Looks like certificate authority root CA is not available on the machine. Please import the certificate and check .
WSUS SSL Setup on Downstream
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 64%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
RSA111
211
Reputation points
Hello,
I have one WSUS Upstream server setup on Windows Server 2016 and another WSUS Downstream server setup on Windows Server 2016 in DMZ.
The Upstream server WSUS01 is designed to provide an updates to the internal desktop and those desktop doesn't have any Internet connectivity.
The Downstream server WSUS02 is a replica of upstream server and only provides metadata to its client and clients need to download the updates from Microsoft Update server as most of the clients are roaming laptops.
The SSL is configured between server to client and server to server using domain generated certificate and binding and all steps were completed.
The clients are reporting to the Upstream server WSUS01 without any issues.
But for Downstream server WSUS02 and for its any random client, what exactly troubleshooting is needed.
For testing I have taken a workgroup laptop and using gpedit.msc I have configured local GPO with WSUS02 URL, which points it to the WSUS02 server. This laptop is not reaching out to the Downstream server WSUS02. If I check its WindowsUpdate logs I could see WSUS location configured as WSUS02 server.
Please advise.
Windows for business | Windows Server | User experience | Other
Answer accepted by question author