SCCM Configmgr SUP Sync Error the Underlying Connection Was Closed Couldn’t Set Up Belief Relationship For the SSL/TLS Safe Channel

By | October 21, 2017

I was contacted by colleague that Configmgr shouldn’t be exhibiting the updates that have been printed day in the past by SCUP . So i began checking the SCUP configuration (proxy) and the updates standing if they’re printed or not utilizing the date published and in addition verified SCUP logs.

From SCUP perspective,all seems good. Subsequent to take a glance at Configmgr ,on this ,i checked the SUP properties if the printed merchandise are chosen or not , examine the proxy particulars in website system position properties.

Next to take a glance at proxy particulars which may be configured in IE for system account for which ,you have to use psexec device to confirm it.

How to open IE utilizing system account or examine the proxy particulars in cmd utilizing pxecec ? run the cmd utilizing administrator ,run psexec i s cmd.exe

Type netsh winhttp present proxy it should provide the proxy particulars if in any respect configured .Run the next command to open IE utilizing system account

PsExec.exe -i -s “C:\Program Files\Internet Explorer\iexplore.exe”

set the proxy in IE ,as quickly as that is executed ,come again to cmd immediate (system account) and run netsh winhttp import proxy supply =ie to import the IE settings .

This additionally seems good to me .What else may go mistaken for the updates not proven up in SCCM console ?

Now ,i transfer onto the SUP logs WCM.log and WSUSCtrl.log each seems good and the ultimate log is sync log wsyncmgr.log which has some errors init.

Sync failed: UssCommunicationError: WebException: The underlying connection was closed: Couldn’t set up belief relationship for the SSL/TLS safe channel. —> System.Security.Authentication.AuthenticationException: The distant certificates is invalid in maintaining with the validation procedure.~~at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request). Supply: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncWSUS

image

we know that ,there are not any modifications to IIS or any configurations in the earlier few months with respect to SSL. I’ve tried the sync by offering the person identify in website system position properties to make use of credentials to join with proxy server nevertheless it failed with identical error.

After looking out in Google with above error ,discovered few blogs that refers to https://technet.microsoft.com/en-us/library/dn265983.aspx (configure trusted roots) however they don’t apply to me .

SCCM SUP sync failed 6703

SUP-Synchronisation schlägt fehl: Could not establish trust relationship for the SSL/TLS secure channel

https://www.windows-noob.com/forums/topic/7559-sup-sync-issue/

After someday ,bought to know from one other colleague that ,there have been some modifications made to the proxy server by NOC group which requires SSL authentication. What it means is ,software program replace sync occurs utilizing system account as a substitute of person account which require SSL authentication and on this case, we have to get approval from safety group to permit the SCCM website server pc account to bypass or added to exception checklist.

References and troubleshooting https://support.microsoft.com/en-us/help/10329/configuring-software-update-synchronization-in-system-center-configura

https://technet.microsoft.com/en-sg/library/bb892795.aspx


Please check this great service at: http://www.test-net.org/services/port-check/ or visit FREE SERVICES menu

[Total: 0    Average: 0/5]