We have a primary child site in one forest with an active SUP installed.
It's meant to synchronise with the central site SUP in another forest.
We're running in Native Mode (each forest has it's own PKI) so we're expecting the primary child SUP to use port 8531,
but from the logs, it's trying to grab the files on port 8530 -- which is closed via our firewall!
- - - - - - - - - - - - - - - -
E.g.,: SoftwareDistribution.log on the primary child site:
2010-09-13 04:57:52.427 UTC Error WsusService.21 ContentSyncAgent.JobError Download error: http://central.fqdn:8530/Content/FD/37DE761B8616436D10208B6F9D9C18D64C8BFEFD.txt
failed in download: (-2147012867) A connection with the server could not be established
- - - - - - - - - - - - - - - - -
As a result, there are no EULA files in D:\WSUS\WsusContent on the primary child site.
All the folders are there (e.g., FD, FB, F6, F2, ... but there are absolutely no files inside any of them).
Therefore, when our clients sync up with the SUP, they fail because they can't download the EULA files
as per their local WindowsUpdate.log file.
Our primary child SUP has a Server Authentication certificate installed in IIS on port 8351.
We've already run "wsusutil.exe configuressl" and passed it the fqdn.
That appears correctly if you run "wsusutil.exe configuressl" again (i.e., https://primary-child.fqdn:8531
In the ConfigMgr Console, the Software Update Point Component Properties already shows the correct non-HTTP port of 8530
(I guess this is not used) and HTTPS port of 8531 in the General tab.
The "Enable SSL for this WSUS server" is ticked and greyed out.
In the Sync Settings tab, "Synchronize from an upstream update server" is also ticked and greyed out.
We do not need nor specify a proxy server.
We've also tried a "wsus reset" command and the usual IIS resets/server restarts with no luck.