DMZ based SUP Error. (503) Server Unavailable

Hi,

A quick description of our current setup (relevant bits at least):

Site server (SUP-A)

  • Windows Server 2012 R2 with ConfigMgr 2012 R2 C3 primary site, with intranet client only SUP
  • Internet connected through proxy
  • This server synchronizes from the Internet successfully.
  • On Forest A

DMZ server (SUP-B)

  • Windows Server 2012 R2 with MP, DP and SUP roles installed
  • On Forest B
  • No internet connectivity allowed, hosted on DMZ
  • Forest A and B are not trusted.

I have installed WSUS, finish the initial setup and then deployed the SUP role on SUP-B

Here's is the issue:

When I check the WCM.log on SUP-A, I get the following

Verify Upstream Server settings on the Active WSUS Server    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:05:31 AM    4212 (0x1074)
No changes - WSUS Server settings are correctly configured and Upstream Server is set to Microsoft Update    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:05:31 AM    4212 (0x1074)
Attempting connection to WSUS server: SUP-B.fqdn, port: 8531, useSSL: True SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:05:31 AM    4212 (0x1074)
System.Net.WebException: The request failed with HTTP status 503: Service Unavailable.~~   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:06:46 AM    4212 (0x1074)
WSUS Server configuration has been updated. Updating Group Info.    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:06:46 AM    4212 (0x1074)
Updating Group Info for WSUS.    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:06:46 AM    4212 (0x1074)
Refreshing categories from WSUS server    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:06:46 AM    4212 (0x1074)
Attempting connection to WSUS server: SUP-A.fqdn, port: 8531, useSSL: True    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:06:46 AM    4212 (0x1074)
Successfully connected to server: SUP-A.fqdn, port: 8531, useSSL: True    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:06:46 AM    4212 (0x1074)
Successfully refreshed categories from WSUS server    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:07:16 AM    4212 (0x1074)
Attempting connection to WSUS server: SUP-A.fqdn, port: 8531, useSSL: True    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:07:21 AM    4212 (0x1074)
Successfully connected to server: SUP-A.fqdn, port: 8531, useSSL: True    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:07:21 AM    4212 (0x1074)
Attempting connection to WSUS server: SUP-A.fqdn, port: 8531, useSSL: True    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:07:21 AM    4212 (0x1074)
Successfully connected to server: SUP-A.fqdn, port: 8531, useSSL: True    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:07:21 AM    4212 (0x1074)
Waiting for changes for 58 minutes    SMS_WSUS_CONFIGURATION_MANAGER    6/02/2015 11:07:21 AM    4212 (0x1074))

I have tried, both HTTP/HTTS on the default ports, as well as 80/443. On each occasion, I can connect to the local server using the WSUS console, but i cannot connect to the remote WSUS server using the console. I can however, connect using a web browser.

Any ideas. Your help would be greatly appreciated.


  • Edited by Andres Munoz Friday, February 06, 2015 8:04 AM Typo
February 6th, 2015 12:22am

Hi,

Have you confirmed the ports 445 and 8531 are allowed between Promary Site and Software Update Point? Please make sure that the WSUS Server Connection account has been specified to connect to the WSUS server.

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
February 6th, 2015 7:28am

Yes, all the ports and account have been configured correctly.

After some troubleshooting I've discovered this is caused because SUP-A is attempting to connect to SUP-B via proxy server.

If I disable the use of proxy when downloading content from the internet, it connects successfully to SUP-B, but then it cannot synchronise updates.

I have specified proxy settings and bypass list at the system level, both using netsh winhttp and from IE gui started in the system context to no avail. as soon as I do this, either:

If use proxy is enabled, I can synchronise updates from the internet, and cannot connect to the downstream SUP-B, or

If use proxy is disabled, I can connect to SUP-B, but cannot synchronise updates from windows update.

The current setup stands as follows

Site server (SUP-A)

  • Internet connected through proxy, and bypass list includes *.SUP-BFQDN
  • This server synchronizes from the Internet successfully.
  • Site system is configured to use proxy when downloading content from the internet.
  • Connection to SUP-B fails with 503: Service unavailable

Any suggestions?

February 6th, 2015 8:04am

Since no one has answer this post, I recommend opening  a support case with CSS as they can work with you to solve this problem.

Free Windows Admin Tool Kit Click here and download it now
April 25th, 2015 10:10am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics