kordaur Posted January 31, 2014 Report post Posted January 31, 2014 Howdy All: First let me say thank you for all the amazing resources that exist here. I'm definitely here once a day whether for research or troubleshooting... normally research thankfully. Now to the meat of my problem... I have two SUPs, two MP's, and two DP's. One MP/SUP/DP accept connections from intranet clients only via http the other accepts connections form internet clients obviously over https. All certificates are configured and happy AFAIK. When clients go off the lan, the thinking is they should be looking to the internet facing MP/SUP/DP. This behavior works as expected very infrequently. For example, if I force a software update scan at this moment WUAhandler.log shows the correct internet facing server URL with port 8531. 8531 is open. This server is published in public DNS. There are no proxies in my environment. However, the log also normally shows 8024000C errors. Windowsupdate.log however shows an attempt to reach my internal wsus server on port 8530... which is not open or published in public DNS even. However, sometimes everything just works happily as expect. Applications deploy fine, it is merely software updates. Endpoint protection updates still come in fine... but I'm not sure from where and haven't attempted to drill into those logs. Quite frankly i'm a bit baffled by the disconnect between the two logs. Am I running into an issue with Windows update server fail over and configuration manager location detection not playing nicely? I don't have a FSP established and am running SCCM 2012 SP1 with windows server 2012. does windows update just need to hard fail four times to get the job done in this case? If so, that's a bit absurd given the frequency of update scanning being limited to once a day I believe. Since we have a few trusted forests, I'm not inclined to attempt to simplify to 1 sup serving https only to both intranet and internet as clients bound to our trusted forest's root domains would then not be able to connect I believe... Anybody have any ideas? Quote Share this post Link to post Share on other sites More sharing options...