Solved

how to configure wsus server for port 8530

Posted on 2013-06-05
9
3,945 Views
Last Modified: 2013-07-02
hi i have a windows 2003 domain/gpo network and i have successfully downloaded updates via my wsus domain member server via port 80.

note: i have removed port 80 and replaced gpo with:

http:wsus:8530 via gpo

step 1

i have uninstalled and removed all traces of wsus software

step 2

re-installed clean wsus software via port 8530 successfully

step 3

configured isa 2006 vpn

selected toolbox tab
selected 'user defined'
added 'outbound tcp traffic'
added from: 8530 to: 8530

name: wsus
action: allow
protocols: outbound tcp traffic
from/listener: wsus server
to: external
condition: all authenticated users/all users

step 3

ran wsus wizard to connect but failed

note: i think i may need to download some 'script' to get this to work but not sure!

qns1.  can anyone help as not sure how to activate https if this needs to also be configured ?
0
Comment
Question by:mikey250
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 200 total points
ID: 39226055
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 200 total points
ID: 39226073
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 300 total points
ID: 39226512
Not sure if you mean the client or the server sync?

The server connect to microsoft on the default ports (80 or 443, not configurable) or to an upstream WSUS (a second WSUS in your network, configurable).
You may have to set additionally a proxy server

WSUS - Options - Update Source

The client connects to WSUS via
http:\\wsus:8530
or
https:\\wsus:8531

The ports are configured in IIS and published to the clients via gpo.
For SSL, you need also a certificate on hte IIS

The actual port you can see, if you click in WSUS on your server name.

For ISA, there is usually no need for 8530, with the exception that you want to allow clients to contact ISA from outside. But in this case I would say, the traffic is incoming, not outgoing.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:mikey250
ID: 39229991
hi dstewartjr, (qns = question) :)

my wsus install appears to be simular to your below url:

Install and configure WSUS 3.0 SP2 – Step-By-Step(Including ISA 2006)
http://araihan.wordpress.com/2009/08/13/install-and-configure-wsus-3-0-sp2-step-by-step/ 

note:

the reason for wanting to know how to download wsus updates from microsoft to a single wsus domain member server was because i wish to use exchange 2003, hence port 8530..!!

in my gpo i added:

\\wsus:8530

question1.

but according to above url, it states to follow 'web publishing rule' - this i have not done for wsus via 8530 .. ?

question2.

also i do not have a webpage so do i still complete 'web publishing rule' if i still require use of port: 8530 - ?
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 300 total points
ID: 39230738
Your GPO has to be http://wsus:8530
The GPO is only for your clients to connect to WSUS

Question 1
What do you want to do with port 8530 on the ISA?
Only if you want to connect external clients to your WSUS via ISA, there is a need to publish this port through ISA.

The port for the sync with Microsoft is set by Microsoft, no way to change it. Neither there is a possibility to cahnge the port nor MS would listen to a different port.

Question 2
same answer.

What is your concern with Exchange? I can not see any connection between Exchange and WSUS. Exchange offers Web Acces via port 80 or 443 incoming, while WSUS needs just port 80 outgoing like every client, which connects to the internet.
0
 

Author Comment

by:mikey250
ID: 39241136
hi bembi, i have now my wsus domain member server working now!

yes my gpo was set to: http:wsus:8530 - my previous comments showed a typo - all ok

currently i have no external clients that need to connect to my wsus so presumably i should remove my 'web listener' for my wsus server ?

i was advised that if i am to run exchange on my server and also wish to run wsus on same exchange server, then i should configure: http://wsus:8530 and exchange will use by default port 80 as normal
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 300 total points
ID: 39249489
> should remove my 'web listener' for my wsus server ?
You want to say, you installed WSUS on a ISA Server?
Not sure if this is a good idea....
You don't need a listener for WSUS. If you have WSUS on ISA, you may have to create a protocoll definition for port 8530 and maybe a rule, that this traffic is allowed (but only if WSUS is on ISA).

> i was advised that....
WSUS can produce heavy load, so should be stand olone if possible. Nevertheless WSUS and Exchange don't bite each other (with ports).
0
 

Accepted Solution

by:
mikey250 earned 0 total points
ID: 39249621
hi bembi,

no i do not have wsus on my isa.. :)

wsus is standalone currently..! but i wish to also add exchange 2003 for now (later) as you say the following:

"wsus can produce heavy load, so should be stand olone if possible. nevertheless wsus and exchange don't bite each other (with ports)" - hence wsus on 8530 and exchange for 80..!

was advised by other expert to add web listener on isa to allow wsus to download... ok i will remove web listener and re-confirm wsus still ok... thanks!! :)

you say below comment previously:

"for isa, there is usually no need for 8530, with the exception that you want to allow clients to contact isa from outside. but in this case I would say, the traffic is incoming, not outgoing."

question 1.  so how do i also allow external clients to download wsus updates or can i do this via a remote vpn or something ?

note: previously i could not get wsus to download because on install i added selected:8530 which is ok.  then i opened wsus software and also added 8530 which still failed download.  so i changed the wsus software to 80 and it synced ok..!! so now i under stand.
0
 

Author Closing Comment

by:mikey250
ID: 39292586
i can now download wsus updates which i resolved myself!  but will allocate points still to expert as all advice is definately useful.

the only issue i had was that all my configurations were correct except after installing wsus i added port 8530 for the initial detection, which was incorrect and should have still been port 80.  due to gpo already set to point to: 8530 also

appreciated
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question