Additional info: At Evan's suggestion attempting to hit https://65.55.185.26 through IE fails on this server. However, using standard HTTP instead (without SSL) brings up the Windows Update page. Other servers behind the same firewall can hit https://65.55.185.26 no problem, so it's not a gateway issue.
Windows Firewall is on, but there don't seem to be any outbound rules blocking https connections. I will try other https sites, and disable Windows Firewall as a next step.
Original Question I have a problem with Windows Server Update Services SP2, where the synchronizations to Microsoft are failing. Only those synchronizations are failing; all client computers are able to receive updates that have already been approved.
The synchronization error is as follows:
WebException: Unable to connect to the remote server --->
System.Net.Sockets.SocketException: A connection attempt failed because the
connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond
65.55.185.26:443
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at
Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
at
Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at
Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager
authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie
cookie, WebServiceCommunicationHelper webServiceHelper)
at
Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
at
Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
I have traced the day this started happening as the day we installed Terminal Services Gateway on this server. I now know that TS is incompatible with WSUS, so I have removed TS Gateway and the included options, however I am still receiving the error.
I attempted to re-install WSUS (using the existing updates and database) and there is no change.
Running Network Monitor on the server, it appears that WSUS sends traffic to the Microsoft server, however it receives nothing in return. I have confirmed we have no outgoing firewall rules blocking the traffic, and to my understanding, since WSUS is initiating the connection, there should be nothing else required to allow the connection to proceed.
Has anyone come across this, or know of a solution?
Opening https://65.55.185.26 on the server computer ought to give you a Windows Update page. If it doesn't, you've got communication issues.
I'm happy to see you're using Network Monitor to see what's on the wire. When you say "it receives nothing in return", are you saying that you're seeing TCP SYN requests going to 65.55.185.26, port 443, and not seeing anything coming back at all?
If you're seeing nothing coming back from 65.55.185.26 then you should start sniffing at the border of the network to see if the server's requests are making out to the Internet or not (and, if they are, seeing if response are coming back). This has the feel that something is firewalling either your requests outbound or the responses coming back.
just checking...is it because of the https/ssl (443). I remember that SSL is not mandatory (but recomended) for WSUS setups.
First I would uninstall and re-install and configure IIS and if that's not succesfull then I would rebuild the WSUS-server and install WSUS 3.0 SP3. This could be the fastest way to get WSUS environment up and going. In fact I did this when I was upgradring WSUS 3.0 SP3 into new server.
Solution Found:
My dumb self didn't check the edge firewall rules well enough when I removed the TS Gateway role from this server. An outbound NAT policy was still set to translate https traffic to a different external IP, which caused any SSL site attempt to fail.
Removing this NAT rule allows the synchronization to succeed.
Thanks for the suggestions and help.