details.aspx?FamilyID=246df207-f051-47c3-bd64-c9072281c3c8&DisplayLang=en

     

    HTH.

    Wednesday, June 25, 2008 5:54 AM