SCCM | Intune | Windows 365 | Windows 11 Forums

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

SOLVED SCCM: Sync failed with WSUS. error 0x80131500

Status
Not open for further replies.

Rasl

Member
Messages
11
Reaction score
0
Points
1
Hello,

I've upgraded my SCCM 1802 to 1806 and after that i cant synchronize my updates. The error is The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS.

What i need to do to fix this issue. Thanks in advance
 
in wsus ctrl.log
Successfully connected to local WSUS server SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
There are no unhealthy WSUS Server components on WSUS Server SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
Successfully checked database connection on WSUS server SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
 
my first post was from wsyncmgr.log

The error is The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS.


WSUSCtrl.log

Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608) SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:53 PM 9712 (0x25F0)
Checking runtime v4.0.30319... SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:53 PM 9712 (0x25F0)
Found supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file version 6.2.14393.0 SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:53 PM 9712 (0x25F0)
Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file version 6.2.14393.2969 SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:53 PM 9712 (0x25F0)
Supported WSUS version found SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:53 PM 9712 (0x25F0)
Attempting connection to local WSUS server SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:53 PM 9712 (0x25F0)
Successfully connected to local WSUS server SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
No changes - local WSUS Server Proxy settings are correctly configured as Proxy Name and Proxy Port 80 SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
Attempting connection to local WSUS server SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
Successfully connected to local WSUS server SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
There are no unhealthy WSUS Server components on WSUS Server SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
Successfully checked database connection on WSUS server SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
Waiting for changes for 57 minutes SMS_WSUS_CONTROL_MANAGER 9/30/2019 4:41:54 PM 9712 (0x25F0)
 
also from
wsyncmgr.log

STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=XXXXXX.contoso.com SITE=BRS PID=4812 TID=9092 GMTDATE=Mon Sep 30 12:56:08.981 2019 ISTR0="Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS" ISTR1="UssCommunicationError: WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
 
Thank you so much it was because of security
this case
After sometime ,got to know from another colleague that ,there were some changes made to the proxy server by NOC team which requires SSL authentication. What it means is ,software update sync happens using system account instead of user account which require SSL authentication and in this case, we need to get approval from security team to allow the SCCM site server computer account to bypass or added to exception list.
 
Status
Not open for further replies.
Back
Top