Unable to connect to local server

Topics: Configuration Issue
Dec 1, 2014 at 2:55 PM
When trying to connect to my local server, I am unable to do so. I am running WSUS perfectly on 2012 R2 as of right now. I do not believe it's a corrupted installation as I've seen mentioned in another forum post.

12/1/2014 7:32:53 AM Try connecting to : LOCALSERVERNAME
12/1/2014 7:32:53 AM Entering Void StartWaitingForm(System.String)
12/1/2014 7:32:53 AM Entering Boolean Connect(Wsus_Package_Publisher.WsusServer, System.String) : LOCALSERVERNAME (Local), en
12/1/2014 7:32:53 AM **** The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

However, I am able to connect via the default port 5830. Although, it is showing up as a remote client rather than local.
Coordinator
Dec 1, 2014 at 3:19 PM
What is the Wsus settings ? Connection port ? Use of SSL or not ?
How is configured WPP for the connection ?
Dec 1, 2014 at 3:24 PM
Port 8530

No SSL

I've tried configuring WPP connection as many ways as I could possibly think with the same result. Regardless of how the connection is setup, when the connect to local server is checked it will always error with "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. "
Dec 1, 2014 at 7:41 PM
In the folder you extracted WPP, there's a file called Options.xml. Can you post the contents of that file here? Feel free to redact your server names. Here's mine: (I changed my server name to WSUSSERVERNAME, for me, I needed to use the server's name, not 'localhost' to connect correctly. I feel that this may be your issue)
<WsusPackagePublisher>
  <Server>
    <Name>WSUSSERVERNAME</Name>
    <IsLocal>True</IsLocal>
    <Port>80</Port>
    <UseSSL>False</UseSSL>
    <IgnoreCertErrors>False</IgnoreCertErrors>
    <DeadLineDaysSpan>0</DeadLineDaysSpan>
    <DeadLineHour>0</DeadLineHour>
    <DeadLineMinute>0</DeadLineMinute>
    <VisibleInWsusConsole>LetMeChoose</VisibleInWsusConsole>
  </Server>
</WsusPackagePublisher>
Dec 2, 2014 at 2:43 PM
Thank you for looking this over! Here is my options.xml as of right now
<WsusPackagePublisher>
  <Server>
    <Name>WSUSSERVERNAME</Name>
    <IsLocal>True</IsLocal>
    <Port>443</Port>
    <UseSSL>True</UseSSL>
    <IgnoreCertErrors>False</IgnoreCertErrors>
    <DeadLineDaysSpan>0</DeadLineDaysSpan>
    <DeadLineHour>0</DeadLineHour>
    <DeadLineMinute>0</DeadLineMinute>
    <VisibleInWsusConsole>Never</VisibleInWsusConsole>
  </Server>
  <Server>
    <Name>WSUSSERVERNAME</Name>
    <IsLocal>True</IsLocal>
    <Port>8530</Port>
    <UseSSL>False</UseSSL>
    <IgnoreCertErrors>True</IgnoreCertErrors>
    <DeadLineDaysSpan>0</DeadLineDaysSpan>
    <DeadLineHour>0</DeadLineHour>
    <DeadLineMinute>0</DeadLineMinute>
    <VisibleInWsusConsole>Never</VisibleInWsusConsole>
  </Server>
</WsusPackagePublisher>
When using SSL and trying to connect, on ports 443 and 8531, WSUSPackagePublisher crashes each time.

I have been changing these options quite frequently, so it's currently missing port 80 (which does not work anyways).
Coordinator
Dec 3, 2014 at 8:12 PM
Thanks.
Edit the option.xml file by deleting this part :
<Server>
<Name>WSUSSERVERNAME</Name>
<IsLocal>True</IsLocal>
<Port>443</Port>
<UseSSL>True</UseSSL>
<IgnoreCertErrors>False</IgnoreCertErrors>
<DeadLineDaysSpan>0</DeadLineDaysSpan>
<DeadLineHour>0</DeadLineHour>
<DeadLineMinute>0</DeadLineMinute>
<VisibleInWsusConsole>Never</VisibleInWsusConsole>
</Server>

Open a DOS Window on the computer where WPP run, and type : Ping WSUSSERVERNAME (replace by the real name of your Wsus server). Does the name of the server resolved into an IP Address ?
Then ensure that WPP run on the Wsus server.

Very strange that the error message is "Could not establish trust relationship for the SSL/TLS secure channel.", despite the fact that SSL is not used !
Dec 5, 2014 at 2:52 PM
DCourtel wrote:
Very strange that the error message is "Could not establish trust relationship for the SSL/TLS secure channel.", despite the fact that SSL is not used !
I can easily replicate this mistake in the "Settings..." window by changing the connection port to 443 before checking the "Connect to local server" box. The result is two identical strings in the server picker: "WSUSSERVERNAME (Local)" and "WSUSSERVERNAME (Local)"

Here's the options.xml file after making the mistake:
<WsusPackagePublisher>
  <Server>
    <Name>WSUSSERVERNAME</Name>
    <IsLocal>True</IsLocal>
    <Port>80</Port>
    <UseSSL>False</UseSSL>
    <IgnoreCertErrors>False</IgnoreCertErrors>
    <DeadLineDaysSpan>0</DeadLineDaysSpan>
    <DeadLineHour>0</DeadLineHour>
    <DeadLineMinute>0</DeadLineMinute>
    <VisibleInWsusConsole>LetMeChoose</VisibleInWsusConsole>
  </Server>
  <Server>
    <Name>WSUSSERVERNAME</Name>
    <IsLocal>True</IsLocal>
    <Port>443</Port>
    <UseSSL>True</UseSSL>
    <IgnoreCertErrors>False</IgnoreCertErrors>
    <DeadLineDaysSpan>0</DeadLineDaysSpan>
    <DeadLineHour>0</DeadLineHour>
    <DeadLineMinute>0</DeadLineMinute>
    <VisibleInWsusConsole>Never</VisibleInWsusConsole>
  </Server>
</WsusPackagePublisher>
Based on this, I propose that there should be some way to further distinguish between options in the server picker, like including the port number and whether or not the connection will be made using SSL, or adding a field to the XML definition like <Description>Custom Server Connection Description Here</Description> that is automatically generated by the "Settings..." interface if left blank, but customizable.
Coordinator
Dec 5, 2014 at 6:01 PM
I propose that there should be some way to further distinguish between options in the server picker
From WPP's point of view, these two connections settings are identical. Because <IsLocal> is set to True, so <Port> and <UseSSL> are ignored in this case. No matters which settings you choose, WPP will try to connect to "WSUSSERVERNAME" directly, assuming that WPP run on the Wsus Server (IsLocal = True) and not on a remote computer.
Dec 5, 2014 at 8:07 PM
Edited Dec 5, 2014 at 8:28 PM
DNS is solid. I can ping IP and hostname on the server and from a remote machine on the network. I'm not using a domain controller at the present moment.

The WSUS server is a virtual machine running Windows Server 2012R2. I'm remote desktop'd into it, but that shouldn't matter. I've tried it on the console just the same, still no luck.

Does anyone have any other information they would need from me for more troubleshooting, or anything else I should try. This seems like a solid solution to pushing out 3rd party updates via WSUS. I really don't want to find another solution (if there is even one) and our old solution LUP no longer works since we've upgraded to WS2012R2.

Additionally, I can connect with port 8530, No SSL and Not Local. It just gives me the warning, "You don't have any certificat." You will not be able to publish updates." Which, you know, kills the whole reason for me using this product.
<WsusPackagePublisher>
  <Server>
    <Name>WSUSSERVERNAME</Name>
    <IsLocal>False</IsLocal>
    <Port>8530</Port>
    <UseSSL>False</UseSSL>
    <IgnoreCertErrors>False</IgnoreCertErrors>
    <DeadLineDaysSpan>0</DeadLineDaysSpan>
    <DeadLineHour>0</DeadLineHour>
    <DeadLineMinute>0</DeadLineMinute>
    <VisibleInWsusConsole>Never</VisibleInWsusConsole>
  </Server>
</WsusPackagePublisher>
Coordinator
Dec 5, 2014 at 9:14 PM
Additionally, I can connect with port 8530, No SSL and Not Local.
I don't understand what you are doing.
You need to use "Connect to local Server", only when WPP run ON the WSUS SERVER
If WPP run on a remote desktop, don't use this option (port and SSL settings will be used)
It just gives me the warning, "You don't have any certificate." You will not be able to publish updates."
This will not be a problem for a long time. If you have your own Certificate Authority, issue a Code signing certificate and import it with WPP (Tools -> Certificate -> Load a Certificate). Otherwise, ask WPP to create a Self-signed certificate (Tools -> Certificate -> Generate the Certificate, and then 'Save' this certificate to distribute it to clients computers)
Dec 8, 2014 at 12:37 PM
I am running WPP on the WSUS server.

Should I run WPP remotely?

Also, Load a certificate is greyed out so I am unable to load a cert. I am also unable to create my own certificate (that's the reason for my post).


As you can see below, I am connected to my WSUS and this IS running on the WSUS server itself.

This is my Manage Certificates
Image

This is what happens when I click on Generate Certificate
Image
Coordinator
Dec 8, 2014 at 6:36 PM
Also, Load a certificate is greyed out so I am unable to load a cert.
Fill the 'Password' textbox and the button will not be greyed out anymore.
I am also unable to create my own certificate . This is what happens when I click on Generate Certificate
This is because, you didn't have checked the checkbox "Connect to local server". "Local" needs to be displayed aside of the server name.
Dec 8, 2014 at 8:56 PM
DCourtel,

My whole issue is I cannot check "connect to local server" and connect. I will try and upload a certificate and see what happens.
Coordinator
Dec 9, 2014 at 6:59 PM
Can I remotely connect to your Wsus server via Teamviewer or other tool ?
Dec 15, 2014 at 3:55 PM
Please check your inbox DCourtel. Thank you.
Jun 17, 2015 at 4:43 PM
Was there a solution to this issue? I have the same problem. New WSUS 6 install on Windows server 2012R2. Using WPP v1.3.1504.15.

I can connect by typing the FQDN but cannot connect with "connect to local server" selected. I do not have SSL enabled. When I connect with the "Connect to local server" option selected, I receive "Connection failed: Unable to connect to the remote server" and then "failed to connect to server".

I cannot add a certificate when connected to the FQDN even though I am logged in to the machine via RDP. The option to import a certificate is greyed out.