none
WSUS ошибка синхронизации RRS feed

  • Вопрос

  • Добрый день.

    С 21.11.2019 Возникла ошибка синхронизации WSUS 3.2.7600.251.

    Обновления последний раз устанавливались 14.11.2019 (KB4525106, KB4525233, KB4525235, KB4523206) и до 21.11.2019 синхронизация проходила успешно. Сервер работает через прокси, но и с прямым доступом ошибка таже.

    WebException: Базовое соединение закрыто: Не удалось установить доверительные отношения для защищенного канала SSL/TLS. ---> System.Security.Authentication.AuthenticationException: Удаленный сертификат недействителен согласно результатам проверки подлинности.

    В лог файле SoftwareDistribution.log

    2019-11-19 17:23:02.307 UTC Info WsusService.27 WebServiceCommunicationHelper.ConfigChangedHandler Update server configuration has changed. Reporting service: statsfe2.update.microsoft.com, SyncFromMU: True
    2019-11-19 17:23:02.916 UTC Info WsusService.8 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK
    2019-11-19 17:23:02.916 UTC Info WsusService.8 WebServiceCommunicationHelper.VerifyServerCertificate Requested host: sws1.update.microsoft.com
    2019-11-19 17:23:02.916 UTC Info WsusService.8 WebServiceCommunicationHelper.VerifyServerCertificate SSL validation succeeded.

    2019-11-20 17:23:05.174 UTC Info w3wp.9 AuthorizationManager.GetUpstreamServerUriHeader Found config says USS is MU site
    2019-11-20 17:23:05.283 UTC Info WsusService.21 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK
    2019-11-20 17:23:05.283 UTC Info WsusService.21 WebServiceCommunicationHelper.VerifyServerCertificate Requested host: sws1.update.microsoft.com
    2019-11-20 17:23:05.330 UTC Error WsusService.21 CertificateChainPolicy.VerifyPolicy The given certificate chain has not Microsoft Root CA signed root (800B0109)


    2019-11-20 17:23:06.221 UTC Info WsusService.21 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK
    2019-11-20 17:23:06.221 UTC Info WsusService.21 WebServiceCommunicationHelper.VerifyServerCertificate Requested host: sws1.update.microsoft.com
    2019-11-20 17:23:06.221 UTC Info WsusService.21 WebServiceCommunicationHelper.VerifyServerCertificate SSL validation succeeded.
    2019-11-20 17:23:09.346 UTC Info WsusService.7 SusEventDispatcher.TriggerEvent TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
    2019-11-20 17:23:09.346 UTC Info WsusService.27 SusEventDispatcher.DispatchManagerWorkerThreadProc DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
    2019-11-20 17:23:09.424 UTC Info WsusService.27 WebServiceCommunicationHelper.ConfigChangedHandler Update server configuration has changed. Reporting service: statsfe2.update.microsoft.com, SyncFromMU: True
    2019-11-20 17:23:10.049 UTC Info WsusService.21 CatalogSyncAgentCore.CatalogSiteImportUpdatesAndFiles attempted 0, succeeded 0, retry 0
    2019-11-20 17:23:10.049 UTC Info WsusService.21 CatalogSyncAgentCore.SyncUpdatesOutsideSubscription 0 updates to go
    2019-11-20 17:23:10.065 UTC Info WsusService.21 EventLogEventReporter.ReportEvent EventId=381,Type=Information,Category=Synchronization,Message=Синхронизация запущена по расписанию.

    2019-11-21 17:23:04.473 UTC Info WsusService.23 WebServiceCommunicationHelper.ConfigChangedHandler Update server configuration has changed. Reporting service: statsfe2.update.microsoft.com, SyncFromMU: True
    2019-11-21 17:23:05.317 UTC Info WsusService.3 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK
    2019-11-21 17:23:05.317 UTC Info WsusService.3 WebServiceCommunicationHelper.VerifyServerCertificate Requested host: sws1.update.microsoft.com
    2019-11-21 17:23:05.317 UTC Error WsusService.3 CertificateChainPolicy.VerifyPolicy The given certificate chain has not Microsoft Root CA signed root (800B0109)


    2019-11-21 17:23:06.020 UTC Info WsusService.3 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK
    2019-11-21 17:23:06.020 UTC Info WsusService.3 WebServiceCommunicationHelper.VerifyServerCertificate Requested host: sws1.update.microsoft.com
    2019-11-21 17:23:06.020 UTC Error WsusService.3 CertificateChainPolicy.VerifyPolicy The given certificate chain has not Microsoft Root CA signed root (800B0109)

    2019-11-21 17:23:06.020 UTC Info WsusService.3 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK
    2019-11-21 17:23:06.020 UTC Info WsusService.3 WebServiceCommunicationHelper.VerifyServerCertificate Requested host: sws1.update.microsoft.com
    2019-11-21 17:23:06.020 UTC Error WsusService.3 CertificateChainPolicy.VerifyPolicy The given certificate chain has not Microsoft Root CA signed root (800B0109)

    В журнале CAPI2 Ошибка с кодом события 30

        

    - System 
      - Provider 
       [ Name]  Microsoft-Windows-CAPI2 
       [ Guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
       EventID 30 
       Version 0 
       Level 2 
       Task 30 
       Opcode 0 
       Keywords 0x4000000000000001 
      - TimeCreated 
       [ SystemTime]  2019-11-28T04:28:38.217572000Z 
       EventRecordID 108619 
       Correlation 
      - Execution 
       [ ProcessID]  2148 
       [ ThreadID]  2428 
       Channel Microsoft-Windows-CAPI2/Operational 
       Computer WSUS
      - Security 
       [ UserID]  S-1-5-20 
    UserData 
      - CertVerifyCertificateChainPolicy 
      - Policy 
       [ type]  CERT_CHAIN_POLICY_MICROSOFT_ROOT 
       [ constant]  7 
      - Certificate 
       [ fileRef]  C4A0FDA118DE14FF8D4C536A16D652D7DEE67D26.cer 
       [ subjectName]  sws1.update.microsoft.com 
      - CertificateChain 
       [ chainRef]  {6270465F-DC23-440E-B357-B3873CEF6038} 
      - Flags 
       [ value]  0 
      - Status 
       [ chainIndex]  0 
       [ elementIndex]  2 
      - EventAuxInfo 
       [ ProcessName]  wsusservice.exe 
      - CorrelationAuxInfo 
       [ TaskId]  {A5CD0A73-8C3A-4A02-B9AF-132731608ADC} 
       [ SeqNumber]  1 

      - Result Цепочка сертификатов обработана, но обработка прервана на корневом сертификате, у которого отсутствует отношение доверия с поставщиком доверия. 
       [ value]  800B0109 

    28 ноября 2019 г. 5:36

Ответы

Все ответы