This document will help you identify and correct WSUS connection issues caused by an expire self-signed SSL certificate.
1. You see the following popup message when you navigate to Software Library > Software Updates > Shavlik Patch.
2. You see the following popup message when you navigate to Shavlik Patch > Setting.
"Failed to connect to the WSUS server. Please verify the server name, port number and SSL setting."
3. You see the following popup message when clicking on the Test Connection button in the Shavlik Patch > Settings > WSUS Server tab.
"The WSUS server could not be contacted. Please confirm the server name and port number. Verify that your account is a member of the WSUS Administrator group on the WSUS server."
Your self-signed SSL certificate has expired.
The resolution to this issue will vary depending who you originally created your SSL certificate. We will be covering one possible fix in this document.
1. Open IIS on the SCCM/WSUS server and click on your server name under Connections.
2. Answer the popup. Choosing 'No' is a viable answer.
3. Double-click on Server Certificates in the middle pane.
4. Click on Create Self-Signed Certificate.
5. Enter a friendly name for the new certificate.
6. Choose Web Hosting in the drop down menu then click OK.
7. Under the Connections pane, expand the tree under your server name then expand Sites.
8. Click on WSUS Administration and then Bindings... in the far right pane.
9. Click on the HTTPS binding and then click Edit.
10. Choose the new SSL certificate under the SSL certificate drop down menu.
11. Click OK and then Close on the next screen.
12. Open SCCM and monitor for any issues described in the Symptoms section.