WSUS Name
The external name for my WSUS server is not the same as the internal name. We have a certificate for the external name to use ssl. The upstream server cannot synchnonize properly to get the update data because it is trying to reach the server from the internal name. Any ideas on how to resolve this?
ASKER
I can't find a way to change the name the upstream server uses to contact it.
Should be in the Sync options - where you tell it what the master server is.
ASKER
The problem isn't the name of the upstream server it's the name of the downstream server.
I am back to my first comment - I don't really understand :)
Assumptions: Your master server (the one downloading from the Internet) has two names: A-Internal and A-External. Your cert is in the name of A-External. You have a downstream server named B.
Which one is having the problem, doing what? The only problem I can see is if B talks to A-Internal, which response with the cert A-External and B doesn't like that. Am I wrong?
Assumptions: Your master server (the one downloading from the Internet) has two names: A-Internal and A-External. Your cert is in the name of A-External. You have a downstream server named B.
Which one is having the problem, doing what? The only problem I can see is if B talks to A-Internal, which response with the cert A-External and B doesn't like that. Am I wrong?
ASKER
The downstream server is the one with 2 names because it's being used to push updates to remote computers that are not on our network. So it has an internal domain name and an external web name. It can't properly communicate with the upstream server to get update approvals.
OK. I don't think this is related to SSL - the downstream server downloads the info, it shouldn't even care about the certificate.
So how is this implemented? Are you using seperate network connections for internal/external clients or are you using some kind of NAT and it's all one connection on your LAN?
So how is this implemented? Are you using seperate network connections for internal/external clients or are you using some kind of NAT and it's all one connection on your LAN?
ASKER
Sorry guess I need to word the question better next time
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think the issue is the confusion caused by your labeling.
WSUS does not push anything. when a client system checks in, it provides it with a list of approved updates to be installed. The client system needs to download the updates and schedule/install them.
The same setup exists between the upstream and downstream WSUS server. The downstream server connects to the upstream server to check for new updates as well as synchronize the approved updates provided this is the configuration you've setup. You can also setup that the upstream server will be used to approve updates, but the downstream server/client will actually access MS to get them. (deals with mobile users that are not often on the LAN while controlling what updates are installed as well as minimizing bandwidth of the external connection in the office).
The servers that connects to MS and retrieves the update information and updates, is the upstream server for your WSUS setup. The multi-homed host is the downstream server.
Presumably you have configured your downstream server that it synchronizes with the upstream server as prior responders pointed out. Presumably your downstream is configured to retrieve the data from the upstream server without SSL.
What is the error that you are seeing on the multihomed server that prevents it from synchronizing with the upsrteam server?
WSUS does not push anything. when a client system checks in, it provides it with a list of approved updates to be installed. The client system needs to download the updates and schedule/install them.
The same setup exists between the upstream and downstream WSUS server. The downstream server connects to the upstream server to check for new updates as well as synchronize the approved updates provided this is the configuration you've setup. You can also setup that the upstream server will be used to approve updates, but the downstream server/client will actually access MS to get them. (deals with mobile users that are not often on the LAN while controlling what updates are installed as well as minimizing bandwidth of the external connection in the office).
The servers that connects to MS and retrieves the update information and updates, is the upstream server for your WSUS setup. The multi-homed host is the downstream server.
Presumably you have configured your downstream server that it synchronizes with the upstream server as prior responders pointed out. Presumably your downstream is configured to retrieve the data from the upstream server without SSL.
What is the error that you are seeing on the multihomed server that prevents it from synchronizing with the upsrteam server?
I think the issue sounds like more of a dns issue here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
".... just using the domain name of the PC."
WSUS doesnt play well with FQDN as you found out(which is related to DNS) using the IP address as I suggested would also have solved the issue.
WSUS doesnt play well with FQDN as you found out(which is related to DNS) using the IP address as I suggested would also have solved the issue.
Sorry meant to switch those around
Can't you just put your external name (the one on the cert) in your internal DNS, then tell your upstream server to synchronize using the external name? Or is there any reason why this wouldn't work in your case?