Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5081
Views
0
Helpful
4
Replies

Issue Resolving WSUS Server Across VPN

Go to solution
wframbes1
Level 1
Level 1

‎03-25-2011 07:35 AM - edited ‎02-21-2020 04:17 AM

Hello All,

I have 18 sites connected by cisco SA520's to our main office via broadband connections. I can ping my primary server from the remote sites. I have GPO's that are writing to my remote XP SP3 computers telling them the name of my wsus server http://my-server but they are not logging on the wsus server for windows updates. When I open an IE window on a remote computer and type in http://my-server I get the Cisco admin page A DNS error occurred while opening the page.

The Cisco device is a DHCP server, has my main office DNS and WINS servers IP addresses under the LAN settings. Clients are getting DNS and WINS entries at the remote sites for my main site.

Any help would be greatly appreciated.

Thanks,

Willis

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
stevjarbeck
Level 1
Level 1
In response to wframbes1

‎03-27-2011 01:03 PM

With the FQDN you still recieve the DNS error and the Cisco admin page is displayed?  When you do a nslookup what IP address does it resolve to and is this the correct IP address of your wsus server?


Is that server being NAT'ed outside?  Is this a seperate machine or does WSUS reside on the DC itself?  Do you have any other services such as sharepoint installed on the same server?  Did you install WSUS on a different port such as 8530?  Did you modify the host header of the WSUS IIS entry?


http://support.microsoft.com/default.aspx?scid=kb;en-us;294382


http://www.wsuswiki.com/WSUSServerFAQ


Check the port of WSUS:  http://technet.microsoft.com/en-us/library/bb632477.aspx


Verify that WSUS is assigned an IP address in IIS.  Verify that port 80,443, and or 8530 are open in the firewall.


From what you mentioned previously it appears the address is being resolved to the address of the ASA which is why you receiving the Cisco Admin page.


From a remote client do a nslookup and verify that it is resolving correctly.  If it is do a tracert and verify that it is going across the tunnel.  Post a scrubbed running-config.  Also in GPO you can use just the IP address of the server ex: http://10.10.10.15 or http://10.10.10.15:8530.


Is this the only DNS issue you are experiencing?  Is group policy being processed correctly?  Have you checked eventvwr.exe for any additonal errors?

View solution in original post

0 Helpful
4 Replies 4

Go to solution
stevjarbeck
Level 1
Level 1

‎03-26-2011 09:07 PM

Have you tried using the fully qualified domain name (FQDN)?  Instead of using http://wsus use http://wsus.domain.local using the FQDN.  Let me know if that works.

Steve

0 Helpful

Go to solution
wframbes1
Level 1
Level 1
In response to stevjarbeck

‎03-27-2011 12:34 PM

Hello Steve,

I tried that but received the same error.

Willis

0 Helpful

Go to solution
stevjarbeck
Level 1
Level 1
In response to wframbes1

‎03-27-2011 01:03 PM

With the FQDN you still recieve the DNS error and the Cisco admin page is displayed?  When you do a nslookup what IP address does it resolve to and is this the correct IP address of your wsus server?


Is that server being NAT'ed outside?  Is this a seperate machine or does WSUS reside on the DC itself?  Do you have any other services such as sharepoint installed on the same server?  Did you install WSUS on a different port such as 8530?  Did you modify the host header of the WSUS IIS entry?


http://support.microsoft.com/default.aspx?scid=kb;en-us;294382


http://www.wsuswiki.com/WSUSServerFAQ


Check the port of WSUS:  http://technet.microsoft.com/en-us/library/bb632477.aspx


Verify that WSUS is assigned an IP address in IIS.  Verify that port 80,443, and or 8530 are open in the firewall.


From what you mentioned previously it appears the address is being resolved to the address of the ASA which is why you receiving the Cisco Admin page.


From a remote client do a nslookup and verify that it is resolving correctly.  If it is do a tracert and verify that it is going across the tunnel.  Post a scrubbed running-config.  Also in GPO you can use just the IP address of the server ex: http://10.10.10.15 or http://10.10.10.15:8530.


Is this the only DNS issue you are experiencing?  Is group policy being processed correctly?  Have you checked eventvwr.exe for any additonal errors?

0 Helpful

Go to solution
wframbes1
Level 1
Level 1
In response to stevjarbeck

‎04-07-2011 05:04 AM

Hello Steve,

The answer was in WSUS. I set the port to 8530. There was another site running on the same server and my thought was all internet goes out locally from the SA520, so having the sus set at port 80 was the issue.

Thank you very much for your time.

Willis

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card