Cannot get wsus server to sync with downstream server

I cannot get the servers to sync.  When I try to browse to a page from the downstream server to the upstream server, I get a not authorized error.  When I try to connect through the wizard, I get a Status 401 - Unauthorized error message.  When I try to sync, I get WebException: The request failed with HTTP status 401: Unauthorized.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

The Upstream server is allowing anonymous access throughout the site... Help!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Normally, the downstream server needs to be in the same domain/forest where there is a trust in place be default.

Is this not occurring?

When you installed the downstream server, during the setup did you select to sync with upstream server?

orjsoAuthor Commented:
I am installing wsus 3.0.  When I was installing it, it never asked to select to sync to upstream server.  After it was installed, i went to options and syn and pointed it to the name of the box and port 80 (which is where it is running)
After browsing through several posts about this error, and many useless responses, I have found a way for you to check which 401 error it is (as there are several).

On the upstream server, open a browser and point to -


This is assuming that you installed the WSUS administration to the default website and you are not using SSL. If you chose a different install, then either connect to https://localhost, http://localhost:8530, or https://localhost:8531.

In any case, the browser will return the full error code, which in my case was -

HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource.

The anonymous account was a member of the Guests group, which was explicitly denied access at the system root and all sub-folders. This was a security setting that existed on the system prior to installing WSUS and was unchanged by the WSUS 3.0 SP1 install, so even following the simple steps in the Deployment Guide gives a failure result.

Removing the IUSR account from Guests and explicity setting the security for the necessary sub folders (C:\Program Files\Update Services\WebServices) fixed the problem. If the security and authorization is correctly set, you will most likely see -

"This type of page is not served."

Rather than the 401 error.

Hope this helps you and others track down and fix this annoying problem.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.