Hi Everyone, Hoping someone can assist me with this. I've searched the forums here and Google but nothing is popping out to offer a solution. Environment Summary: Single Primary SCCM 2007 R3 Server running in NATIVE mode holding most roles (including MP/SUP with local WSUS) Remote SQL Cluster running on SQL Server 2008 R2 Remote Site System located in DMZ to hold MP/DP/SUP/FSP roles (let's call it DMZServer) - has 2nd WSUS installation) The Site Server itself is working successfully and is able to deploy clients (Client Push), software and OS Deployment, etc. I am now trying to setup the Internet facing DMZServer with MP/DP/SUP/FSP roles. I've added the DMZServer as a new Server under Site Systems and provided the Intranet FQDN and for now an external facing IP address for the Internet FQDN. Both DMZ and Site Server are part of the same Domain. The Site Server's computer account is in the local Administrator's group on the DMZ Server The DMZ Server is in the SMS_SiteSystemToSiteServerConnection_<SiteCode> group on the Site Server I've added our Web Server Signing Certificate to the DMZServer and setup the binding in IIS to HTTPS port 443. WSUS is using the Default Website on the DMZServer using the Windows Internal database Problem: On the DMZ Server where I've added the SUP role and configured the Internet-based SUP configuration to use this server with port 80/443, the SUP role installed, however in WSUSCtrl.log on the DMZ Server I receive the following series of messages every 1 minute. Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.0.6000.273, Major Version = 0x30000, Minor Version = 0x17700111 Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.1.6001.1, Major Version = 0x30001, Minor Version = 0x17710001 The installed WSUS build has the valid and supported WSUS Administration DLL assembly version (3.1.7600.226) System.Net.WebException: The request failed with HTTP status 403: Forbidden.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) STATMSG: ID=7000 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONTROL_MANAGER" SYS=XXXXXXXX SITE=XXX PID=2640 TID=3024 GMTDATE=Mon Apr 18 16:01:36.797 2011 ISTR0="XXXXXXXX" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 Failed to set WSUS Local Configuration. Will retry configuration in 1 minutes System.Net.WebException: The request failed with HTTP status 403: Forbidden.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) STATMSG: ID=7003 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONTROL_MANAGER" SYS=XXXXXXXX SITE=XXX PID=2640 TID=3024 GMTDATE=Mon Apr 18 16:01:36.895 2011 ISTR0="XXXXXXXX" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 Failures reported during periodic health check by the WSUS Server XXXXXXXX. Will retry check in 1 minutes Waiting for changes for 1 minutes Anyone know the specific call that is being made here? Any help to resolve this issue would be GREATLY appreciated! Thanks! -Jeff

Some more info found in IIS logs: 2011-04-18 16:59:36 ::1 POST /reportingwebservice/reportingwebservice.asmx - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5420) 200 0 0 7 2011-04-18 16:59:36 ::1 POST /ApiRemoting30/WebService.asmx - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5420) 403 4 5 3 2011-04-18 16:59:36 ::1 POST /ServerSyncWebService/serversyncwebservice.asmx - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5420) 403 4 5 1 2011-04-18 16:59:36 ::1 POST /ClientWebService/Client.asmx - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5420) 403 4 5 2 2011-04-18 16:59:36 ::1 POST /SimpleAuthWebService/SimpleAuth.asmx - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5420) 403 4 5 4 2011-04-18 16:59:36 ::1 POST /DssAuthWebService/DssAuthWebService.asmx - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5420) 403 4 5 0 2011-04-18 16:59:49 ::1 POST /ApiRemoting30/WebService.asmx - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5420) 403 4 5 5 All of these are the WSUS Virtual Directories that were setup for SSL so I removed the SSL requirement on these directories and the check worked... Here are the new log entries from WSUSCtrl.log on the DMZ Server: Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.0.6000.273, Major Version = 0x30000, Minor Version = 0x17700111 Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.1.6001.1, Major Version = 0x30001, Minor Version = 0x17710001 The installed WSUS build has the valid and supported WSUS Administration DLL assembly version (3.1.7600.226) Successfully connected to local WSUS server Local WSUS Server Proxy settings are correctly configured as Proxy Name and Proxy Port 80 Successfully connected to local WSUS server There are no unhealthy WSUS Server components on WSUS Server XXXXXXXX Successfully checked database connection on WSUS server XXXXXXXX So if we're failing when the directories are configured for SSL I presume that would be due to a Cert issue for the Web Server Signing Certificate?

Hello - See, the details below 7000 and 7003.... http://myitforum.com/cs2/blogs/jnelson/archive/2009/11/17/143054.aspx 7000 ERROR WSUS Control Manager SMS WSUS Configuration Manager failed to configure proxy settings on WSUS Server "%1".%12 Possible cause: WSUS Server version 3.0 SP1 and above is not installed or cannot be contacted. Solution: Verify that the WSUS Server version 3.0 SP1 or greater is installed. Verify that the IIS ports configured in SMS are same as those configured on the WSUS IIS website.You can receive failure because proxy is set but proxy name is not specified or proxy server port is invalid. SRVMSG_WSUSCTRL_ERROR_PROXY_CONFIG 7003 ERROR WSUS Control Manager SMS WSUS Configuration Manager failed to monitor WSUS Server "%1".%12 Possible cause: WSUS Server version 3.0 SP1 and above is not installed or cannot be contacted. Solution: Verify that the WSUS Server version 3.0 SP1 or greater is installed. Verify that the IIS ports configured in SMS are same as those configured on the WSUS IIS website. SRVMSG_WSUSCTRL_ERROR_MONITOR Anoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks for your reply, but honestly this is just the Status Message details that appear when the issue occurs. The Possible Cause in these messages is not relevant as I think I have already stated that our configuration meets these requirements. My goal is to get this working with SSL configured for all of the WSUS virtual directories. We're going to try re-issuing the Web Server Certificate to the DMZ server today and give it another go.

I figured this out... Stupidly I had missed running WSUSUtil.exe configuressl after I had tried re-installing the SCCM roles and IIS and WSUS so WSUSCtrl was still trying the verification using port 80 instead of 443. Problem solved!