I recently had to do some updating to my IIS7.5 server that runs WSUS and Exchange 2010 Web Services. After finally getting autodiscover to work, I can no longer synchronize WSUS to the Microsoft site. When I try to do so, I get the following message.
The error type is unknown.
TypeInitializationException: The type initializer for 'Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy' threw an exception. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
at Microsoft.UpdateServices.Internal.ClassFactory.CreateInstance(Type type, Object args)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.GetWebServiceProxyInternal(UpdateServerConfiguration serverConfig, WebServiceCommunicationHelper webServiceHelper, Boolean useCompressionProxy)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.GetWebServiceCompressionProxy(UpdateServerConfiguration serverConfig, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
It appears to be related to SSL/TLS negotiation. There are also the following errors in the Applicaton Log
Error Windows Server Update Services, Event ID 13042 Task Category 6, Self-update is not working.
Error Windows Server Update Services, Event ID 10022 Task Category 7, The last catalog synchronization attempt was unsuccessful.
Error Windows Server Update Services, Event ID 12002, Task Category 9, The Reporting Web Service is not working.
Error Windows Server Update Services, Event ID 12012, Task Category 9, The API Remoting Web Service is not working.
Error Windows Server Update Services, Event ID 12022, Task Category 9, The Client Web Service is not working.
Error Windows Server Update Services, Event ID 12042, Task Category 9, The SimpleAuth Web Service is not working.
Error Windows Server Update Services, Event ID 12052, Task Category 9, The DSS Authentication Web Service is not working.
All of the client computers are able to connect to WSUS, and are reporting their status, the only issue is with the server not being able to synchronize.
Set up Server 2008 R2 and MS Exchange 2010 using domain.local.
Obtained GoDaddy UCC Certificate that listed both domain.com and domain.local for mail., autodiscover., etc...
Installed WSUS 2.0 (have since moved to latest version).
Everything worked fine.
When the certificate expired, I had to purchase a new UCC certificate. GoDaddy took away the ability to have .local as a alt subject. Still things were working OK.
I ran into some problems over the past weekend trying to make a configuration change (web redirect for domain.com to go to our www site hosted on another server (compliance reasons). Broke a lot of things, but got everything running OK for Exchange (no more certificate errors, autodiscover, which never worked correctly in the past now fixed, etc...). I did this by changing the local server for a number of the services in IIS7.5 to the domain.com or mail.domain.com instead of domain.local or mail.domain.local.
After all was fixed, tried to open the MMC for WSUS. It wouldn't connect to the computer, which in the past was connected to simply by entering the computer name MAILSERVER1. Was able to connect using MAIL.DOMAIN.COM or DOMAIN.COM instead. However, now I can't get synchronizations to work. I have checked to make sure the locally generated certificate was in the trusted store, it is. I have also double, triple and quadruple checked all IIS security and authentication settings. All appear to be OK.
Does anyone know what would be causing the error above? I am at my wits end, and about to either move WSUS to a different server (really don't want to screw up Exchange again), or abandon it (which I hate to do because a number of our users don't install updates when prompted, or don't tell me if they have an error installing an update...very nice to be able to monitor from WSUS).
Thanks in advance to the wizard who can help me solve this problem.