Remove From My Forums

Unable to run WSUS PowerShell commands - "could not establish trust relationship"

Question
0

Sign in to vote

Hey guys.

I'm unable to run WSUS PowerShell commands on our upstream server. The error message states it "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel". This isn't an issue on our downstream servers.

The upstream WSUS console is working fine and computers are able to download updates from it. Not sure when this started, but I did replace the SSL certs for all WSUS servers recently. Seems like if that was the issue, it'd effect the other servers as well.

Any help would be appreciated!

Wednesday, April 13, 2016 6:03 PM

All replies

0

Sign in to vote
Hi WWood,

Based on my understanding, after changing the certificate, the WSUS GUI works well while powershell commands have issues.

If my understanding is correct, then check if restart the WSUS server and run Server Cleanup Wizard could help.

Besides, check if the old certificate is stored, if yes, also delete the old certificate and check the result.

Best Regards,

Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Anne HeMicrosoft contingent staff Friday, April 22, 2016 8:25 AM
- Marked as answer by Anne HeMicrosoft contingent staff Friday, April 22, 2016 9:43 AM
- Unmarked as answer by WWood Friday, April 22, 2016 12:55 PM
- Unproposed as answer by Anne HeMicrosoft contingent staff Thursday, April 28, 2016 2:33 AM
Thursday, April 14, 2016 8:45 AM
0

Sign in to vote

Thanks for the response (sorry for the delay). As you suggested, I've tried running clean up wizard, rebooting, and the old certificate had already been deleted. Those steps have not resolved the issue.

Friday, April 22, 2016 12:57 PM
0

Sign in to vote
Good Day

Have you tried to import the module ?

Import-Module UpdateServices -Force
Hope this works
Regards
Friday, April 22, 2016 1:17 PM
0

Sign in to vote

No luck. Getting the same error.

Friday, April 22, 2016 1:20 PM
0

Sign in to vote

Is the certificate for a web service from a trustworthy authority?
If so, is the certificate stored in the Root CA Certificate store?
Maybe you only have to export the certificate and install it in the server

Friday, April 22, 2016 2:10 PM
0

Sign in to vote

Yep. It was issued by our internal CA. The WSUS server cert is installed and the root CA cert is in the trusted root store. IIS bindings are also correct.

It's weird. Everything is working as expected except the WSUS PowerShell commands.

Friday, April 22, 2016 3:17 PM
0

Sign in to vote

Hi WWood,

Have you tried restarting the WSUS server? Could restart work?

Best Regards,

Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

Monday, April 25, 2016 8:30 AM
0

Sign in to vote

I've tried restarting. Unfortunately it didn't resolve the issue.

Monday, April 25, 2016 1:52 PM
0

Sign in to vote

Hi WWood,

What is the certificate template of the new certificate?

And what about using another certificate, do the trusted root certificate stores correctly?

Best Regards,

Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

Tuesday, April 26, 2016 9:19 AM
0

Sign in to vote

It's a Web Server certificate template. At this point, I feel this probably isn't an issue with the certificate itself, because almost everything is working correctly. Clients can connect, clients can download updates, downstream servers can connect, etc. The only thing that isn't working are the WSUS PowerShell commands on the upstream server. For example "get-wsusserver". If there was a problem with the cert, I'd expect to see problems manifest themselves elsewhere.

Also to be clear, I didn't observe a direct correlation between changing the certificate and the PowerShell issues. Rather, it's just the last change I can remember that might've caused it. It's not a case of "I changed it and then it stopped working".

The downstream servers, which have the same certificate template and are configured the same way w/ regards to templates, can run the PowerShell commands.

Wednesday, April 27, 2016 3:12 PM
0

Sign in to vote

Hi WWood,

What about other powershell commands?

Does the issue only for WSUS commands?

Best Regards,

Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

Thursday, April 28, 2016 4:50 AM
0

Sign in to vote

Other PowerShell commands work fine. It's just the WSUS commands.

Thursday, April 28, 2016 1:05 PM
0

Sign in to vote
Hi WWood,

Try if re-index WSUS database could work.

Reindex WSUS database:

https://technet.microsoft.com/en-us/library/dd939795(v=ws.10).aspx

Best Regards,

Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Anne HeMicrosoft contingent staff Friday, May 6, 2016 9:13 AM
Tuesday, May 3, 2016 9:30 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

Unable to run WSUS PowerShell commands - "could not establish trust relationship"

Question

All replies