This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 96%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hello, I made a modification to my WSUS environment to change the server URL from http to https.
by following the following procedure.
https://www.it-connect.fr/chapitres/wsus-https-avec-un-certificat-ssl-pour-plus-de-securite/
Since then I have encountered a problem when downloading updates for my non-domain machines for which it worked because I specified for these machines the IP of my server in the registry followed the 8530 port.
And so since I switched to https by specifying the WSUS address followed the 8531 port, and since my machines (non-domains) are no longer able to download their updates.
I used the method using my company's certificate authority, installed on my client machines Iinstalled the correct certificates in the trusted root authority and personal store (wsus) stores.
I also noticed that since my change, I have a lot of errors linked to IIS services like the image in attached file.
And in the WSUS console by selecting one of my client machines (outside the domain) in error, I get the message below.
Did I miss a step in my actions?
Thanks for your help.
Run the Client Side Script then - once on the affected system. If that fixes it, the issue was a duplicate SusClientId
Non-domained - sounds like you missed the 1 step to import the SSL Certificate as a trusted certificate on the client!
Hello @adam J. Marshall,
Thank you for your response.
on the non-domained computers, I already import my internal CA in Trusted Root Certification authorities>certificate and import my wsus ssl certiificate in personal>certificate but it doesn't work. But I mean normally the certification authority should be enough..no ?
Yes it should..
https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/#WSUSPorts
What does it show when you visit the https URL from the client that is not downloading updates.
Hello Adam,
when I try to download the cab file as it shows in the article, it's works fine, when I brose to the url as it shows in the same article, it works fine also.
Hello it looks good when I ran the client side script. The non-domain devices retrieve their updates.
Thank you Adam.