Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: trouble using SSL on WSUS

from [Randhir Vayalambrone] Network Security [Permanent Link]
Subject: Re: trouble using SSL on WSUS
Date: Tue, 14 Mar 2006 15:32:15 -0800 (PST) 
This should help,
 
http://update.microsoft.com/windowsupdate/v6/showarticle.aspx?articleid=12&ln=en&IsMu=False
 
 
Randhir Vayalambrone 
Cell: +1 (717) 350-1177 
"Some men see things as they are and say why... I dream of things that never 
were and say why not." 
GBS


----- Original Message ----
From: Bart Poort <bggp@xs4all.nl>
To: focus-ms@securityfocus.com
Sent: Tuesday, March 14, 2006 10:23:33 AM
Subject: trouble using SSL on WSUS


Hi,

I having some trouble using SSL on WSUS. I configured the server and the
clients according to the deployment guide. The clients aren't having any
problemens when downloading updates through http. I have an unofficially
signed certificate and imported it in Internet Information Services
managen. I activated ssl for the clientwebservice, dssauthwebservice,
serversyncwebservice, simpleauthwebservice and wsusadmin.

I configured the client to use the WSUS server through https. When i force
the client to check for new updates (wuauclt /detectnow) the following
errormessage appears in the WindowsUpdate log:

2006-03-14    15:17:23    1048    d38    AU    #############
2006-03-14    15:17:23    1048    d38    AU    ## START ##  AU: Search for 
updates
2006-03-14    15:17:23    1048    d38    AU    #########
2006-03-14    15:17:23    1048    d38    AU    <<## SUBMITTED ## AU: Search for 
updates
[CallId = {C535C51C-A97E-4447-920F-C26B349DD626}]
2006-03-14    15:17:23    1048    428    Agent    *************
2006-03-14    15:17:23    1048    428    Agent    ** START **  Agent: Finding 
updates
[CallerId = AutomaticUpdates]
2006-03-14    15:17:23    1048    428    Agent    *********
2006-03-14    15:17:23    1048    428    Misc    WARNING: Send failed with hr = 
80072f8f.
2006-03-14    15:17:23    1048    428    Misc    WARNING: SendRequest failed 
with hr =
80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp: 
SendRequestUsingProxy
failed for <https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab>. error
0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp: 
ShouldFileBeDownloaded
failed with 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: Send failed with hr = 
80072f8f.
2006-03-14    15:17:23    1048    428    Misc    WARNING: SendRequest failed 
with hr =
80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp: 
SendRequestUsingProxy
failed for <https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab>. error
0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp: 
ShouldFileBeDownloaded
failed with 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: Send failed with hr = 
80072f8f.
2006-03-14    15:17:23    1048    428    Misc    WARNING: SendRequest failed 
with hr =
80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp: 
SendRequestUsingProxy
failed for <https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab>. error
0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp: 
ShouldFileBeDownloaded
failed with 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: Send failed with hr = 
80072f8f.
2006-03-14    15:17:23    1048    428    Misc    WARNING: SendRequest failed 
with hr =
80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth
Schemes used : <>
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp: 
SendRequestUsingProxy
failed for <https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab>. error
0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp:
SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp:
SendRequestToServerForFileInformation failed with 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: WinHttp: 
ShouldFileBeDownloaded
failed with 0x80072f8f
2006-03-14    15:17:23    1048    428    Misc    WARNING: DownloadFileInternal 
failed for
https://windowsupdate.xxxxxx.nl/selfupdate/wuident.cab: error 0x80072f8f
2006-03-14    15:17:23    1048    428    Setup    FATAL: IsUpdateRequired 
failed with
error 0x80072f8f
2006-03-14    15:17:23    1048    428    Setup    WARNING: SelfUpdate: Default 
Service:
IsUpdateRequired failed: 0x80072f8f
2006-03-14    15:17:23    1048    428    Setup    WARNING: SelfUpdate: Default 
Service:
IsUpdateRequired failed, error = 0x80072F8F
2006-03-14    15:17:23    1048    428    Agent      * WARNING: Skipping scan, 
self-update
check returned 0x80072F8F
2006-03-14    15:17:23    1048    428    Agent      * WARNING: Exit code = 
0x80072F8F
2006-03-14    15:17:23    1048    428    Agent    *********
2006-03-14    15:17:23    1048    428    Agent    **  END  **  Agent: Finding 
updates
[CallerId = AutomaticUpdates]
2006-03-14    15:17:23    1048    428    Agent    *************
2006-03-14    15:17:23    1048    428    Agent    WARNING: WU client failed 
Searching for
update with error 0x80072f8f
2006-03-14    15:17:23    1048    428    AU    >>##  RESUMED  ## AU: Search for 
updates
[CallId = {C535C51C-A97E-4447-920F-C26B349DD626}]
2006-03-14    15:17:23    1048    428    AU      # WARNING: Search callback 
failed,
result = 0x80072F8F
2006-03-14    15:17:23    1048    428    AU    #########
2006-03-14    15:17:23    1048    428    AU    ##  END  ##  AU: Search for 
updates
[CallId = {C535C51C-A97E-4447-920F-C26B349DD626}]
2006-03-14    15:17:23    1048    428    AU    #############
2006-03-14    15:17:23    1048    428    AU    AU setting next detection 
timeout to
2006-03-14 15:15:01
2006-03-14    15:17:28    1048    428    Report    REPORT EVENT:
{96D02F42-470E-4CB4-A0B0-D68D39890A33}    2006-03-14
15:17:23+0100    1    148    101    {D67661EB-2423-451D-BF5D-13199E37DF28}    0 
   80072f8f    SelfUpdate    Failure    Software
Synchronization    Error: Agent failed detecting with reason: 0x80072f8f

I've read on serveral sites that the server certificate has to be imported
to the client local Trusted Root CA so this is what i did.

I've made an export of the certificate on the wsus server (pfx format). I
copied it to one of my clients just to test it. I tried to import the
certificate to the local computer Trusted Root CA but it still doesn't
seem to work :-(. When i take a look at the certificate overview (on
Trusted Root CA, ALL view) my certificate appears not to be listed. So i
impoted the certificate but it isn't listed. where did it go?

Maybe this isn't the solution to my problem. If so, can anyone tell me
where to look?

Thanks in advance,

Bart


---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: trouble using SSL on WSUS, Devin Ganger
Next by Date:  Re: trouble using SSL on WSUS, Gaddis, Jeremy L.
Previous by Thread:  trouble using SSL on WSUS, Bart Poort
Next by Thread:  Re: trouble using SSL on WSUS, Gaddis, Jeremy L.
Indexes:  [Date] [Thread] [Top] [All Lists]