by butsch
2. March 2016 15:04
WSUS: Setup WSUS 2012 R2 stalls when SSL / 443 are inspected by Web Filter
While you finish WSUS Server installation you get an error
Error:
Windows Server Update Services Configuration Wizard
Synchronization Error Details
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Solution:
Make a new Firewall Policy depending on your Firewall/IPS/Web Filter which opens Port 443 to *.Microsoft.com and does NOT Inspect/Break/Deep Inspect SSL traffic.
How to check if someone breaks SSL from and Endpoint you are on
On the machine you install WSUS open https://www.microsoft.com and check the Certificate.
If issued by "Shows a local domain" or a another Certificate than Issued to then the company
breaks the SSL traffic on Servers where install WSUS.
Ask the security engineer to make a new firewall rule from that server IP to *.microsoft.com Port 443
and DON'T break SSL in that rule.
8bf05f02-b42d-4439-9157-83feb64c4b12|0|.0|27604f05-86ad-47ef-9e05-950bb762570c
Tags: