WSUS Name

MFUSA
MFUSA used Ask the Experts™
on
The external name for my WSUS server is not the same as the internal name.  We have a certificate for the external name to use ssl.  The upstream server cannot synchnonize properly to get the update data because it is trying to reach the server from the internal name.  Any ideas on how to resolve this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Not sure if I understand this correctly...
Can't you just put your external name (the one on the cert) in your internal DNS, then tell your upstream server to synchronize using the external name? Or is there any reason why this wouldn't work in your case?

Author

Commented:
I can't find a way to change the name the upstream server uses to contact it.
Should be in the Sync options - where you tell it what the master server is.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Author

Commented:
The problem isn't the name of the upstream server it's the name of the downstream server.
I am back to my first comment - I don't really understand :)

Assumptions: Your master server (the one downloading from the Internet) has two names: A-Internal and A-External. Your cert is in the name of A-External. You have a downstream server named B.

Which one is having the problem, doing what? The only problem I can see is if B talks to A-Internal, which response with the cert A-External and B doesn't like that. Am I wrong?

Author

Commented:
The downstream server is the one with 2 names because it's being used to push updates to remote computers that are not on our network.  So it has an internal domain name and an external web name.  It can't properly communicate with the upstream server to get update approvals.
OK. I don't think this is related to SSL - the downstream server downloads the info, it shouldn't even care about the certificate.
So how is this implemented? Are you using seperate network connections for internal/external clients or are you using some kind of NAT and it's all one connection on your LAN?

Author

Commented:
Sorry guess I need to word the question better next time
DonNetwork Administrator
Commented:
Why dont you use IP address instead??
Distinguished Expert 2017

Commented:
I think the issue is the confusion caused by your labeling.
WSUS does not push anything. when a client system checks in, it provides it with a list of approved updates to be installed.  The client system needs to download the updates and schedule/install them.
The same setup exists between the upstream and downstream WSUS server.  The downstream server connects to the upstream server to check for new updates as well as synchronize the approved updates provided this is the configuration you've setup.  You can also setup that the upstream server will be used to approve updates, but the downstream server/client will actually access MS to get them. (deals with mobile users that are not often on the LAN while controlling what updates are installed as well as minimizing bandwidth of the external connection in the office).

The servers that connects to MS and retrieves the update information and updates, is the upstream server for your WSUS setup. The multi-homed host is the downstream server.



Presumably you have configured your downstream server that it synchronizes with the upstream server as prior responders pointed out. Presumably your downstream is configured to retrieve the data from the upstream server without SSL.
What is the error that you are seeing on the multihomed server that prevents it from synchronizing with the upsrteam server?

DonNetwork Administrator

Commented:
I think the issue sounds like more of a dns issue here.
Commented:
Thank you all for your help and suggestions.  Like I said in the future I'll try to be more specific to not cause so much confusion.  I ended up solving the problem by reinstalling the WSUS and just using the domain name of the PC.
DonNetwork Administrator

Commented:
".... just using the domain name of the PC."

WSUS doesnt play well with FQDN as you found out(which is related to DNS) using the IP address as I suggested would also have solved the issue.
DonNetwork Administrator

Commented:
Suggest


Accept  ID:26444595

Split  ID:26469831
DonNetwork Administrator

Commented:
Sorry meant to switch those around

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial