Re: trouble using SSL on WSUS

---

• From: Randhir Vayalambrone <vayalambrones@xxxxxxxxx>
• Date: Tue, 14 Mar 2006 15:32:15 -0800 (PST)

---

This should help,

http://update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=12&ln=en&IsMu=False


Randhir Vayalambrone
Cell: +1 (717) 350-1177
"Some men see things as they are and say why... I dream of things that never were and say why not."
GBS


----- Original Message ----
From: Bart Poort <bggp@xxxxxxxxx>
To: focus-ms@xxxxxxxxxxxxxxxxx
Sent: Tuesday, March 14, 2006 10:23:33 AM
Subject: trouble using SSL on WSUS


Hi,

I having some trouble using SSL on WSUS. I configured the server and the
clients according to the deployment guide. The clients aren't having any
problemens when downloading updates through http. I have an unofficially
signed certificate and imported it in Internet Information Services
managen. I activated ssl for the clientwebservice, dssauthwebservice,
serversyncwebservice, simpleauthwebservice and wsusadmin.

I configured the client to use the WSUS server through https. When i force
the client to check for new updates (wuauclt /detectnow) the following
errormessage appears in the WindowsUpdate log:

2006-03-14 15:17:23 1048 d38 AU #############
2006-03-14 15:17:23 1048 d38 AU ## START ## AU: Search for updates
2006-03-14 15:17:23 1048 d38 AU #########
2006-03-14 15:17:23 1048 d38 AU <<## SUBMITTED ## AU: Search for updates
[CallId = {C535C51C-A97E-4447-920F-C26B349DD626}]
2006-03-14 15:17:23 1048 428 Agent *************
2006-03-14 15:17:23 1048 428 Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2006-03-14 15:17:23 1048 428 Agent *********
2006-03-14 15:17:23 1048 428 Misc WARNING: Send failed with hr = 80072f8f.
2006-03-14 15:17:23 1048 428 Misc WARNING: SendRequest failed with hr =
80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp: SendRequestUsingProxy
failed for <https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab>. error
0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp: ShouldFileBeDownloaded
failed with 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: Send failed with hr = 80072f8f.
2006-03-14 15:17:23 1048 428 Misc WARNING: SendRequest failed with hr =
80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp: SendRequestUsingProxy
failed for <https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab>. error
0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp: ShouldFileBeDownloaded
failed with 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: Send failed with hr = 80072f8f.
2006-03-14 15:17:23 1048 428 Misc WARNING: SendRequest failed with hr =
80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp: SendRequestUsingProxy
failed for <https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab>. error
0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp: ShouldFileBeDownloaded
failed with 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: Send failed with hr = 80072f8f.
2006-03-14 15:17:23 1048 428 Misc WARNING: SendRequest failed with hr =
80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp: SendRequestUsingProxy
failed for <https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab>. error
0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: WinHttp: ShouldFileBeDownloaded
failed with 0x80072f8f
2006-03-14 15:17:23 1048 428 Misc WARNING: DownloadFileInternal failed for
https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab: error 0x80072f8f
2006-03-14 15:17:23 1048 428 Setup FATAL: IsUpdateRequired failed with
error 0x80072f8f
2006-03-14 15:17:23 1048 428 Setup WARNING: SelfUpdate: Default Service:
IsUpdateRequired failed: 0x80072f8f
2006-03-14 15:17:23 1048 428 Setup WARNING: SelfUpdate: Default Service:
IsUpdateRequired failed, error = 0x80072F8F
2006-03-14 15:17:23 1048 428 Agent * WARNING: Skipping scan, self-update
check returned 0x80072F8F
2006-03-14 15:17:23 1048 428 Agent * WARNING: Exit code = 0x80072F8F
2006-03-14 15:17:23 1048 428 Agent *********
2006-03-14 15:17:23 1048 428 Agent ** END ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2006-03-14 15:17:23 1048 428 Agent *************
2006-03-14 15:17:23 1048 428 Agent WARNING: WU client failed Searching for
update with error 0x80072f8f
2006-03-14 15:17:23 1048 428 AU >>## RESUMED ## AU: Search for updates
[CallId = {C535C51C-A97E-4447-920F-C26B349DD626}]
2006-03-14 15:17:23 1048 428 AU # WARNING: Search callback failed,
result = 0x80072F8F
2006-03-14 15:17:23 1048 428 AU #########
2006-03-14 15:17:23 1048 428 AU ## END ## AU: Search for updates
[CallId = {C535C51C-A97E-4447-920F-C26B349DD626}]
2006-03-14 15:17:23 1048 428 AU #############
2006-03-14 15:17:23 1048 428 AU AU setting next detection timeout to
2006-03-14 15:15:01
2006-03-14 15:17:28 1048 428 Report REPORT EVENT:
{96D02F42-470E-4CB4-A0B0-D68D39890A33} 2006-03-14
15:17:23+0100 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 0 80072f8f SelfUpdate Failure Software
Synchronization Error: Agent failed detecting with reason: 0x80072f8f

I've read on serveral sites that the server certificate has to be imported
to the client local Trusted Root CA so this is what i did.

I've made an export of the certificate on the wsus server (pfx format). I
copied it to one of my clients just to test it. I tried to import the
certificate to the local computer Trusted Root CA but it still doesn't
seem to work :-(. When i take a look at the certificate overview (on
Trusted Root CA, ALL view) my certificate appears not to be listed. So i
impoted the certificate but it isn't listed. where did it go?

Maybe this isn't the solution to my problem. If so, can anyone tell me
where to look?

Thanks in advance,

Bart


---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

---

• References:
  • trouble using SSL on WSUS
    • From: Bart Poort

• Prev by Date: RE: trouble using SSL on WSUS
• Next by Date: Re: trouble using SSL on WSUS
• Previous by thread: trouble using SSL on WSUS
• Next by thread: Re: trouble using SSL on WSUS
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: 802.1x Authentication Fails ... Reason = The authentication request was not processed because the ... a default certificate is being sent to ... I queried the product team about this and they feel the server certificate ... which is causing the problem that the clients cannot ... (microsoft.public.internet.radius) Re: Can this be done? Wireless Access w/o the use if CERTs ... a default certificate is being sent to user ... Could not retrieve the Remote Access Server's certificate due to the ... to use EAP-TLS but you don't have a server certificate. ... EAP-TLS requires certificates on clients and on the IAS server. ... (microsoft.public.internet.radius) Re: Basic WEP/RADIUS/802.11 (Cisco/MS) question ... but I am interested in this whole Radius ... > I see that I can pull a Radius server out of the Microsoft Windows ... Cisco 1200 APs would be the RADIUS clients. ... a third party CA for your server certificate that your clients already ... (microsoft.public.internet.radius) Re: subtext search in encrypted text ... > * clients access the system by communication with a application server ... both a client certificate and a server certificate. ... How secure is the memory of the phone? ... (sci.crypt) Re: Private key generation ... As I wrote in my first answer to that thread - there are many situations when key pair is generated on trusted server. ... identity based encryption) simply requires generation of private key on server... ... High assurance keys (especially these that afterward are split in multiple shares using secret sharing schemes) may also require use of specialized equipment and computers that runs in a tempest/EM shielded locations. ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ... (microsoft.public.dotnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)