Skip to main content

SCCM WSUS WCM.log - System.Net.WebException: The request failed with HTTP status 404

By
System.Net.WebException: The request failed with HTTP status 404: Not Found.~~   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)

Overview:

I was recently working with a customer who was receiving a HTTP 404 error in the WCM.log.

  • Confirmed the following ports are open (80,443,135,445,8530,8531)
  • WSUS sites are accessible via URL HTTP
  • Boundaries and Boundary groups for content and site assignment are configured correctly for DEV domain.
  • Distribution Point and Management Point roles are fully functionality
  • WSUS on Server2.dev.local manually synchronized from the Internet
  • Remote Registry and remote WMI tested with success.

Lab Environment Expected behaviour:

In my lab environment I have two forests/domains “Contoso.local” and “DEV20.local”; untrusted; Windows firewall ON with default values.

  • I have added the Site System server role (SUP) to Dev20.local  with a “WSUS Server Connection Account” (DEV20\LabAdmin).
  • In the WCM.log (Fig1) you can see the successful connection to the dev2 server. Once this connection is made the WSUS installation is configured as a downstream server and the site will synchronize.
  • Wireshark (Fig2) reveals the connection address, Src +Dst Ports, and the authentication negotiation between the domains and importantly a success connection.
  • I have not been able to recreate the “System.Net.WebException: The request failed with HTTP status 404: Not Found” error within my lab most likely due to the specific infrastructure setup at Client site  (Proxy, Firewall rules) 


Fig 1

Fig 2
Solution:
Remove the Proxy configurations from both the Site Server and Site System. While the site may not Synchronize with Microsoft Update servers, it will still allow connectivity between the Site Server and the Site System. Restart the SMS_Executive Service and review the WCM.log

This proved that the issue at the client site was Proxy related. Sounds like the proxy bypass rules in IE don't seem to apply to the SCCM proxy configuration. dev.local lookups should bypass the proxy.
Client to check rules on the proxy that can intercept traffic bound for non port 80/443 ports and forward accordingly (external sites on random ports). Client to intercept the dev.local traffic on the Proxy server and forward from the DMZ back into dev.local



Comments

  1. i-nortonnortonFebruary 23, 2020 at 11:16 PM

    During Norton Setup at norton.com/setup, Product key is very essential. To get the Norton Product key, scratch off the silver layer in the back of the retail card and preserve it geared up earlier than start the Norton setup. Here is a sample of Product key to make you understand: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.
    http://i-nortonnorton.com/

    ReplyDelete

Post a Comment

Popular posts from this blog

SCCM Unknown computer not able to see Task Sequences after installing Current Branch 1702

By
Soon after installing SCCM CB 1702 we were unable to see Task Sequences deployed to the unknown collection. This issue was identified as a random system taking the GUID of the 'x64 Unknown Computer (x64 Unknown Computer)' record. As a result it was now a known GUID; as we were only deploying Task Sequences to the Unknown collection none were made available. 'x64 Unknown Computer (x64 Unknown Computer)' record 'x86 Unknown Computer (x86 Unknown Computer)' record To get the GUID of your unknown systems open SQL management studio and run the following command: --Sql Command to list the name and GUID for UnknownSystems record data select ItemKey, Name0,SMS_Unique_Identifier0 from UnknownSystem_DISC Using the returned GUID (SMS_Unique_Identifier0) we can find the hostname that has been assigned the 'x64 Unknown Computer (x64 Unknown Computer)' GUID by running the query below. --x64 Unknown Computers select Name0,SMS_Unique_Identifier0,Decommissioned0 from Sys...
167 comments
Read more

KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932

By
This article outlines the protection against the publicly disclosed Secure Boot security feature bypass involving the BlackLotus UEFI bootkit (CVE-2023-24932). It includes steps to enable the necessary mitigations and provides guidance on creating bootable media. I will provide: - An overview of the CVE issue. - Pre-requisite actions within ADK. - Detection and remediation scripts for CVE-2023-24932. - Instructions for creating a WinPE Boot.wim file to support systems that have undergone remediation. - A breakdown of the files changed and how to boot WinPE to support systems before remediation. 1. Secure Boot Security Feature Bypass Vulnerability CVE-2023-24932 see MSRC CVE-2023-24932 is a security vulnerability involving the BlackLotus UEFI bootkit, which allows attackers to bypass Secure Boot protections. This vulnerability enables the execution of malicious code at the UEFI level, potentially leading to persistent and evasive threats. Mitigations for this issue include updates to th...
Post a Comment
Read more

Blackberry How to factory reset your device.

By
Here's how to FACTORY RESET the device. Install Blackberry Desktop Manager on a PC.  Connect the Blackberry to the PC with a USB cable. From a DOS prompt (command) window on the users PC (from Start - Run  type cmd <OK>  then change directory path to: C:\Program Files\Common Files\Research In Motion\Apploader     by typing cd\ (enter)  followed by cd Program Files (enter) then cd Common Files (enter)  etc etc Run the command:   Loader.exe /resettofactory That will bring the Blackberry back to the state it should be in when you get a brand new one out of the box.
Post a Comment
Read more