WSUS EventID 12002, 12012, 12022, 12032, 12043, 12052, 12072 fresh install

Just to add few more details..
Among others, there is EventID 12072

In my case: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel

I don't see any problems with SSL .. it's 3rd party certificate..
CA is imported in Trusted Root Certification Authorities
SSL certificate for WSUS is imported in Web Hosting Certificates, it is valid until 2032, Intended purposes ALL, friendly name is not set.
IIS has binding set to use SSL, all the web services SSL Required has been set like MS docummentation required..

As I said previously, WSUS is downloading updates with autosync just fine, clients are able to communicate with it using SSL, console is working using Local/SSL:8531
All seems to be working

From previous testing, I was getting 12002-12052 errors with SSL disabled .. so not really convinced that 12072 is also causing 12002-12052 errors..
Anyone?

Try rerunning the wsusutil configuressl along with the step before it.

https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-7-ssl-setup-for-wsus-and-why-you-should-care/

# 3. Require SSL for the following virtual roots only:  
    'SimpleAuthWebService','DSSAuthWebService',  
    'ServerSyncWebService','APIRemoting30',  
    'ClientWebService' | ForEach-Object {  
        Set-WebConfigurationProperty -Filter 'system.webserver/security/access' -Location "WSUS Administration/$($_)" -Name sslFlags -Value 8  
    }  
   
# 4. Switch WSUS to SSL  
    & 'C:\Program Files\Update Services\Tools\WsusUtil.exe' configuressl $($FQDN)  

Adam, thank you for your reply.
Yesterday, late afternoon I've managed to solve the issue.

The problem was indeed in that 3rd party certificate, exactly in the Issued to field. I'd misstyped the FQDN for my pre-production server running WSUS.
Everything has been configured as it should, simply a human error

This was the best tutorial to help me with the problem solving:
https://forums.ivanti.com/s/article/How-To-Configure-IIS-to-Use-SSL-Connections-on-Your-WSUS-Server-Self-Signed-Certificate?language=en_US

I was reading this article before just haven't seen my own typo error

Once I issued the new certificate with the correct FQDN (Issued to field), installed the certificate, changed it in IIS, restarted IIS and WSUS .. checkhealth was giving me no more errors

WSUS eventlog is now looking like this:

All others 12002-12052 errors are gone.
From this very experience, most important point is to solve 12072 EventID error .. all other WSUS errors dissapeared afterwards.
I haven't had much time to play with it afterwards .. I only distributed new certificate to two lab rats .. all is working as previously, but this time without any errors. WSUS seems to be finally healthy.

Also, from what I can tell, MS documentation is missing these important steps and should be adjusted.
Thank you for your help anyway

ello there,

Although there are no issue with the services now it is always advisable to look into the event ID and find the root cause, also there are some event ID which can be safely ignored.

Have you tried checking the health condition of WSUS role?

Try increasing the available memory of "Private Memory Limit (KB)" in the AppPool, of IIS Server.

Also check if your IIS configuration is good.

-------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept it as an answer--

Sean, I don't currently see any issue with it whatsoever.
Eventlog is clean regarding WSUS operations
Do you recommend to look for something especial?

I did set the "Private Memory Limit (KB)" to 0 previously based on some MS article that I found.
If you have some exact recommendation what values should I check, name it please.

To maybe add a tought or two while configuring SSL for WSUS:
Make sure your GPO is also reflecting the FQDN of the certificated you issued
Computer Configuration > Administrative templates > Windows components > Windows Update > Specify intranet Microsoft update service location:
Set the intranet update service for detecting updates: (have to be the same as Host name field in IIS binging)
would be: https://Vikes-WSUS.vikes.local:8531 (based on previous printscreen)

If you client doesn't have the SSL cert imported in root certificates (Trusted Root Certification Authorities) you should see Errors while trying to Check for updates
0x800b0109 or 0x80240442

Also, when you test the WSUS funcionality from your client computer without a SSL imported, you should see this error in Chrome (sorry, SK language)
(in my case address is: https://FQDN:8531/selfupdate/wuident.cab

You can use loginscript/gpo or something smarter like PDQ Deploy to deploy your SSL cert to the client computers
certutil.exe -addstore root \Certificate_location\CertificationName.der

once you do that, you should see Windows update check working against your SSL WSUS

Also, once you succesfully imported SSL certificate to the client, you can check WSUS funcionality opening URL from your Chrome browser: https://FQDN:8531/selfupdate/wuident.cab
(just like that, wihtout any SSL error in your browser will download wuident.cab )

I can't mark my own conclusions as an answer, but this is SOLVED and FIXED. My SSL WSUS is working just fine without any errors