Jump to content


kordaur

2 SUP Points wuahandler.log & Windowsupdate.log disagree with each other

Recommended Posts

Howdy All:

 

First let me say thank you for all the amazing resources that exist here. I'm definitely here once a day whether for research or troubleshooting... normally research thankfully.

 

Now to the meat of my problem... I have two SUPs, two MP's, and two DP's.

 

One MP/SUP/DP accept connections from intranet clients only via http the other accepts connections form internet clients obviously over https. All certificates are configured and happy AFAIK.

 

When clients go off the lan, the thinking is they should be looking to the internet facing MP/SUP/DP. This behavior works as expected very infrequently. For example, if I force a software update scan at this moment WUAhandler.log shows the correct internet facing server URL with port 8531. 8531 is open. This server is published in public DNS. There are no proxies in my environment. However, the log also normally shows 8024000C errors. Windowsupdate.log however shows an attempt to reach my internal wsus server on port 8530... which is not open or published in public DNS even.

 

However, sometimes everything just works happily as expect. Applications deploy fine, it is merely software updates. Endpoint protection updates still come in fine... but I'm not sure from where and haven't attempted to drill into those logs.

 

Quite frankly i'm a bit baffled by the disconnect between the two logs. Am I running into an issue with Windows update server fail over and configuration manager location detection not playing nicely? I don't have a FSP established and am running SCCM 2012 SP1 with windows server 2012. does windows update just need to hard fail four times to get the job done in this case? If so, that's a bit absurd given the frequency of update scanning being limited to once a day I believe. Since we have a few trusted forests, I'm not inclined to attempt to simplify to 1 sup serving https only to both intranet and internet as clients bound to our trusted forest's root domains would then not be able to connect I believe...

 

Anybody have any ideas?

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.