none
Remote configuration failed on WSUS Server.

    שאלה

  • From WSYNCMGR.log:
    Sync failed: WSUS server not configured. Source: CWSyncMgr::DoSync
    STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS= OurServerNameHere SITE=USL PID=11860 TID=11240 GMTDATE=Wed Dec 21 13:40:02.182 2011 ISTR0="CWSyncMgr::DoSync" ISTR1="WSUS server not configured" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0

    From WCM.log:
    This OurServerNameHere system is the Top Site where WSUS Server is configured to Sync from Microsoft Update (WU/MU) OR do not Sync.
    Submitting delta SCF changes to site REG. ParentWSUS = OurServerNameHere.lab.pri, ParentWSUSPort = 8531, SSLToParentWSUS = 1   
    CSiteControlEx::SubmitDeltaSCFFromServerComponent(): The caller did not specify any changes to the master site control file, a delta site control file will not be submitted.         
    Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.0.6000.273, Major Version = 0x30000, Minor Version = 0x17700111       
    Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.1.6001.1, Major Version = 0x30001, Minor Version = 0x17710001           
    The installed WSUS build has the valid and supported WSUS Administration DLL assembly version (3.1.7600.226)
    Successfully connected to server: OurServerNameHere.lab.pri, port: 8531, useSSL: True      
    Verify Upstream Server settings on the Active WSUS Server             Successfully configured WSUS Server settings and Upstream Server to Microsoft Update            
    System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

    So because of this I did some searching and came across the technet article: http://technet.microsoft.com/en-us/library/bb735874.aspx. Went through each setting…checking the ports were the same in iis and in the component configuration in sccm, making sure the fqdn is listed as the server name, checked that the website in iis for wsus was setup properly and all the 5 sites (APIRemoting30, ClientWebService, DSSAuthWebService, ServerSyncWebService, and SimpleAuthWebService) are setup to use SSL , checked to be sure no proxy server was setup (and there wasn’t), even requested a new certificate to rule out the cert and came back with the same issue. This has been working in the past and randomly on the 23<sup>rd</sup> of Nov, it just stopped. Nothing in the logs say as to why it stopped but as of the 24<sup>th</sup> it came back with the errors above. I can go into wsus and force a manual sync with no issues so its not a firewall issue either. And just to be sure I double checked that the firewall settings were configured to go out on 8530 and 8531. I feel I’ve exhausted my efforts with google and I’m almost to the point of doing a reinstall…which is the LAST thing I want to do (as I’m new to the environment and don’t want to fall back on that as an option.) 

    Im praying someone else out there might have run into something similar (as I’ve found this seems to happen quite a bit) that might be able to suggest something else I can look at that I might have over looked along the way.

    Thanks in advance.

    Scott 

     

    יום רביעי 21 דצמבר 2011 14:41

כל התגובות

  • Has it ever worked? I've found that it's faster and easier when I have exhausted myself with SUP/WSUS issues to just uninstall the SUP, uninstall WSUS, blow away the WSUS database and reinstall everything. That takes about 30 minutes and almost always corrects the issue.

     


    John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|
    יום רביעי 21 דצמבר 2011 16:30
    מנחה דיון
  • Yeah it was working for months before hand with no issues. Randomly on the 24th it just stopped. No rhyme or reason. Im thinking that might be my only option but was hoping to "fix" it rather then do a re-install. Still holding out hope that someone might be able to suggest something else I can try though...
    יום רביעי 21 דצמבר 2011 16:43
  • I'd take the sledge hammer approach. It doesn't hurt any of your packages and stuff that you already have created. It's always the fastest, easiest way IMO. Of course it is a laege amount of data that has to download again.

     


    John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|
    יום רביעי 21 דצמבר 2011 19:53
    מנחה דיון
  • Well did the uninstall/re-install...same error. Anyone else have any ideas? 
    יום חמישי 22 דצמבר 2011 15:24
  • the uninstall/reinstall didn't fix it? I've never seen that not work. Just to be sure... You are using WSUS installed locally on the SCCM server which also holds the SUP right? You installed WSUS into full blown SQL and not the windows internal database? You used a custom website and ports 8530 and 8531 for both WSUS and the SUP installs?

    If yes to all of that email me the server logs. john marcum at gmail dot com

    I'm bored today and this sounds fun.

     

     

     


    John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|
    יום חמישי 22 דצמבר 2011 15:38
    מנחה דיון
  • Okay so WSUS is not installed on the sccm server. its installed on a separate server, and that server has the SUP role. the ports are 8530 and 8531...ive confirmed this many times. and yes it was a custom website. 
    יום חמישי 22 דצמבר 2011 16:04
  • I've never dealt with WSUS not being on the local server so I may not be much help. I know you have to install the WSUS console on the SCCM server but that's about all I know. I try to K.I.S.S and leave as much as possible on the local server.

    I do see some errors in your logs but do not know what's causing them. Maybe someone else can help out though.

    Here's what I see: (I hid your IP adress in one line. In the first line it actually appears as  "::1:8531")

     

    No connection could be made because the target machine actively refused it ::1:8531

     

    A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond XX.XXX.XXX.XX:8531


    The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure

     

     


    John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|
    יום חמישי 22 דצמבר 2011 17:29
    מנחה דיון
  • You know after you sent that to me I took a look and I believe that error that you saw in the logs happened during some troubleshooting. And I say that because Ive not seen it come back up since the 20th. 

    Not sure what my next steps are...Might attempt to put it on a different server. I'd put it on the same server as SCCM but that box is running out of space as is (why i believe they put wsus on a different box to being with.) 

     

    Thanks again for your help. 

     

    Scott

    יום חמישי 22 דצמבר 2011 17:51
  • If the only reason someone had to move WSUS off the SCCM server was disk space you need a new server, or at least more disk space. ;-)

    I'd try very hard to get WSUS and the SUP back on the central site server and not have it remote. I'm not saying it shouldn't work remote because it should but that's just adding an extra layer of complexity for no good reason.

     

     


    John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|
    יום חמישי 22 דצמבר 2011 21:22
    מנחה דיון
  • If you open the WSUS console on the box does it say it is a "working" WSUS box.  You shouldn't change any settings but you should at least see a working WUS box.
    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com
    יום חמישי 22 דצמבר 2011 22:35
    מנחה דיון
  • Sorry for the delay, but yes it is a working wsus box. I can manually go out and do a sync, i have systems reporting into the box, and from what I can tell it is setup correctly. 

    יום שלישי 27 דצמבר 2011 14:08
  • Your log says System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

    Check to see if your SSL certificate is expired

    יום שלישי 27 דצמבר 2011 23:13
  • Its not. Its set to expire in 2013. Ive even requested a new cert thinking that had to be the problem but came back with the same error. I can even bring the wsus webpage up in IE and IE doesnt say that the cert expired or anything like that...
    • נערך על-ידי Scott-ACS יום רביעי 28 דצמבר 2011 17:02
    יום רביעי 28 דצמבר 2011 13:54
  • Hi Scott

    I have faced a very similar issue this week. I have migrated SUP (Software Update Point) from Site Management server to a remote and dedicated server. Installed everything as requirements says but i was still having same issue in 

    WSYNCMGR.log:
    Sync failed: WSUS server not configured. Source: CWSyncMgr::DoSync

    To my big suprise solution to this problem is following:
    Site Managemement server has to have  WSUS ADMIN console installed to be able to perform synchronization task with a remote SUP. Its because some of .dll are used for this function. And once as part of migration i removed whole WSUS from recent SUP these files were missing and config sync wasnt working. 

    so please simply install on your site management server wsus console I think it will resolve your issue too. 

    PS: this solution is mentioned in one of many State messages you can catch while you are running synchronization.  

    יום חמישי 29 דצמבר 2011 14:11
  • Karleek,

    Thanks for the idea...sadly I already did this as well. The wsus console is installed on the sccm site server and I can connect to the wsus server (via port 8531) through the console. Im pretty sure I've tried just about every troubleshooting step out there for these errors...but nothing so far is moving me forward. Thanks again for everyone's help. 

     

    Scott


    • נערך על-ידי Scott-ACS יום חמישי 29 דצמבר 2011 15:35
    יום חמישי 29 דצמבר 2011 15:34
  • did you ever resolve this? i am facing a similar issue as descibed on SCCM 2012.

    SUP is a remote WSUS server. WSUS admin console is installed on SCCM site server. WSUS KB is deployed on WSUS and SCCM server....log shows it connects, then logs: Remote configuration failed on WSUS Server.

    anyone know how to resolve?

    יום רביעי 04 יולי 2012 20:13
  • I am also facing similar kind of issues. Can any body has solution for this:

    Sync issue with WSUS. (WSUS Synchronization failed.Message: WSUS update source not found on site TEST. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSource.  The operating system reported error 2147500037: Unspecified error)

    I am facing issues in connection f sup and wsus server.

    Please find the log file info from wsyncmgr.log:
    Found active SUP xxxxxserver from SCF File. SMS_WSUS_SYNC_MANAGER x/xx/2018 6:30:02 AM 1440 (0x05A0)
    DB Server not detected for SUP xxxxxserver from SCF File. skipping. SMS_WSUS_SYNC_MANAGER x/xx/2018 6:30:02 AM 1440 (0x05A0)
    Sync failed: WSUS update source not found on site TEST. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSource SMS_WSUS_SYNC_MANAGER x/xx/2018 6:30:02 AM 1440 (0x05A0)
    STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=xxxxxserver SITE=TEST PID=7876 TID=1440 GMTDATE=Day xxx xx 06:30:02.153 2018 ISTR0="getSiteUpdateSource" ISTR1="WSUS update source not found on site TEST. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER x/xx/2018 6:30:02 AM 1440 (0x05A0)
    Sync failed. Will retry in 60 minutes SMS_WSUS_SYNC_MANAGER x/xx/2018 6:30:02 AM 1440 (0x05A0)

    Log file from WCMlog:

    Checking runtime v2.0.50727... SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    Failed to create assembly name object for Microsoft.UpdateServices.Administration. Error = 0x80131701. SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    Checking runtime v4.0.30319... SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    Found supported assembly Microsoft.UpdateServices.Administration version 3.1.6001.1, file version 3.1.7600.262 SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    Found supported assembly Microsoft.UpdateServices.BaseApi version 3.1.6001.1, file version 3.1.7600.262 SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    Supported WSUS version found SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    Attempting connection to WSUS server: xxxxxserver, port: 80, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    System.Net.WebException: The request failed with HTTP status 407: authenticationrequired.~~   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    Remote configuration failed on WSUS Server. SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    STATMSG: ID=6600 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONFIGURATION_MANAGER" SYS=xxxxxserver SITE=TEST PID=7876 TID=12584 GMTDATE=day xx 21 06:01:39.564 2018 ISTR0="xxxxxserver" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)
    Waiting for changes for 60 minutes SMS_WSUS_CONFIGURATION_MANAGER x/xx/2018 6:01:39 AM 12584 (0x3128)

    Could anybody help on this issue?

    יום רביעי 21 פברואר 2018 14:14
  • I found this can be caused by the WSUS Application Pool being stopped, increase the memory for it to 4 gig instead of the default 1.8 meg and this should resolve the issues with synching and scanning.

    Cliff Hughes (MSFT)

    יום שישי 09 מרץ 2018 18:08
  • Cliff is correct. It is caused by WsusPool being in STOP state under Application Pool.
    יום שני 14 מאי 2018 20:47
  • I had the same issue and yes it was caused by the WSUS Application Pool. Thank you very Cliff.
    יום שישי 17 אוגוסט 2018 09:08