Using WSUS Admin Console from outside domain
If your end goal is to use PowerShell, have you attempted to make use of modules such as PoshWSUS and/or use PS remoting to the servers in question and run commands via that? This is how we manage multiple WSUS servers. They aren't on domains, just workgroups, but it works just fine. I would just verify that you have all required TCP ports open for communication.
http://msdn.microsoft.com/en-us/library/windows/desktop/ee706585(v=vs.85).aspx
Related videos on Youtube
Abhinav K.K
I am a solution engineer. I focus on automating integration between products. I work with PowerShell, Python, and C#.
Updated on September 18, 2022Comments
-
Abhinav K.K over 1 year
Environment:
I have a workstation on our primary domain. We have a primary WSUS Server that is the upstream server of 8 different testing domains. The Primary WSUS server is not part of any domain. Routing is configured between my workstation and the Primary WSUS server. I can RDP to the Primary WSUS sever without any problem. The router is configured to forward
any any
between my workstation and the Primary WSUS server. This WSUS server cannot be part of a domain due to external requirements (I can't change them) on the lab I work in. The version of WSUS is WSUS 3.0 SP 2What I want to do:
I need to connect to the WSUS server with the WSUS Admin console from my local workstation. The end goal is to connect via Powershell and manage with that. I also need to take what I do here and port it to the 8 test domains so I can manage those WSUS servers. The routing is all in place so I can talk to the servers, it's just connecting to the WSUS console that is causing problems.
The problem:
I cannot get my workstation to connect to the WSUS Console.
I get one of the following errors depending on the setup.
1st error:
Cannot connect to 'WSUS'. You do not have the permissions required to access this WSUS server. To connect to the server you must be a member of the WSUS Administrators or WSUS Reporters security groups
I also get the warning
7012
from the event log that says the same thing.2nd error:
Cannot connect to 'WSUS'. The server may be using another port or different Secure Sockets Layer setting.
What I have tried:
So far I have configured IIS for
Anonymous Authentication
on both theWSUS Administration
andApiRemoting30
using an account will callWSUS_User
. With this in place, I get the 1st error. When I do this though, the local WSUS Console cannot be used either.Reverting back to only
Windows Authentication
allows the local console to work, but the remote console now give the 2nd error.I have confirmed the port, and that there is no
SSL
in use (which is a policy that is pushed from above, that I cannot effect).I have placed
WSUS_User
in the groups mentioned above, but it still does not connect.
I made sureWSUS_User
has full access onC:\Program Files\Update Services
andC:\Program Files\Update Services\WebServices
I am not very familiar with the workings of WSUS or IIS, and have gone as far as I can figure out on my own. Googling these errors all take me to the same steps about
Anonymous Authentication
and configuring permissions on folders.-
John Gardeniers over 11 yearsPlease don't cross-post. It will no doubt get sent back here from SO because this is not a programming question, resulting in duplicate questions.
-
Abhinav K.K over 11 yearsCross-post deleted.
-
-
Abhinav K.K over 11 yearsI tried this, and it still gives the same errors.
-
Abhinav K.K over 11 yearsI have verified the ports are open all the way through. The traffic gets to the WSUS server, it just won't connect. I was using PoshWSUS and getting the same results, so I went to the console to see what I could do with that. I haven't tried the PS remoting because several of the domains are still Windows 2003 that don't have PowerShell installed, and I can't install it on them due to requirements of the domain.