Solved

how to configure wsus server for port 8530

Posted on 2013-06-05
9
3,596 Views
Last Modified: 2013-07-02
hi i have a windows 2003 domain/gpo network and i have successfully downloaded updates via my wsus domain member server via port 80.

note: i have removed port 80 and replaced gpo with:

http:wsus:8530 via gpo

step 1

i have uninstalled and removed all traces of wsus software

step 2

re-installed clean wsus software via port 8530 successfully

step 3

configured isa 2006 vpn

selected toolbox tab
selected 'user defined'
added 'outbound tcp traffic'
added from: 8530 to: 8530

name: wsus
action: allow
protocols: outbound tcp traffic
from/listener: wsus server
to: external
condition: all authenticated users/all users

step 3

ran wsus wizard to connect but failed

note: i think i may need to download some 'script' to get this to work but not sure!

qns1.  can anyone help as not sure how to activate https if this needs to also be configured ?
0
Comment
Question by:mikey250
  • 4
  • 3
  • 2
9 Comments
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 200 total points
Comment Utility
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 200 total points
Comment Utility
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 300 total points
Comment Utility
Not sure if you mean the client or the server sync?

The server connect to microsoft on the default ports (80 or 443, not configurable) or to an upstream WSUS (a second WSUS in your network, configurable).
You may have to set additionally a proxy server

WSUS - Options - Update Source

The client connects to WSUS via
http:\\wsus:8530
or
https:\\wsus:8531

The ports are configured in IIS and published to the clients via gpo.
For SSL, you need also a certificate on hte IIS

The actual port you can see, if you click in WSUS on your server name.

For ISA, there is usually no need for 8530, with the exception that you want to allow clients to contact ISA from outside. But in this case I would say, the traffic is incoming, not outgoing.
0
 

Author Comment

by:mikey250
Comment Utility
hi dstewartjr, (qns = question) :)

my wsus install appears to be simular to your below url:

Install and configure WSUS 3.0 SP2 – Step-By-Step(Including ISA 2006)
http://araihan.wordpress.com/2009/08/13/install-and-configure-wsus-3-0-sp2-step-by-step/

note:

the reason for wanting to know how to download wsus updates from microsoft to a single wsus domain member server was because i wish to use exchange 2003, hence port 8530..!!

in my gpo i added:

\\wsus:8530

question1.

but according to above url, it states to follow 'web publishing rule' - this i have not done for wsus via 8530 .. ?

question2.

also i do not have a webpage so do i still complete 'web publishing rule' if i still require use of port: 8530 - ?
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 300 total points
Comment Utility
Your GPO has to be http://wsus:8530
The GPO is only for your clients to connect to WSUS

Question 1
What do you want to do with port 8530 on the ISA?
Only if you want to connect external clients to your WSUS via ISA, there is a need to publish this port through ISA.

The port for the sync with Microsoft is set by Microsoft, no way to change it. Neither there is a possibility to cahnge the port nor MS would listen to a different port.

Question 2
same answer.

What is your concern with Exchange? I can not see any connection between Exchange and WSUS. Exchange offers Web Acces via port 80 or 443 incoming, while WSUS needs just port 80 outgoing like every client, which connects to the internet.
0
 

Author Comment

by:mikey250
Comment Utility
hi bembi, i have now my wsus domain member server working now!

yes my gpo was set to: http:wsus:8530 - my previous comments showed a typo - all ok

currently i have no external clients that need to connect to my wsus so presumably i should remove my 'web listener' for my wsus server ?

i was advised that if i am to run exchange on my server and also wish to run wsus on same exchange server, then i should configure: http://wsus:8530 and exchange will use by default port 80 as normal
0
 
LVL 35

Assisted Solution

by:Bembi
Bembi earned 300 total points
Comment Utility
> should remove my 'web listener' for my wsus server ?
You want to say, you installed WSUS on a ISA Server?
Not sure if this is a good idea....
You don't need a listener for WSUS. If you have WSUS on ISA, you may have to create a protocoll definition for port 8530 and maybe a rule, that this traffic is allowed (but only if WSUS is on ISA).

> i was advised that....
WSUS can produce heavy load, so should be stand olone if possible. Nevertheless WSUS and Exchange don't bite each other (with ports).
0
 

Accepted Solution

by:
mikey250 earned 0 total points
Comment Utility
hi bembi,

no i do not have wsus on my isa.. :)

wsus is standalone currently..! but i wish to also add exchange 2003 for now (later) as you say the following:

"wsus can produce heavy load, so should be stand olone if possible. nevertheless wsus and exchange don't bite each other (with ports)" - hence wsus on 8530 and exchange for 80..!

was advised by other expert to add web listener on isa to allow wsus to download... ok i will remove web listener and re-confirm wsus still ok... thanks!! :)

you say below comment previously:

"for isa, there is usually no need for 8530, with the exception that you want to allow clients to contact isa from outside. but in this case I would say, the traffic is incoming, not outgoing."

question 1.  so how do i also allow external clients to download wsus updates or can i do this via a remote vpn or something ?

note: previously i could not get wsus to download because on install i added selected:8530 which is ok.  then i opened wsus software and also added 8530 which still failed download.  so i changed the wsus software to 80 and it synced ok..!! so now i under stand.
0
 

Author Closing Comment

by:mikey250
Comment Utility
i can now download wsus updates which i resolved myself!  but will allocate points still to expert as all advice is definately useful.

the only issue i had was that all my configurations were correct except after installing wsus i added port 8530 for the initial detection, which was incorrect and should have still been port 80.  due to gpo already set to point to: 8530 also

appreciated
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now