Consider the following scenario:
- On the top-level site server, you have a site system role installed that requires Internet access such as the service connection point. Or, you have configured such cloud services as Microsoft Store for Business or the cloud management gateway (CMG).
- You have a proxy server configured for the top-level site server.
- You have a remote software update point (SUP) configured for the top-level site.
In this scenario, software update synchronization fails, and the following error entry is logged in WCM.log on the site server:
Attempting connection to WSUS server: REMOTESUP.CONTOSO.COM, port: 8530, useSSL: False
Remote connection failed with exception 'System.Net.WebException: The request failed with HTTP status 504: Gateway Timeout.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)'. Attempting to bypass proxy
System.InvalidCastException: Unable to cast object of type 'Microsoft.ConfigurationManager.CloudBase.CMWebProxy' to type 'System.Net.WebProxy'.~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)
Remote configuration failed on WSUS Server.~
Note Sometimes, the error entry contains "HTTP status 502: Bad Gateway" instead of "HTTP status 504: Gateway Timeout."
This issue occurs because the site server incorrectly uses the proxy server when it connects to the remote SUP.
To work around this issue without updating, use one of the following methods:
- Move the SUP role to the site server.
Note If you have more than one SUP at the top-level site, use either of the other methods.
- Move the site system roles that require internet access to a remote server, and then remove the proxy configuration from the site server.
- Temporarily set the proxy server to allow routing traffic from the site server to the remote SUP.