WSUS Server sync problem | Is one one Node of on blacklist?

switzerland 26 Reputation points

is WSUS address on Blacklist?

  • Server 2016 (1607, Build 14393.6351)
  • Windows 11/2023 Updates
  • WSUS
  • All Root Certificates are updated manual
  • WAN Direct FW Policy Fortigate (NO SSL Break, All Service Ports open)
  • All Major CRL we know and in cache on that machine are open, (CRL/OSCP)


Several identical setup WSUS Server running in 2016 (Over 15 customers).

Only one affected with strange problem since 30.10.2023.

If we sync existing Windows Update Server (WSUS) we see following error:

"Das Remotezertifikat ist laut Validierungsverfahren ungültig."

EVENT: 10022, APP, Fehler

Which would lead us to CRL (Certificate Revoke List) or Root Cert Update. But it's a 2016 and all major Root Certs are ajour and we deploy several Root Certs Updates via GPO. There are not more than 120 Certs like with old bug. (We see 51 root Certs)

During SYNC Process we see following URL accessed:

If we open "" in MS EDGE we see and error from "Microsoft Defender SmartScreen".

Full error in WSUS:

WebException: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden.. ---> System.Security.Authentication.AuthenticationException: Das Remotezertifikat ist laut Validierungsverfahren ungültig.
bei System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   bei Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
   bei System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   bei Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   bei Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   bei Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   bei Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   bei Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)


Any help welcome,

greetings from Switzerland

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,622 questions
0 comments No comments
{count} votes