On a Server 2008 R2 SP1 with WSUS 3.0 SP2, after disabling TLS 1.0, the synchronizations fail with Microsoft Update Servers. The error message is long, but basically says: “The client and server cannot communicate, because they do not possess a common
algorithm”. Event Viewer shows Event ID 10022 for WSUS and Event ID 36871 for Schannel (both vague).
TLS 1.1 and 1.2 are enabled in the registry. I have tried various .net updates/solutions. I tried to install KB3154518 - Support for TLS System Default Versions included in the .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008 R2 SP1 but that update
says it is not applicable to the OS (and not even sure if it affects .net 2). I did add the registry keys associated with KB3154518 and I added the registry keys for SchUseStrongCrypto.
I can check for updates via Windows Updates through the Control Panel, and that works. If I approve an update that had been previously synced the download does complete. Workstation clients work as expected (HTTP port 80). The only problem is synchronizations
with Microsoft Update servers within WSUS console. WSUS build is 3.2.7600.283.
Is it possible, and if so, what steps are required to have WSUS 3.0 SP2 work properly with TLS 1.0 disabled on a 2008 R2 server?
