I have a SCCM SUP installed which hasn't been able to download updates for 1-2 months now, with it working fine prior to that. The error is seemingly certificate based, and I'm guessing that's with trying to connect to https://download.windowsupdate.com. I've checked our proxy and we have the certificates that are needed for all URLs that it tries to connect to, however if I browse to the above address I get a 'Mismatched address' warning in IE as the certificate presented by it is actually one issued to the URL a248.e.akamai.net. I'm guessing this is where the failure is happening. I've included the error in full below. Any ideas on a workaround? Were there any patches that I may need to apply to the SCCM server to fix this or point to another WU location on the internet? I've already disabled the certificate mismatch warning GPO and also added that url to trust sites and that's not helped. In addition, I built a new WSUS box from scratch to test this issue and the error has also occured there too...
Heres the Sync Mgr log from SCCM
Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS SMS_WSUS_SYNC_MANAGER 19/02/2013 12:48:19 6276 (0x1884) STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=OURSERVER.OURDOMAIN.COM SITE=XXX PID=4336 TID=6276 GMTDATE=Tue Feb 19 12:48:19.977 2013 ISTR0="Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS" ISTR1="UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 19/02/2013 12:48:19 6276 (0x1884)
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Hi all,
I have a SCCM SUP installed which hasn't been able to download updates for 1-2 months now, with it working fine prior to that. The error is seemingly certificate based, and I'm guessing that's with trying to connect to https://download.windowsupdate.com. I've checked our proxy and we have the certificates that are needed for all URLs that it tries to connect to, however if I browse to the above address I get a 'Mismatched address' warning in IE as the certificate presented by it is actually one issued to the URL a248.e.akamai.net. I'm guessing this is where the failure is happening. I've included the error in full below. Any ideas on a workaround? Were there any patches that I may need to apply to the SCCM server to fix this or point to another WU location on the internet? I've already disabled the certificate mismatch warning GPO and also added that url to trust sites and that's not helped. In addition, I built a new WSUS box from scratch to test this issue and the error has also occured there too...
Heres the Sync Mgr log from SCCM
Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS
SMS_WSUS_SYNC_MANAGER 19/02/2013 12:48:19
6276 (0x1884)
STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=OURSERVER.OURDOMAIN.COM SITE=XXX PID=4336 TID=6276 GMTDATE=Tue Feb 19 12:48:19.977 2013 ISTR0="Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS" ISTR1="UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER
19/02/2013 12:48:19 6276 (0x1884)
Share this post
Link to post
Share on other sites