I have WSUS 3.2 running on Server 2008 R2 Standard. Since the guy who set this server up has left the company, I have been asked to maintain it which has and continues to be a steep learning curve for me. Hence this plea for help!
In this case, I was faced with the WSUS snap-in failing to connect locally on the server one day when doing my weekly server checks. Once I realised that WSUS was set up to use SSL for metadata, I traced this problem to a just-expired SSL certificate. After a day's web searching for how to do it, I finally succeeded in enrolling a fresh certificate (based on the web services template which seems to the one used for the original expired cert).
Problem is that I still can not connect the snap-in to the server. The error window says "The secure sockets Layer (SSL) certificate for this server could not be validated. Please verify SSL is correctly configured, or contact your network administrator if the problem persists."
I have spent two days searching through this site and many others as well as general Googling for an answer but to no avail. Gone through lots of "check this" and "check that" lists but found nothing out of order.
Relevant event log entries (i.e. never seen before the cert expiry) are:-
12052 The DSS Authentication Web Service is not working.
12032 The Server Synchronization Web Service is not working.
12012 The API Remoting Web Service is not working.
13042 Self-update is not working.
As an experiment, I set all "WSUS Administration" entries in the IIS snap-in to not require SSL. The WSUS snap-in sprang to life OK. So I can see that the SQL database and so on are still working OK. Setting the relevant entries back to requiring SSL set me back to where I was before. I used the information in this technet article to determining which entries needed SSL:- http://technet.microsoft.com/en-us/library/cc708467%28WS.10%29.aspx
I have used the WSUSUTIL utility both with the checkhealth option (which produced no log entries at all) and with the configuressl option in case the domain needed redefining after renewal. Still no luck.
For information, I am using IIS 7.5 which seems to be a newer version than many "how-to"s refer to.
I hope someone can help point me to what to try next.
