question

RAN55 avatar image
0 Votes"
RAN55 asked RitaHu-MSFT edited

WSUS Configure SSL Fatal Error

Hello,

Im trying to configure SSL on my wsus with a wildcard certificate: *.mydomain.com

I follow this steps

https://jackstromberg.com/2013/11/enabling-ssl-on-windows-server-update-services-wsus/

But when i try the command: WSUSUtil.exe configuressl servername.mydomain.com i get this error:

Fatal Error: Object reference not set to an instance of an object.

Windows 2012R2 + SQL 2017 local DB.

Any idea ?

Thanks

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RitaHu-MSFT avatar image
0 Votes"
RitaHu-MSFT answered RitaHu-MSFT edited

@Pedro-A
The following Event ID indicate that all the services are not running correctly.
Event ID: 12022 The Client Web Service
Event ID: 12052 The DSS Authentication Web Service
Event ID: 12042 The Simple Auth Web Service
Event ID: 12022 The Client Web Service
Event ID: 12032 The Server Synchronization Web Service

Please follow the below steps to confirm whether this issue will be resolved or not:
1. Restart the WSUS server first
2. Please try to Open the SSMS as an administrator and connect to the database first. If it is OK to connect to the database, please try to reindex the database.
3. Open the CMD as an administrator and navigate to the wsusutil.exe tool. Run the WSUSUtil.exe configuressl FQDNofWSUSServer command as your environment to enable SSL
4. Open the WSUS console and connect to the WSUS database by SSL

Please feel free to inform me if there are any updates of the case.

Thanks for your time.

Regards,
Rita


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RAN55 avatar image
0 Votes"
RAN55 answered RitaHu-MSFT converted comment to answer

Hello again,

I restored a snapshot that we made before trying the https configuration, faster and safer than trying to repair it.

I didn't expect that launching this command would crash the service...

We will try again with another certificate, but I think this was not the problem.

Thanks ;)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

IanZheng-MSFT avatar image
0 Votes"
IanZheng-MSFT answered

You can try to solve the problem by using the following methods。

Specifying all possible hostnames for the server in a key in the registry.

Navigate to:

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 - in there, create a new Multi-string Value (REG_MULTI_SZ) called BackConnectionHostNames with each of the valid hostnames for the server on each line...

In my case, the server is called SRV-WSUS.domain.com and I'd registered my SSL / setup my bindings in IIS to be for a site called wsus.domain.com I filled out the registry key with:
srv-wsus.domain.com
wsus.domain.com
Did an iisreset and I'm no longer getting errors in the event viewer

double checked it with WSUSUtil.exe checkhealth

Clients getting updates and reporting to the wsus.

Best

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RAN55 avatar image
0 Votes"
RAN55 answered RAN55 edited

Hi, thanks for the answer.

Before trying the HTTPS configuration WSUS events were correct, now appears this errors:

94392-1.jpg


94320-2.jpg


94374-3.jpg


94356-4.jpg



The wsus client it doesn't work either.


1.jpg (158.1 KiB)
2.jpg (123.4 KiB)
3.jpg (125.2 KiB)
4.jpg (127.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RitaHu-MSFT avatar image
0 Votes"
RitaHu-MSFT answered RitaHu-MSFT edited

@Pedro-A
Thanks for your posting on Q&A.

It seems that the issue is more related with the database. It is recommended to confirm whether the WSUS is running correctly. We could follow the below steps to cinform:
Navigate to the wsusutil.exe tool on the CMD and print the wsusutil.exe checkhealth command. Then we could review the Event Viewer and refer to the below picture to related log with WSUS server.
94287-5.png

In addition, please consider referring this link to enable the SSL on the WSUS server. This link comes from MS.
It will be helpful if you could provide the screenshot for reference.

Please feel free to keep us in touch if there are any updates of the issue. Thanks for your time.

Regards,
Rita


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5.png (77.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.