While the requirements of running SCCM/MEMCM in full SSL may be less required theses days with the Cloud Management Gateway being so effective with remote computers management, running the WSUS – Software Update point in SSL is likely to show up as a requirement whenever doing a security audit of your environment. In this post, we will detail the required steps, from the certificate template creation to the client validation on enabling SSL for WSUS and the SCCM Software Update Point. Requirements Any SCCM version Communication on port 8531 must be open on your Firewall Certificate template Creation The first step to enable SSL communication is to create a server certificate for your server. On the server that is running the Certification Authority, open the Certification Authority console (certsrv.mmc), right-click Certificate Templates and select Manage The Certificate Templates management console opens Right-click the Web Server template and then select Duplicate … Read More
Installing an SCCM DP/MP/SUP in an untrusted domain
There may come a time in your SCCM administration days where some special needs may arise. I had such a case recently. Long story short, in our company, we have a windows domain where no trusts exist with our primary domain where SCCM resides. The problem with that is since there is no visibility in between the two domains, how do you get the servers or workstations managed? This post will describe Installing SCCM DP MP SUP in Untrusted Domain. Default settings? Such as a default Windows Update setup. Nah, I like to have some degree of control over who does what and when. Install a standalone WSUS server? Yes, this is a viable option where you can set and forget it. But it probably doesn’t fit with your SCCM setup. Install a completely separate SCCM infrastructure? Sure this works. But… Do you like doubling all your work? I surely … Read More
How to fix SCCM HTTP Error 503 – The service is unavailable
Friday morning, the sun is shining, coffee is flowing… You monitor your SCCM site and find out that your WSUS Synchronization is failing when it was working perfectly yesterday. The first error that you encounter is SCCM HTTP Error 503 The service is unavailable in a couple of places: In Wsyncmgr.log: Sync failed: The request failed with HTTP status 503: Service Unavailable. Source: Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer In Component Status : Monitor / System Status / Component Status SMS_WSUS_SYNC_Manager is in a warning state: WSUS Synchronization failed. Message: The request failed with HTTP status 503: Service Unavailable. Source:Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer If you try to access the URL for the WSUS Administration website (ex: http://SCCM2012:8530) it fails with the error: HTTP Error 503. The service is unavailable What cause SCCM HTTP Error 503 ? Don’t panic, this issues can usually be fixed easily…but not that quickly. There are two main causes of this error: The WsusPool Application Pool … Read More
How to install Software Update Point in SCCM 2012 R2
In this part of SCCM 2012 and SCCM 1511 blog series, we will describe how to install SCCM 2012 R2 or SCCM 1511 Software Update Point (SUP). Role Description The SUP integrates with Windows Server Update Services (WSUS) to provide software updates to Configuration Manager clients. This is not a mandatory Site System but your need to install a SUP if you’re planning to use SCCM as your patch management platform. SCCM 2012 SP1 (and thus R2) integrates new features to the Software Update Point that are well documented in this Technet Article. Site System Role Placement in Hierarchy This Site System is a site-wide option. It’s supported to install this role on a Central Administration Site, child Primary Site, stand-alone Primary Site and Secondary Site. When your hierarchy contains a Central Administration Site, install a SUP and synchronizes with Windows Server Update Services (WSUS) before you install a SUP at any child Primary Site. When you install … Read More