WSUS Server sync problem | Is one one Node of fg.download.windowsupdate.com.c.footprint.net on blacklist?

switzerland 26 Reputation points
2023-11-27T11:44:42.7833333+00:00

is WSUS address fg.download.windowsupdate.com.c.footprint.net on Blacklist?

  • Server 2016 (1607, Build 14393.6351)
  • Windows 11/2023 Updates
  • WSUS
  • All Root Certificates are updated manual
  • WAN Direct FW Policy Fortigate (NO SSL Break, All Service Ports open)
  • All Major CRL we know and in cache on that machine are open, (CRL/OSCP)

Problem:

Several identical setup WSUS Server running in 2016 (Over 15 customers).

Only one affected with strange problem since 30.10.2023.

If we sync existing Windows Update Server (WSUS) we see following error:

"Das Remotezertifikat ist laut Validierungsverfahren ungültig."

EVENT: 10022, APP, Fehler

Which would lead us to CRL (Certificate Revoke List) or Root Cert Update. But it's a 2016 and all major Root Certs are ajour and we deploy several Root Certs Updates via GPO. There are not more than 120 Certs like with old bug. (We see 51 root Certs)

During SYNC Process we see following URL accessed:

glb.serversync.prod.dcat.dsp.trafficmanager.net

e11290.dspg.akamaiedge.net

fg.download.windowsupdate.com.c.footprint.net

glb.wureporting.prod.dcat.dsp.trafficmanager.net

If we open "fg.download.windowsupdate.com.c.footprint.net" in MS EDGE we see and error from "Microsoft Defender SmartScreen".

Full error in WSUS:

WebException: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden.. ---> System.Security.Authentication.AuthenticationException: Das Remotezertifikat ist laut Validierungsverfahren ungültig.
bei System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   bei Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
   bei System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   bei Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   bei Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   bei Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   bei Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   bei Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)


smart_dumber

https://www.hybrid-analysis.com/sample/d643f711bd59c9d3908838ab8f6b5835034689bfcbc265b1b670aa30b02d9185

Any help welcome,

greetings from Switzerland

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,622 questions
0 comments No comments
{count} votes