Server 2008 R2 WSUS no longer syncing with Microsoft

%3CLINGO-SUB%20id%3D%22lingo-sub-3410527%22%20slang%3D%22en-US%22%3EServer%202008%20R2%20WSUS%20no%20longer%20syncing%20with%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3410527%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3EI%20have%20an%20old%202008%20R2%20licence%20I%20use%20at%20home%20(in%20a%20VM)%20to%20run%20a%20WSUS%203.0%20server%20to%20patch%20my%20systems%20rather%20than%20downloading%20direct%20from%20MS.%20I%20feel%20this%20gives%20me%20better%20control%20of%20patching%20(e.g%2C%20No%20Preview%20patches%20in%20Windows%2010%2C%20etc.).%3C%2FP%3E%3CP%3EHowever%20earlier%20this%20year%20the%20synching%20to%20Microsoft%20to%20find%20new%20patches%20stopped%20working%20and%20it%20took%20me%20awhile%20to%20get%20around%20to%20it.%3C%2FP%3E%3CP%3EI%20couldn't%20figure%20out%20why%20but%20thought%20that%20some%20config%20or%20patch%20may%20have%20corrupted%20my%20system%20so%20I%20rebuilt%20a%20new%202008%20R2%20VM%20to%20reinstall%20WSUS%20from%20scratch.%3C%2FP%3E%3CP%3EDuring%20configuration%20to%20sync%20with%20Microsoft%20I%20now%20get%20the%20following%20error.%3C%2FP%3E%3CP%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%3CP%3E---------------------------%3CBR%20%2F%3ESynchronization%20Error%20Details%3CBR%20%2F%3E---------------------------%3CBR%20%2F%3EWebException%3A%20The%20underlying%20connection%20was%20closed%3A%20Could%20not%20establish%20trust%20relationship%20for%20the%20SSL%2FTLS%20secure%20channel.%20---%26gt%3B%20System.Security.Authentication.AuthenticationException%3A%20The%20remote%20certificate%20is%20invalid%20according%20to%20the%20validation%20procedure.%3C%2FP%3E%3CP%3Eat%20System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest%20request)%3CBR%20%2F%3Eat%20System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest%20request)%3CBR%20%2F%3Eat%20Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest%20webRequest)%3CBR%20%2F%3Eat%20System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String%20methodName%2C%20Object%5B%5D%20parameters)%3CBR%20%2F%3Eat%20Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()%3CBR%20%2F%3Eat%20Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy%20proxy%2C%20WebServiceCommunicationHelper%20webServiceHelper)%3CBR%20%2F%3Eat%20Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager%20authorizationManager%2C%20Boolean%20checkExpiration%2C%20ServerSyncProxy%20proxy%2C%20Cookie%20cookie%2C%20WebServiceCommunicationHelper%20webServiceHelper)%3CBR%20%2F%3Eat%20Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()%3CBR%20%2F%3Eat%20Microsoft.UpdateServices.Serve%3C%2FP%3E%3CP%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%3CP%3EIf%20someone%20knows%20how%20to%20fix%20this%20please%20let%20me%20know.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20realise%20that%20the%20server%20software%20and%20WSUS%20version%20I%20run%20are%20no%20longer%20supported%20by%20Microsoft%20but%20does%20anybody%20know%20if%20changes%20at%20MS%20have%20stopped%20WSUS%20synching%20altogether%3F%3C%2FP%3E%3CP%3EI%20haven't%20upgraded%20the%20software%20because%2C%20well%2C%20the%20current%20licencing%20models%20make%20it%20prohibitively%20expensive%20just%20to%20run%20a%20patch%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3410527%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3411045%22%20slang%3D%22en-US%22%3ERe%3A%20Server%202008%20R2%20WSUS%20no%20longer%20syncing%20with%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3411045%22%20slang%3D%22en-US%22%3ETLS%201.2%20not%20enabled%20I%20guess%3F%20You%20can%20use%20this%20article%20to%20enable%20it%20%3CA%20href%3D%22https%3A%2F%2Fblog.aelterman.com%2F2014%2F04%2F09%2Fwindows-8-1-update-cannot-connect-to-ssl-enabled-wsus-3-sp-2%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblog.aelterman.com%2F2014%2F04%2F09%2Fwindows-8-1-update-cannot-connect-to-ssl-enabled-wsus-3-sp-2%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3424074%22%20slang%3D%22en-US%22%3ERe%3A%20Server%202008%20R2%20WSUS%20no%20longer%20syncing%20with%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3424074%22%20slang%3D%22en-US%22%3EThank%20you%20for%20your%20response.%3CBR%20%2F%3EBased%20upon%20this%20article%20I%20did%20not%20have%20TLS%20enabled%20so%20I%20used%20the%20registry%20hack%20described%20there%20and%20rebooted.%3CBR%20%2F%3EUnfortunately%20it%20did%20not%20fix%20the%20problem.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3424127%22%20slang%3D%22en-US%22%3ERe%3A%20Server%202008%20R2%20WSUS%20no%20longer%20syncing%20with%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3424127%22%20slang%3D%22en-US%22%3EOk%2C%20perhaps%20this%20page%20will%20help%3F%20%3CA%20href%3D%22https%3A%2F%2Fcommunity.spiceworks.com%2Ftopic%2F2312086-wsus-synchronization-failed-http-error%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcommunity.spiceworks.com%2Ftopic%2F2312086-wsus-synchronization-failed-http-error%3C%2FA%3E%20(SHA2%20signing%20update)%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3454774%22%20slang%3D%22en-US%22%3ERe%3A%20Server%202008%20R2%20WSUS%20no%20longer%20syncing%20with%20Microsoft%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3454774%22%20slang%3D%22en-US%22%3EDid%20that%20fix%20your%20issue%3F%3C%2FLINGO-BODY%3E
Contributor

Hello

I have an old 2008 R2 licence I use at home (in a VM) to run a WSUS 3.0 server to patch my systems rather than downloading direct from MS. I feel this gives me better control of patching (e.g, No Preview patches in Windows 10, etc.).

However earlier this year the synching to Microsoft to find new patches stopped working and it took me awhile to get around to it.

I couldn't figure out why but thought that some config or patch may have corrupted my system so I rebuilt a new 2008 R2 VM to reinstall WSUS from scratch.

During configuration to sync with Microsoft I now get the following error.

==============================================================

---------------------------
Synchronization Error Details
---------------------------
WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
at Microsoft.UpdateServices.Serve

==============================================================

If someone knows how to fix this please let me know.

 

I realise that the server software and WSUS version I run are no longer supported by Microsoft but does anybody know if changes at MS have stopped WSUS synching altogether?

I haven't upgraded the software because, well, the current licencing models make it prohibitively expensive just to run a patch server.

 

Thanks in advance

4 Replies
Thank you for your response.
Based upon this article I did not have TLS enabled so I used the registry hack described there and rebooted.
Unfortunately it did not fix the problem.

Did that fix your issue ?