Cannot access WSUS Administration Console after enabling SSL

Christophe Néraud 6 Reputation points
2022-12-16T16:42:46.94+00:00

Hi,

I am managing an organisation that contains:

  • An Active Directory managed by a DC DC.domain.lan.
  • A WSUS Server hosted on a Windows Server 2016 server, called WSUS and out of the domain managed by the DC. There is a DNS resolution parameter that allows to resolve the domain name wsus.domain.lan to the IP of the WSUS, but it is not part of the AD.
  • The DC uses a self-signed RootCA certificate and a SubCA certificate to issue certificates.
  • The WSUS server has the RootCA certificate installed in its Internal Certification Authority group.

Everything worked fine until I enabled SSL on the WSUS with the following actions:

  • create a certificate request on the WSUS that contains the following information:
  • Object: WSUS
  • Alternate object name: DNS name=wsus.domain.lan
  • Name: SSL-WSUS
  • validate the request on the DC and get the certificate, issued by the authority SubCA
  • install the certificate on the WSUS server
  • Edit bindings of the WSUS Administration site and select the SSL certificate SSL-WSUS on the https binding on port 8531
  • require SSL on ApiRemoting30, ClientWebService, DssAuthWebService, ServerSyncWebService and SimpleAuthWebService
  • run wsusutil.exe configuressl wsus, which returns: URL: https://wsus:8531. (At this point I'm not sure if I should use wsus or wsus.domain.lan)
  • reboot
  • start the WSUS Administration Console and click on "connect to server". I entered "WSUS" as the server name and port 8531, but I get the error: "Cannot connect to <<WSUS>>. The SSL certificate of the server could not be validated". (Translated from French so it may not be 100% accurate).
  • I also tried to enter the name "WSUS.domain.lan" but I get a different error: "Cannot connect to <<WSUS.DOMAIN.LAN>>. Check that the post-installation task is finished on this server".

I feel like I followed all the instructions to successfully enable SSL on the WSUS server but I can't connect anymore to the administration console. What did I do wrong?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,404 questions
{count} vote

2 answers

Sort by: Most helpful
  1. Adam J. Marshall 9,591 Reputation points MVP
    2022-12-16T18:41:38.113+00:00

    Review my guide here

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-7-ssl-setup-for-wsus-and-why-you-should-care/

    It will get you working - likely you need to run configuressl (FQDN IN THE CERTIFICATE that you will be using to access this WSUS server from client systems), (wsus.domain.lan)

    Either way, the commands on my guide will get you working. Redo them even if you think you've done it properly beforehand.

    1 person found this answer helpful.
    0 comments No comments

  2. TrudaZeng-MSFT 771 Reputation points
    2023-01-09T08:55:10.333+00:00

    Hi,

    Does Adam's suggestion solve the problem? Do you have any further progress on this issue? If there is any other assistance we can provide, please feel free to let us know, we will do our best to help you.

    Looking forward to your feedback.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.