We followed the official guide to configure third-party software updates for Configuration Manager. After having added custom catalog, we tried the menu Sync now on the head ribbon. Unfortunately, it does not work.
Logs show the following exceptions:
WSUSCtrl:
Attempting connection to local WSUS server 2720 (0x0AA0)
System.Net.WebException: The request failed with HTTP status 403: Forbidden. at at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) 2720 (0x0AA0)Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
Failures reported during periodic health check by the WSUS Server CONTOSO.COM. Will retry check in 1 minutes 2720 (0x0AA0)
Waiting for changes for 1 minutes 2720 (0x0AA0)
Timed Out… 2720 (0x0AA0)
SMS_ISVUPDATES_SYNCAGENT.log:
==================== Exception Detail Start ======================= 5184 (0x1440)
Exception type: WebException 5184 (0x1440)
Exception HRESULT: -2146233079 5184 (0x1440)
Exception Message: The request failed with HTTP status 403: Forbidden. 5184 (0x1440)
Exception source Microsoft.UpdateServices.Administration 5184 (0x1440)
Exception TargetSite Microsoft.UpdateServices.Administration.IUpdateServer CreateUpdateServer(System.Object[]) 5184 (0x1440)
Stack at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.ConfigurationManager.ISVUpdatesSyncAgent.WSUS.UpdateServicesWrapper.Connect() 5184 (0x1440)
===================== Exception Detail End ======================== 5184 (0x1440)
WCM.log:
Successfully connected to server: CONTOSO.com, port: 8531, useSSL: True 70592 (0x113C0)
Waiting for changes for 59 minutes 70592 (0x113C0)
Wait timed out after 59 minutes while waiting for at least one trigger event. 70592 (0x113C0)
Timed Out… 70592 (0x113C0)
In addition, SCCM SMS_WSUS_CONTROL_MANAGER kept printing repeated Error 7000 and 7003.
WSUS Control Manager failed to monitor WSUS Server “CONTOSO.COM”. Possible cause: WSUS Server version 3.0 SP2 or above is not installed or cannot be contacted. Solution: Verify that the WSUS Server version 3.0 SP2 or greater is installed. Verify that the IIS ports configured in the site are same as those configured on the WSUS IIS website.
Then we checked the health on SUP:
- Open CMD as admin
- Navigate to C:\Program Files\Update Services\Tools
- Run: WSUSUtil.exe checkhealth
I found Event ID 12002, 12052, 12042, 12022, 12032, 12012 in Windows Server Update Services event log-
The description for Event ID 12052 from source Windows Server Update Services cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
The DSS Authentication Web Service is not working.
The only step we missed was configure wsus for ssl with wsusutil configuressel. So we tried the following steps:
- Open CMD as admin and navigate to C:\Program Files\Update Services\Tools
- Run (Case sensitive): wsusutil.exe configuressl <FQDN-OF-WSUS-SERVER>
- Restart WSUS Service from services and WSUS Administration from IIS Administration control
Wonderful! The issue was gone.
SCCM Monde 