Jump to content


Craig620

Wrong WSUS WUA server assigned to DMZ agents

Recommended Posts

Having a problem with the WSUS part of SCCM 2012 not working on agents in our DMZ. Internal agents working fine. DMZ agents have PKI certificates from internal PKI, and are appearing in the console as active inventory.

Because many parts of the SCCM roles must be configured for HTTP or HTTPS and not both at the same time:
1 - these agents are on a boundary that assign them to a MP that is configured for SSL. Agent control panel shows correct MP.
2 - these agents are also in a collection with different client settings to assign them an 8531 appcat.
SDCSCMP23 is the HTTP WSUS/Appcat/MP for internal agents
SDCSCMP25 is the SSL WSUS/Appcat/MP with PKI certs for DMZ agents

The problem is that SCCM is configuring DMZ agents to use the HTTP parts of the Infrastructure for WSUS, and not the HTTPS parts. Per MS Doc, Client Settings are supposed to auto assign an HTTPS appcat before an HTTP one, but this was not happening, so I made my own client settings to assign the HTTPS appcat.
Simply modifying the firewall config to permit 443, 8531 to this other server is NOT an option, because those servers are listening on 80, 8530 (for internal HTTP agents) not 443, 8531. We have a requirement to use only 443, 8531 for the DMZ agents. Have verified that 443, 8531 are open through the firewall to SDCSCMP25 from the agents. This is SCCM 2012 SP1. We are NOT assigning WSUS servers through GPO.
How do I get SCCM to assign the correct WSUS servers to these agents?

Thanks

WUAHandler.log
Enabling WUA Managed server policy to use server: HTTP://SDCSCMP23.ACME.COM:8530
m_spSearchJobUpdateSearcher->EndSearch(m_spSearchJob, &spSearchResult), HRESULT=80072ee2 (e:\nts_sccm_release\sms\client\updatesmgmt\wuahandler\cwuahandler.cpp,3064)   WUAHandler  4/11/2013 6:09:59 PM    1480 (0x05C8)
OnSearchComplete - Failed to end search job. Error = 0x80072ee2.    WUAHandler  4/11/2013 6:09:59 PM    1480 (0x05C8)
Scan failed with error = 0x80072ee2.    WUAHandler  4/11/2013 6:09:59 PM    1480 (0x05C8)

WindowsUpdate.log
2013-04-11  18:09:05:376     828    15fc    Agent   ***********  Agent: Refreshing global settings cache  ***********
2013-04-11  18:09:05:376     828    15fc    Agent     * WSUS server: HTTP://SDCSCMP23.ACME.COM:8530 (Changed)
2013-04-11  18:09:05:376     828    15fc    Agent     * WSUS status server: HTTP://SDCSCMP23.ACME.COM:8530 (Changed)
2013-04-11  18:09:35:641     828    1668    PT  +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-04-11  18:09:35:641     828    1668    PT    + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://SDCSCMP23.ACME.COM:8530/ClientWebService/client.asmx
2013-04-11  18:09:59:235     828    1668    Misc    WARNING: Send failed with hr = 80072ee2.
2013-04-11  18:09:59:235     828    1668    Misc    WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-04-11  18:09:59:235     828    1668    PT    + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
2013-04-11  18:09:59:235     828    1668    PT    + Caller provided credentials = No
2013-04-11  18:09:59:235     828    1668    PT    + Impersonate flags = 0
2013-04-11  18:09:59:235     828    1668    PT    + Possible authorization schemes used = 
2013-04-11  18:09:59:235     828    1668    PT  WARNING: GetConfig failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
2013-04-11  18:09:59:235     828    1668    PT  WARNING: PTError: 0x80072ee2
2013-04-11  18:09:59:235     828    1668    PT  WARNING: GetConfig_WithRecovery failed: 0x80072ee2
2013-04-11  18:09:59:235     828    1668    PT  WARNING: RefreshConfig failed: 0x80072ee2
2013-04-11  18:09:59:235     828    1668    PT  WARNING: RefreshPTState failed: 0x80072ee2
2013-04-11  18:09:59:235     828    1668    PT  WARNING: Sync of Updates: 0x80072ee2
2013-04-11  18:09:59:235     828    1668    PT  WARNING: SyncServerUpdatesInternal failed: 0x80072ee2
2013-04-11  18:09:59:235     828    1668    Agent     * WARNING: Failed to synchronize, error = 0x80072EE2
2013-04-11  18:09:59:235     828    1668    Agent     * WARNING: Exit code = 0x80072EE2

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.