SCCM IBCM SSL bridging and SUP, is this possible?

David Henderson 121 Reputation points
2020-12-18T18:44:26.607+00:00

I am in the process of setting up IBCM for my org, and am running into an issue where SSL bridging is not working on the SUP. I wanted to verify that this is even possible before I proceed to troubleshoot this. It appears that not all traffic required for the client to communicate to the SUP is encrypted, even though WSUS is configured to use SSL.

When attempting a windows update scan on a client I receive an error "Scan Failed with error = 80240437."
All other communication between the MP and DP on the same server works as expected.
I have verified the SUP is working, as I can switch to SSL tunneling and everything works as expected.

I would prefer to have all traffic bridged as it requires the client cert to communicate to the server.

If anyone can provide some insight on this I would appreciate this.
Thanks

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
960 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Fiona Yan-MSFT 2,311 Reputation points
    2020-12-21T10:15:36.343+00:00

    @David Henderson

    Thank you for posting in Microsoft Q&A forum.

    When we using TLS/SSL, all the metadata that is sent over the network are encrypted. Other files in SUP (such as software update data) do not need to be encrypted, we download content from the Internet. Could we know what files we want to be encrypted?

    Have a good day!


    If the response is helpful, please click "Accept Answer" and up vote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Fiona Yan-MSFT 2,311 Reputation points
    2021-01-06T09:23:50.987+00:00

    @David Henderson

    It seems that the issue is more related to the network. Could we result the network engineer to see which request was blocked when we enable the SSL authentication?

    Have a good day!


    If the response is helpful, please click "Accept Answer" and up vote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.