I want to share experience that which normally comes on my day to day technical life. If we do anything on domain environment and managing device quite simpler but while working on workgroup of the server and dealing with that quite challenges. I will be presenting here that scenario that new implementation on AMAZON Cloud as customer is providing service as VM and none of the device are in domain. Requester want to implement complete WSUS solutions with SSL to patch all the provided VMs which hosted on Amazon Cloud. Each vms are in network but not connected with domain.
Issue Reported :
Requester want to implement WSUS with SSL which all device are on workgroup. WSUS console is not opening after configuring on SSL (Https) -8531
Requester holding below information:
WSUS on windows server 2012 R2 standalone (workgroup) on port 8351
wildcard certificate from my trusted Root CA authority.
Imported Trusted Root CA store.
Binding has been done on IIS for these virtual directory
Executed these command c:\Program Files\Update Services\Tools\ WSUSUTIL.exe configuressl <FQDN NAME>
Point 1: Considering that as we can installed WSUS many ways like internal DB or SQL. How to configure WSUS Refer this URL
Point 2: Now you have implemented WSUS with 8531 as SSL (Refer this URL for reference that how to implement SSL) After implement SSL WSUS Console is not getting open.
To reaching nearest solution executed below command to get more details c:\Program Files\Update Services\Tools\ WSUSUTIL.exe CheckHealth
It will give information error on event viewer. By seeing even view found many events ID reported with number : 12052,12042, 12022, 12032, 12012, 12002,13042
Point 3: By seeing error message on console found that as configure wile card certificate has DNA name. *.XYZ.NET but server has name like ABC and part of work group.
Note: SSL Configure with issue certificate including DNS name entry, However whenever we have to open WSUS it has to resolve complete name but actually it was taking Local Name (ABC). To fixing issue.
Point 4: This will report issue when SSL is not getting handshake getting file with local Host name of the servers (Primary DNS Suffix ) to match the name of the servers FQDN (the same as on the SSL certificate).
The detail steps as following:
Go to Control Panel -> System and Security -> System.
under Computer Name, Domain and Workgroup Settings, click Change Settings.
Then, you can set the Primary DNS Suffix for your server.
Below are the screen shot for reference:
After provided above information restarted wsus service and open console and it will open with SSL as needed.
Hope these will help you, Happy Learning!!!
Email: email@example.com, firstname.lastname@example.org
Follow us: https://www.linkedin.com/in/hiraniconfigmgr