Solved

how to configure wsus server for port 8530

Posted on 2013-06-05
9
3,724 Views
Last Modified: 2013-07-02
hi i have a windows 2003 domain/gpo network and i have successfully downloaded updates via my wsus domain member server via port 80.

note: i have removed port 80 and replaced gpo with:

http:wsus:8530 via gpo

step 1

i have uninstalled and removed all traces of wsus software

step 2

re-installed clean wsus software via port 8530 successfully

step 3

configured isa 2006 vpn

selected toolbox tab
selected 'user defined'
added 'outbound tcp traffic'
added from: 8530 to: 8530

name: wsus
action: allow
protocols: outbound tcp traffic
from/listener: wsus server
to: external
condition: all authenticated users/all users

step 3

ran wsus wizard to connect but failed

note: i think i may need to download some 'script' to get this to work but not sure!

qns1.  can anyone help as not sure how to activate https if this needs to also be configured ?
0
Comment
Question by:mikey250
  • 4
  • 3
  • 2
9 Comments
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 200 total points
ID: 39226055
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 200 total points
ID: 39226073
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 300 total points
ID: 39226512
Not sure if you mean the client or the server sync?

The server connect to microsoft on the default ports (80 or 443, not configurable) or to an upstream WSUS (a second WSUS in your network, configurable).
You may have to set additionally a proxy server

WSUS - Options - Update Source

The client connects to WSUS via
http:\\wsus:8530
or
https:\\wsus:8531

The ports are configured in IIS and published to the clients via gpo.
For SSL, you need also a certificate on hte IIS

The actual port you can see, if you click in WSUS on your server name.

For ISA, there is usually no need for 8530, with the exception that you want to allow clients to contact ISA from outside. But in this case I would say, the traffic is incoming, not outgoing.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:mikey250
ID: 39229991
hi dstewartjr, (qns = question) :)

my wsus install appears to be simular to your below url:

Install and configure WSUS 3.0 SP2 – Step-By-Step(Including ISA 2006)
http://araihan.wordpress.com/2009/08/13/install-and-configure-wsus-3-0-sp2-step-by-step/ 

note:

the reason for wanting to know how to download wsus updates from microsoft to a single wsus domain member server was because i wish to use exchange 2003, hence port 8530..!!

in my gpo i added:

\\wsus:8530

question1.

but according to above url, it states to follow 'web publishing rule' - this i have not done for wsus via 8530 .. ?

question2.

also i do not have a webpage so do i still complete 'web publishing rule' if i still require use of port: 8530 - ?
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 300 total points
ID: 39230738
Your GPO has to be http://wsus:8530
The GPO is only for your clients to connect to WSUS

Question 1
What do you want to do with port 8530 on the ISA?
Only if you want to connect external clients to your WSUS via ISA, there is a need to publish this port through ISA.

The port for the sync with Microsoft is set by Microsoft, no way to change it. Neither there is a possibility to cahnge the port nor MS would listen to a different port.

Question 2
same answer.

What is your concern with Exchange? I can not see any connection between Exchange and WSUS. Exchange offers Web Acces via port 80 or 443 incoming, while WSUS needs just port 80 outgoing like every client, which connects to the internet.
0
 

Author Comment

by:mikey250
ID: 39241136
hi bembi, i have now my wsus domain member server working now!

yes my gpo was set to: http:wsus:8530 - my previous comments showed a typo - all ok

currently i have no external clients that need to connect to my wsus so presumably i should remove my 'web listener' for my wsus server ?

i was advised that if i am to run exchange on my server and also wish to run wsus on same exchange server, then i should configure: http://wsus:8530 and exchange will use by default port 80 as normal
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 300 total points
ID: 39249489
> should remove my 'web listener' for my wsus server ?
You want to say, you installed WSUS on a ISA Server?
Not sure if this is a good idea....
You don't need a listener for WSUS. If you have WSUS on ISA, you may have to create a protocoll definition for port 8530 and maybe a rule, that this traffic is allowed (but only if WSUS is on ISA).

> i was advised that....
WSUS can produce heavy load, so should be stand olone if possible. Nevertheless WSUS and Exchange don't bite each other (with ports).
0
 

Accepted Solution

by:
mikey250 earned 0 total points
ID: 39249621
hi bembi,

no i do not have wsus on my isa.. :)

wsus is standalone currently..! but i wish to also add exchange 2003 for now (later) as you say the following:

"wsus can produce heavy load, so should be stand olone if possible. nevertheless wsus and exchange don't bite each other (with ports)" - hence wsus on 8530 and exchange for 80..!

was advised by other expert to add web listener on isa to allow wsus to download... ok i will remove web listener and re-confirm wsus still ok... thanks!! :)

you say below comment previously:

"for isa, there is usually no need for 8530, with the exception that you want to allow clients to contact isa from outside. but in this case I would say, the traffic is incoming, not outgoing."

question 1.  so how do i also allow external clients to download wsus updates or can i do this via a remote vpn or something ?

note: previously i could not get wsus to download because on install i added selected:8530 which is ok.  then i opened wsus software and also added 8530 which still failed download.  so i changed the wsus software to 80 and it synced ok..!! so now i under stand.
0
 

Author Closing Comment

by:mikey250
ID: 39292586
i can now download wsus updates which i resolved myself!  but will allocate points still to expert as all advice is definately useful.

the only issue i had was that all my configurations were correct except after installing wsus i added port 8530 for the initial detection, which was incorrect and should have still been port 80.  due to gpo already set to point to: 8530 also

appreciated
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question