[Solved] WSUS Repliac Servers

Topics: Configuration Issue
Dec 18, 2013 at 2:34 PM
I have an upstream server with WPP installed. I have been successful with applying updates using WPP to the upstream server and can view the updates in WSUS. I have 5 replica WSUS servers, each with the generated cert installed in both trusted root pub and trusted publishers. When connected to the replica servers, I cannot see the updates applied by WPP in the WSUS console like I can in the upstream server. Should I see these updates in the WSUS console of a replica server?
Coordinator
Dec 18, 2013 at 6:25 PM
Yes, if you have used the option to make these updates visible in the wsus console, and if you can see it in the Wsus Console of the upstream server, so you should be able to saw it on downstream servers.
If you use WPP to connect to downstream servers, do you see your updates ?
Do you have any synchronization errors between upstream and downstream servers ?
Dec 19, 2013 at 2:02 PM
Upstream server: I can see local updates in WSUS, not WPP.
Downstream servers: I can see local updates in WPP, not WSUS.
When adding the updates I did select to see the updates in WSUS.
Is this normal?
In the eventviewer of a downstream server, I see: Content file download failed. Reason: File cert verification failure. Source: Windows Server Update Services Event ID: 364. I used a cert generated in WPP.
Thanks for your help.
Coordinator
Dec 19, 2013 at 6:00 PM
cbaranec wrote:
Upstream server: I can see local updates in WSUS, not WPP.
Downstream servers: I can see local updates in WPP, not WSUS.
When adding the updates I did select to see the updates in WSUS.
Is this normal?
Please, Ensure you have selected this option :
Settings-ShowUpdatesVisibleInWsus
In the eventviewer of a downstream server, I see: Content file download failed. Reason: File cert verification failure. Source: Windows Server Update Services Event ID: 364. I used a cert generated in WPP.
Thanks for your help.
You have a certificate issue. Ensure you have correctly imported the cert in right stores :
CheckCert

Downstream servers act as client when synchronizing Locally-Published updates.
Marked as answer by DCourtel on 1/17/2014 at 7:54 AM
Dec 19, 2013 at 8:27 PM
Thanks, this was helpful. I checked the box within settings and can see the updates. I am still unable to download from the upstream server. I had previously come across your table and the cert is in both locations, valid and correct. Would you advise to create a new cert?
Thanks
Coordinator
Dec 20, 2013 at 9:57 AM
Is it a self-signed cert or a cert from your own cert authority ?
Dec 20, 2013 at 1:44 PM
It was a self-signed cert created within WPP. I then used a GPO to provide the cert to both the trusted pub store and trusted root pub store. I opened the cert on both the upstream and downstream wsus servers and verified the serials are the same, the cert is the same.
Coordinator
Dec 20, 2013 at 7:33 PM
Delete the Cert on the downstream server. Export the Cert from the upstream server and re-import it on the downstream server. Reboot the downstream server and try to synchronize again.