Craig620 Posted April 15, 2013 Report post Posted April 15, 2013 Having a problem with the WSUS part of SCCM 2012 not working on agents in our DMZ. Internal agents working fine. DMZ agents have PKI certificates from internal PKI, and are appearing in the console as active inventory. Because many parts of the SCCM roles must be configured for HTTP or HTTPS and not both at the same time:1 - these agents are on a boundary that assign them to a MP that is configured for SSL. Agent control panel shows correct MP.2 - these agents are also in a collection with different client settings to assign them an 8531 appcat.SDCSCMP23 is the HTTP WSUS/Appcat/MP for internal agentsSDCSCMP25 is the SSL WSUS/Appcat/MP with PKI certs for DMZ agents The problem is that SCCM is configuring DMZ agents to use the HTTP parts of the Infrastructure for WSUS, and not the HTTPS parts. Per MS Doc, Client Settings are supposed to auto assign an HTTPS appcat before an HTTP one, but this was not happening, so I made my own client settings to assign the HTTPS appcat.Simply modifying the firewall config to permit 443, 8531 to this other server is NOT an option, because those servers are listening on 80, 8530 (for internal HTTP agents) not 443, 8531. We have a requirement to use only 443, 8531 for the DMZ agents. Have verified that 443, 8531 are open through the firewall to SDCSCMP25 from the agents. This is SCCM 2012 SP1. We are NOT assigning WSUS servers through GPO.How do I get SCCM to assign the correct WSUS servers to these agents? Thanks WUAHandler.log Enabling WUA Managed server policy to use server: HTTP://SDCSCMP23.ACME.COM:8530 m_spSearchJobUpdateSearcher->EndSearch(m_spSearchJob, &spSearchResult), HRESULT=80072ee2 (e:\nts_sccm_release\sms\client\updatesmgmt\wuahandler\cwuahandler.cpp,3064) WUAHandler 4/11/2013 6:09:59 PM 1480 (0x05C8) OnSearchComplete - Failed to end search job. Error = 0x80072ee2. WUAHandler 4/11/2013 6:09:59 PM 1480 (0x05C8) Scan failed with error = 0x80072ee2. WUAHandler 4/11/2013 6:09:59 PM 1480 (0x05C8) WindowsUpdate.log 2013-04-11 18:09:05:376 828 15fc Agent *********** Agent: Refreshing global settings cache *********** 2013-04-11 18:09:05:376 828 15fc Agent * WSUS server: HTTP://SDCSCMP23.ACME.COM:8530 (Changed) 2013-04-11 18:09:05:376 828 15fc Agent * WSUS status server: HTTP://SDCSCMP23.ACME.COM:8530 (Changed) 2013-04-11 18:09:35:641 828 1668 PT +++++++++++ PT: Synchronizing server updates +++++++++++ 2013-04-11 18:09:35:641 828 1668 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = HTTP://SDCSCMP23.ACME.COM:8530/ClientWebService/client.asmx 2013-04-11 18:09:59:235 828 1668 Misc WARNING: Send failed with hr = 80072ee2. 2013-04-11 18:09:59:235 828 1668 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <> 2013-04-11 18:09:59:235 828 1668 PT + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0 2013-04-11 18:09:59:235 828 1668 PT + Caller provided credentials = No 2013-04-11 18:09:59:235 828 1668 PT + Impersonate flags = 0 2013-04-11 18:09:59:235 828 1668 PT + Possible authorization schemes used = 2013-04-11 18:09:59:235 828 1668 PT WARNING: GetConfig failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200 2013-04-11 18:09:59:235 828 1668 PT WARNING: PTError: 0x80072ee2 2013-04-11 18:09:59:235 828 1668 PT WARNING: GetConfig_WithRecovery failed: 0x80072ee2 2013-04-11 18:09:59:235 828 1668 PT WARNING: RefreshConfig failed: 0x80072ee2 2013-04-11 18:09:59:235 828 1668 PT WARNING: RefreshPTState failed: 0x80072ee2 2013-04-11 18:09:59:235 828 1668 PT WARNING: Sync of Updates: 0x80072ee2 2013-04-11 18:09:59:235 828 1668 PT WARNING: SyncServerUpdatesInternal failed: 0x80072ee2 2013-04-11 18:09:59:235 828 1668 Agent * WARNING: Failed to synchronize, error = 0x80072EE2 2013-04-11 18:09:59:235 828 1668 Agent * WARNING: Exit code = 0x80072EE2 Quote Share this post Link to post Share on other sites More sharing options...