WSUS location changes when client is on the internet

We want the wsus location to be https://sccmserver.domain.com:8531 irrespective of client location (otherwise we get scan errors in wuahandler.log).  Other client operations use software.domain.com with no problems (software installations etc) both on domain and on the internet

Thanks

David

Locationsservices.log

When on internet:

Created and Sent Location Request '{9ABF3FA8-DBAE-4B3C-83CD-EBF8E9475844}' for package {816357A7-6CA0-4131-8568-274AEA4CCA80}
Calling back with the following WSUS locations
WSUS Path='https://software.domain.com:8531', Server='sccmserver.domain.com', Version='1026'
Calling back with locations for WSUS request {9ABF3FA8-DBAE-4B3C-83CD-EBF8E9475844}

When on domain:

Current AD site of machine is Default-First-Site-Name LocationServices 26/08/2015 11:19:53 4688 (0x1250)
Created and Sent Location Request '{1400C82E-9BEC-4C62-B7CE-A72DC11C6897}' for package {816357A7-6CA0-4131-8568-274AEA4CCA80} LocationServices 26/08/2015 11:19:53 4688 (0x1250)
Calling back with the following WSUS locations LocationServices 26/08/2015 11:19:53 4496 (0x1190)
WSUS Path='https://sccmserver.domain.com:8531', Server='sccmserver.domain.com', Version='1026' LocationServices 26/08/2015 11:19:53 4496 (0x1190)
Calling back with locations for WSUS request {1400C82E-9BEC-4C62-B7CE-A72DC11C6897} LocationServices 26/08/2015 11:19:53 4496 (0x1190)

August 26th, 2015 6:57am

So if i get this right you have 2 SUP in your SCCM infrastructure?

And you would always want the client to use the same one ?

The only option you have in your case to point client is using this option in the SUP configuration

But keep in mind that this doesn't means the client will always use the one you want. The SUP work is that once a client made a successful connection to the SUP it will never change unless the SUP is having trouble.

http://blogs.technet.com/b/umairkhan/archive/2014/10/03/configmgr-2012-r2-multiple-sup-scenario-clients-not-failing-over-to-the-other-sup.aspx

Not sure if this is what you meant

Free Windows Admin Tool Kit Click here and download it now
August 26th, 2015 7:11am

Should have explained better.....

There is only one SUP and only one WSUS instance.  We converted the management point to https a few months ago but couldn't get the wsus instance to use the software.domain.com name - it remained as sccmserver.domain.com (despite Microsoft tech support assistance)

http://jackstromberg.com/2013/11/enabling-ssl-on-windows-server-update-services-wsus/#comments

If I change the SUP configuration to intranet only then I only get the first line in the locationservices.log

Thanks

David


August 26th, 2015 8:50am

if the 2 URL are pointing to the same SUP why do you need to change it ?


Free Windows Admin Tool Kit Click here and download it now
August 26th, 2015 9:04am

certificate issues I think
August 26th, 2015 10:21am

Should have explained better.....

There is only one SUP and only one WSUS instance.  We converted the management point to https a few months ago but couldn't get the wsus instance to use the software.domain.com name - it remained as sccmserver.domain.com (despite Microsoft tech support assistance)

http://jackstromberg.com/2013/11/enabling-ssl-on-windows-server-update-services-wsus/#comments

If I change the SUP configuration to intranet only then I only get the first line in the locationservices.log

Thanks

David


  • Edited by David b111 Wednesday, August 26, 2015 12:51 PM
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2015 12:48pm

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

September 5th, 2015 12:28pm

I did speak to Microsoft about this. 

Summary:

Bind a SAN certificate to the WSUS iis website for both the local server fqdn and the internet fqdn - do this to avoid certificate errors

Connection type: Currently intranet - checks RSOP and local intranet GPO settings to check WSUS
location (make sure the two settings are the same to avoid 'overwritten by higher authority' errors in wuahandler.log)

Connection type: Currently internet - hard coded to internet location point - so even though RSOP says to use local server fqdn, locationservices.log says it connects to internet fqdn

Hope this helps someone



Free Windows Admin Tool Kit Click here and download it now
September 7th, 2015 9:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics