locked
Change IIS binding from All Unassigned to a Static IP - loss of connectivity RRS feed

  • Question

  • Hi - I have just built a fresh Windows Server 2019 WSUS server, and it is working fine with the default settings. I have two IP addresses on this server, and would like to bind the IIS WSUS instance to one of the IP addresses.  If I change the binding to the IP address that I want, the admin console gets disconnected with(I'm using the FQDN in the admin console):

    ----------------------------------------

    Error: Connection error

    An error occurred trying to connect to the WSUS server. This error can happen for a number or reasons. Check connectivity with the server. Please contact your network administrator if the problem persists. 

    ---------------------------------------

    If I use the IP address and connect to the Admin Console, it works just fine. I've verified that DNS is working properly for this hostname, by using nslookup.  I confirmed DNS is returning the proper IP address for the hostname, and I can ping the hostname and it returns the same IP address. Windows 10 clients are only able to update from the WSUS server when the IIS binding is set to all unassigned IP addresses also.  If I bind it to my static IP (either address) the clients are not able to connect to the server to update.

    Thanks for any ideas on this issue. 




    • Edited by tccsysadmin Wednesday, October 2, 2019 6:25 PM
    Wednesday, October 2, 2019 3:13 PM

All replies

  • This only seems to be a problem from connecting to the WSUS console from the server itself. 


    Try adding the server's IPV6 address to the binding. 

    I don't have WSUS to test with so I just tweaked IIS on Win10 and tried to browse my default site.

    See the HTTP error logs in C:\Windows\System32\LogFiles\HTTPERR. I noticed the 404's that matched the page not found errors that I was getting in the browser. 

    #Software: Microsoft HTTP API 2.0
    #Version: 1.0
    #Date: 2019-10-01 13:09:43
    #Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri streamid sc-status s-siteid s-reason s-queuename
    2019-10-01 13:09:43 192.168.1.7 50563 192.168.1.2 80 - - - - - - Timer_ConnectionIdle -
    2019-10-02 18:03:23 fe80::597f:f0cf:2c9a:d992%4 40105 fe80::597f:f0cf:2c9a:d992%4 80 HTTP/1.1 GET / - 404 - NotFound -
    2019-10-02 18:07:30 fe80::597f:f0cf:2c9a:d992%4 40122 fe80::597f:f0cf:2c9a:d992%4 80 HTTP/1.1 GET / - 404 - NotFound - 

    I also added IPV4 127.0.0.1 and the IPV6 ::1 to account for "localhost" if that were ever referenced.

    Wednesday, October 2, 2019 6:43 PM
  • Thank you for the reply. We are trying to limit it to only have the one IP address be able to respond to requests, we do not want any other interfaces responding. 
    Wednesday, October 2, 2019 7:48 PM
  • We are trying to limit it to only have the one IP address be able to respond to requests, we do not want any other interfaces responding. 

    Well it's not really different interface. It's just the IPV6 address for the same interface as the IPV4 address. Plus the entries needed to access the site from the server itself.

    I guess that you could disable IPV6 on the NIC. You can try that.

    Just to clarify your config.....  you have MyServer.MyCompany.com with an IP of 1.1.1.2 and you have WSUS.MyCompany.com with an IP of 1.1.1.3 and the only name that you reference is WSUS.MyCompany.com. And in IIS you have listed 1.1.1.3, and in the Admin console you're referencing the WSUS.MyCompany.com name. Is that correct?  

    Update... that might be the server's IPV6 address (in the HTTPerr log), but if your clients don't use IPV6, then it shouldn't matter. 
    Wednesday, October 2, 2019 8:34 PM