Windows Updates over VPN

carob65
carob65 used Ask the Experts™
on
Unable to update Win8.1 devices over VPN - devices appear in SCCM, so are SEEN by SCCM/WSUS.

Extract of windowsupdate.log from client device:

2015-07-21      11:07:27:931       420      10a0      Agent        * Include potentially superseded updates
2015-07-21      11:07:27:931       420      10a0      Agent        * Online = Yes; Ignore download priority = Yes
2015-07-21      11:07:27:931       420      10a0      Agent        * Criteria = "(DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')"
2015-07-21      11:07:27:931       420      10a0      Agent        * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2015-07-21      11:07:27:931       420      10a0      Agent        * Search Scope = {Machine}
2015-07-21      11:07:27:931       420      10a0      Agent        * Caller SID for Applicability: S-1-5-18
2015-07-21      11:07:27:931       420      10a0      Agent        * RegisterService is set
2015-07-21      11:07:27:931       420      10a0      EP      Got WSUS Client/Server URL: "http://servername.local:8530/ClientWebService/client.asmx"
2015-07-21      11:07:28:431       420      10a0      PT      +++++++++++  PT: Synchronizing server updates  +++++++++++
2015-07-21      11:07:28:431       420      10a0      PT        + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://servername.local:8530/ClientWebService/client.asmx
2015-07-21      11:07:28:431       420      10a0      PT      WARNING: Cached cookie has expired or new PID is available
2015-07-21      11:07:28:431       420      10a0      EP      Got WSUS SimpleTargeting URL: "http://servername.local:8530"
2015-07-21      11:07:28:431       420      10a0      IdleTmr      WU operation (CAuthorizationCookieWrapper::InitializeSimpleTargetingCookie) started; operation # 6; does use network; is at background priority
2015-07-21      11:07:28:431       420      10a0      PT      Initializing simple targeting cookie, clientId = 033c840a-86a4-43e4-95f1-ce649aed8dfc, target group = , DNS name = device.domain.local
2015-07-21      11:07:28:431       420      10a0      PT        Server URL = http://servername.local:8530/SimpleAuthWebService/SimpleAuth.asmx
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Nws Failure: errorCode=0x803d0006
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Original error code: 0x80072ee2
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Error string with resource id '0x81' is not found for the language id '0x809'.
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Could not get error string (errorCode=0x80073b01)
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: MapToSusHResult mapped Nws error 0x803d0006 to 0x8024401c
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Web service call failed with hr = 8024401c.
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Current service auth scheme='None'.
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Proxy List used: '(null)', Bypass List used: '(null)', Last Proxy used: '(null)', Last auth Schemes used: 'None'.
2015-07-21      11:07:49:478       420      10a0      WS      FATAL: OnCallFailure failed with hr=0X8024401C
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: NWS retry 1 for transient error 0x8024401C
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Nws Failure: errorCode=0x803d0006
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Original error code: 0x80072ee2
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Could not get error string (errorCode=0x80073b01)
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: MapToSusHResult mapped Nws error 0x803d0006 to 0x8024401c
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Web service call failed with hr = 8024401c.
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Current service auth scheme='None'.
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Proxy List used: '(null)', Bypass List used: '(null)', Last Proxy used: '(null)', Last auth Schemes used: 'None'.
2015-07-21      11:08:12:514       420      10a0      WS      FATAL: OnCallFailure failed with hr=0X8024401C
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: NWS retry 2 for transient error 0x8024401C
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Nws Failure: errorCode=0x803d0006
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Original error code: 0x80072ee2
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Could not get error string (errorCode=0x80073b01)
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: MapToSusHResult mapped Nws error 0x803d0006 to 0x8024401c
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Web service call failed with hr = 8024401c.
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Current service auth scheme='None'.
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Proxy List used: '(null)', Bypass List used: '(null)', Last Proxy used: '(null)', Last auth Schemes used: 'None'.

Feels like a proxy/firewall issue, but could od with some Expert guidance please?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Client probably can't resolve this link: http://servername.local:8530/ClientWebService/client.asmx
You should tell the VPN profile to use the DNS server from the domain instead of the DNS server of where the client is at that time.

You can tell by pinging servername.local when the VPN is connected. Until it replies back, you didn't solve your DNS problems yet.
Commented:
Looks like it was a Firewall port issue. DNS was fine.

Author

Commented:
Thank you for your response. This was a Firewall port issue and not DNS.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial