We help IT Professionals succeed at work.

HTTP error occurred in WSUS

Hey IT people

I'm setting up a WSUS server, but when I reach the point to test the connection, it gives me this message :"HTTP error occurred"

Screenshot--3-.png
I contact the network team before I start to make sure they allow the connection on http and https, 80 & 443, 8350 & 8351 ports.

and to allow the connection to these urls:
http://windowsupdate.microsoft.com

http://*.windowsupdate.microsoft.com

https://*.windowsupdate.microsoft.com

http://*.update.microsoft.com

https://*.update.microsoft.com

http://*.windowsupdate.com

http://download.windowsupdate.com

https://download.microsoft.com

http://*.download.windowsupdate.com

http://wustat.windows.com

http://ntservicepack.microsoft.com

http://go.microsoft.com

http://dl.delivery.mp.microsoft.com

https://dl.delivery.mp.microsoft.com

but still facing this error.
Comment
Watch Question

ZeropointNRGHedge Fund Manager
CERTIFIED EXPERT

Commented:
Try via proxy. Might be an internet filtering problem. Also launch the IIS console, delete the existing WSUS Administration site, and re-initiate the post-installation tasks.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
ZeropointNRG

Try via proxy. Might be an internet filtering problem. Also launch the IIS console, delete the existing WSUS Administration site, and re-initiate the post-installation tasks.


So if I launched the IIS console, deleted the existing WSUS Administration site, and re-initiated the post-installation tasks, would this fix my problem or it's another thing?
NoahHardware Tester and Debugger
CERTIFIED EXPERT

Commented:
Hi there! :)

The last time I solved the same issue for someone, I just had to update the .NET Framework to the latest version. Perhaps, you can try that before running everything again?
ZeropointNRGHedge Fund Manager
CERTIFIED EXPERT

Commented:
If you can't fix it any other way, try that. It usually works for not only that specific problem.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:


Noah
Hi there! :)

The last time I solved the same issue for someone, I just had to update the .NET Framework to the latest version. Perhaps, you can try that before running everything again?


tried it, didn't work :(
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
ZeropointNRG

Try via proxy. Might be an internet filtering problem. Also launch the IIS console, delete the existing WSUS Administration site, and re-initiate the post-installation tasks.

I'll try it now. but could you please give me step by step guide to do this, coz I'm kinda new in this
ZeropointNRGHedge Fund Manager
CERTIFIED EXPERT

Commented:
Open IIS manager > Sites > Right click WSUS Administration site and remove it.

Then run wsusutil in cmd.

cd /d C:\Program Files\Update Services\Tools

C:\Program Files\Update Services\Tools>wsusutil postinstall

Open in new window

Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
ZeropointNRG

Open IIS manager > Sites > Right click WSUS Administration site and remove it.

Then run wsusutil in cmd.

cd /d C:\Program Files\Update Services\Tools

C:\Program Files\Update Services\Tools>wsusutil postinstall

done. still doesn't connect :(
ZeropointNRGHedge Fund Manager
CERTIFIED EXPERT

Commented:
Make sure your admin team have allowed those URLs, or they aren't blocked in the hosts file. Also again, connect to a VPN or Proxy and try again. Also you can try disabling UAC for a moment and try then. This also could jut be MS's problem, just keep trying..
ZeropointNRGHedge Fund Manager
CERTIFIED EXPERT

Commented:
Also, try stopping and restarting the service.

Don't forget to change your directory to " C:\Program Files\Update Services\Tools" before running the below commands in cmd. (Also don't forget to run cmd as admin.)
cmd
net stop wsusservice
net start wsusservice

powershell
Stop-Service wsusservice
Start-Service wsusservice
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
ZeropointNRG

Also, try stopping and restarting the service.

Don't forget to change your directory to " C:\Program Files\Update Services\Tools" before running the below commands in cmd. (Also don't forget to run cmd as admin.)
cmd
net stop wsusservice
net start wsusservice

powershell
Stop-Service wsusservice
Start-Service wsusservice

I've done everything, except the proxy thing.
But I'll see what I can do about the proxy
ZeropointNRGHedge Fund Manager
CERTIFIED EXPERT

Commented:
What .NET version is WSUS using in your application pool?

It's either your connection is being filtered, those sites are being filtered, an update or it's on MS's end.
ZeropointNRGHedge Fund Manager
CERTIFIED EXPERT

Commented:
Don't forget the good old system reboots.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
ZeropointNRG

What .NET version is WSUS using in your application pool?

It's either your connection is being filtered, those sites are being filtered, an update or it's on MS's end.

I've updated it to the last version as Noah recommended.
I agree with you, i think it's connection problem, but I post the issue here because I am new to this and I thought maybe there is something missing
ZeropointNRGHedge Fund Manager
CERTIFIED EXPERT

Commented:
Yes, but what version are you using in your application pool in IIS?

Also, are you sure you disabled UAC?

Use this reg file to make sure.
And the other to re-enable it after you've tested.
uac_disable.reg
uac_enable.reg
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
ZeropointNRG

Yes, but what version are you using in your application pool in IIS?

Also, are you sure you disabled UAC?
Use this reg file to make sure.

And the other to re-enable it.
uac_disable.reg

.net v4.5
ZeropointNRGHedge Fund Manager
CERTIFIED EXPERT

Commented:
Okay. Did you try the uac disable yet? Short of reinstalling everything, I'm at a loss.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
8350/8351 are not commonly known ports on proxies.
You have to decide on which ports your WSUS server is setup. Is it on port 80,443 or is it on ports 8350/8351 both can not be true.

 check the IIS configuration on the system where the WSUS server is setup and that will tell you whether you are using the ports 80/443 or the others.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
arnold

8350/8351 are not commonly known ports on proxies.
You have to decide on which ports your WSUS server is setup. Is it on port 80,443 or is it on ports 8350/8351 both can not be true.

 check the IIS configuration on the system where the WSUS server is setup and that will tell you whether you are using the ports 80/443 or the others.

I've requested that both 8350/8351 and 80/443 to be open so I avoid any errors like I'm facing now

I don't think it's ports problem, unless they lied to me 😅
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
The issue is the first sentence of the error says it all, it says it is an IO error that it could not communicate because the connection on the other side was "forcibly closed"


Before checking on the end point and issue arising from that, always take the time to make sure your WSUS server setup is as you expect.

Check IIS on the wsus server and determine on which ports it is bound.
Use a command windows on the server and run:
netstat -an | find /i "listen"
Do you see 8350/8351 in the listen list?
if you do, check the windows firewall on the server and make sure incoming ports 8350/8351 are allowed in.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
arnold

Check IIS on the wsus server and determine on which ports it is bound.

How?




Use a command windows on the server and run:
netstat -an | find /i "listen"
Do you see 8350/8351 in the listen list?
if you do, check the windows firewall on the server and make sure incoming ports 8350/8351 are allowed in.

yes i see these ports in the listen list, and i made sure they are allowed in the incoming ports in the server
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
now when configuring the destination host is it showing 8350?
The image you posted is of an error it does not indicate what host/port it is set to connect to.

In administrative tool., open Internet Information Service.
or access the computer management, local roles, IIS, etc. look within the sites binding on the sites should tell you what ports they are bound to.

not 8351 is the data retrieval port the console should be accessing 8350
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
not sure why you would specify a proxy in this circumstance.
go back through and validate what your settings are at each step
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
Arnold

I've never dealt with IIS before.
Could you please specify where could I find the sites binding?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
you have to go through the server management, local server, look at the tools for internet information manager. There you should see sites, clicking on any will expand the listing and on the right you will see bindings....

Do you actually have a proxy in your environment that you specify?

IIS is the web server

open a browser and try
http://wsusserver:8350/Content what response do you get
try
http://wsusserver/Content what response do you get
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
bindings.JPG
wsusserver-8350.JPG
wsusserver.JPG
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Wsusserver is an example and needs to be replaced with the name of your server.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
It doesn't connect anyway.

I'm thinking maybe it's something with the proxy, I'll check this out
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
In what stage is the proxy involved? Do you need the WSUS server to go through a proxy to get out to MS to download the metadata/content?

Or/And your systems have to go through a proxy to reach the wsus server?
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
arnold

In what stage is the proxy involved? Do you need the WSUS server to go through a proxy to get out to MS to download the metadata/content?

Or/And your systems have to go through a proxy to reach the wsus server?

I was in doubt but now I'm sure that we don't even have proxy server

I really don't know why it's not connecting to MS 😩
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
The test is not for MS. The test is to connect to the WSUS server.

What is the setup in your enviornment.
If this is the only server, there should not be an upstream server. The options you choose at each stage should be based on what you have.

It is not clear to me what you issue is as it is not clear to me what you are setting.

The process configured IIS, site for 8350/8351
Does this system have a way to the outside, loop at the Ipconfig whether it has a default gateway defined. and can this system ping the default gateway?

A sole WSUS has no upstream server, if you mistakenly entered an upstream server and pointed it to an MS host, that might be your issue.

The upstream server is only used when you need to chain a set of your own wsus servers to provide a uniform update/install and control it from a central location.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
This is the only server
Or the first of the chain, I'll configure the others after I finish with this. So I think it must me the upstream server, right?
And no proxy. After i specify these two settings, I test the connection, and in this point I face the issue mentioned.

And yes the server has a default gateway and it can ping to it
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
No upstream server.

check for windows update and apply them, and try again.

Something/things do not make sense.

The database you are using the builtin or are you using one in the SQL server?
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
I'm using the the builtin database
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I do not undertand when you test connect where it is trying to connect to when the error shows. up.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
It's clear in the photo
From the very beginning after adding the role

I'll show you the windows if you want
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Before the image you posted, there are five to six steps you went through configuring the role.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
What network configuration did you setup?
At each interval a choice made might be what explains your situation.
Potentially binding to a network adapter without a vonnection.

I can not say from you provided where the issue is, but the error says the connection could not be made.

Do you ave update in the administrative tools, that you can access and Ho through the options. Or the connection test prevents the wsus from being accessible?
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
What network configuration did you setup?
At each interval a choice made might be what explains your situation.
Potentially binding to a network adapter without a vonnection.

I can not say from you provided where the issue is, but the error says the connection could not be made.


I just requested from the network department to allow the ports and urls that I mentioned, which is from Microsoft document. If there are more configuration I'll be glad to hear them

Do you ave update in the administrative tools, that you can access and Ho through the options. Or the connection test prevents the wsus from being accessible?

The connection test prevents me to go the next step, but when I click cancel, i can proceed to wsus without configure anything.
If there are things I must do in wsus or iis, please tell me
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
If you would guide me step by step, i could delete the whole image and start over
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Please look within the administrative tools to see whether you have an update server MMC

The error is not helpful.  I do not believe it is an issue with the .net, though you could go through the settings and check if updates are available and update the system.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
there is no update server MMC in the administrative tools.
and I even can't update the system. "we couldn't connect to the update service"
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Please use the back button and post each image and the options you have selected.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
choose-upstream-server.JPGBecause I don't have an upstream server so I choose this

specify-proxy-server.JPGBecause I don't have proxy in my network
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Look at IIS, enable directory browsing.
Http://ypurwsusservername:8530 do you see a directory structure including Content, selfupdate?
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
no
I just see the date and time when I enabled the directory browsing
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
If you explore the directory from iis for the site, ...

Has this server been able to access Microsoft to download updates for itself?
This will check whether the request you made to your networking group are in place.
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
after back and forth with the network department, they allow the whole internet for the server. and now the server was able to connect to microsoft.

thank you all for your assistance.

but I have another question, how could I move wsus content to another partition? is that even safe?
Ammar Bin YahyaVery Junior System Administrator

Author

Commented:
and what the ideal storage for wsus?
if I want to store the updates localy
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
yse, you can use wsusutil.exe to relocate the content from the default location, possible c:\Wsus to D:\wsus

https://docs.microsoft.com/de-de/security-updates/windowsupdateservices/18127395

make sure to create the path to where you want the data moved.
wsusutil.exe movecontent d:\wsus
Very Junior System Administrator
Commented:
Thank you all for your time and assistance.
Specially Arnold

Issue resolved by network department when they allowed the whole internet to the wsus server
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Thanks for the mention, but why did you select your post as the solution versus my several comments dealing with connection related siggestions?