Symptoms

Consider the following scenario:

  • On the top-level site server, you have a site system role installed that requires Internet access such as the service connection point. Or, you have configured such cloud services as Microsoft Store for Business or the cloud management gateway (CMG).

  • You have a proxy server configured for the top-level site server.

  • You have a remote software update point (SUP) configured for the top-level site.

In this scenario, software update synchronization fails, and the following error entry is logged in WCM.log on the site server:

Attempting connection to WSUS server: REMOTESUP.CONTOSO.COM, port: 8530, useSSL: False 
Remote connection failed with exception 'System.Net.WebException: The request failed with HTTP status 504: Gateway Timeout.~~   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)'. Attempting to bypass proxy 
System.InvalidCastException: Unable to cast object of type 'Microsoft.ConfigurationManager.CloudBase.CMWebProxy' to type 'System.Net.WebProxy'.~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) 
Remote configuration failed on WSUS Server.~ 


Note Sometimes, the error entry contains "HTTP status 502: Bad Gateway" instead of "HTTP status 504: Gateway Timeout."

Cause

This issue occurs because the site server incorrectly uses the proxy server when it connects to the remote SUP.

Resolution

To fix this issue, update to Configuration Manager current branch version 1906.

Workaround

To work around this issue without updating, use one of the following methods:

  • Move the SUP role to the site server.

    Note If you have more than one SUP at the top-level site, use either of the other methods.

  • Move the site system roles that require internet access to a remote server, and then remove the proxy configuration from the site server.

  • Temporarily set the proxy server to allow routing traffic from the site server to the remote SUP.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×