Windows Update Client does not scan against WSUS 3.0 SP2 if HTTPS is configured and TLS 1.2 is not enabled

Summary

Some computers that have the Windows 8.1 and Windows Server 2012 R2 Update (KB 2919355 ) installed stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2)-based servers that are configured to use HTTPS and do not have TLS 1.2 enabled.

This problem occurs only when the following conditions are true:
  • The computer is running Windows 8.1 or Windows Server 2012 R2 and has the KB 2919355 update installed.
  • The computer is managed by a WSUS 3.2-based server.
  • WSUS 3.2 server is configured to have the managed clients communicate with the WSUS server over HTTPS by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
  • The WSUS 3.2 server does not support the TLS 1.2 protocol.

How to check whether the problem applies to your environment

Are you using or do you plan to use WSUS 3.2 to manage Windows 8.1-based or Windows Server 2012 R2-based computers?

  • If your answer is no, you are not affected by this problem, and you can skip the rest of this article.
  • If your answer is yes, you should read the rest of this section to see whether you are affected.
Note If you are using the WSUS Server role on Windows Server 2012 or Windows Server 2012 R2 to manage Windows 8.1 or Windows Server 2012 R2-based devices, you are not affected by this problem.

Did you configure the WSUS 3.2-based server so that managed computers communicate with the WSUS-based server over HTTPS?

  • If your answer is no, you are not affected by this problem, and you can skip the rest of this article.
  • If your answer is yes, you should read the rest of this section to see whether you are affected.

Is TLS 1.2 supported and enabled on your WSUS 3.2-based server?

How to check whether TLS 1.2 is supported and enabled
How to check whether TLS 1.2 is supported and enabled
  • If your answer is yes, you are not affected by this problem, and you can skip the rest of this article.
  • If your answer is no, you are affected by this problem.

How to prevent the problem in your environment

Deploy the revised Windows 8.1, Windows Server 2012 R2 Update (KB 2919355)

Microsoft has released a revised Windows 8.1 and Windows Server 2012 R2 Update (KB 2919355) that addresses this problem. The revised update is now available on WSUS and the Microsoft Download Center.

Note If you use the volume license media that is provided by Microsoft and that is integrated with the KB 2919355 update to deploy Windows 8.1 or Windows Server 2012 R2, you should apply the KB 2959977 update to the image before you deploy. You can follow the steps in the following Microsoft TechNet topic to apply the KB 2959977 update for Windows 8.1 and Windows Server 2012 R2:

If you manage computers that are currently affected by the problem that is discussed in this article, you can obtain and deploy the following stand-alone update package from the Microsoft Download Center. For more information, go to the Microsoft Download Center, and then search for KB2959977.

Operating systemUpdate
All supported x86-based versions of Windows 8.1Download Download the package now.
All supported x64-based versions of Windows 8.1Download Download the package now.
All supported x64-based versions of Windows Server 2012 R2Download Download the package now.
Release Date: April 15, 2014

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Özellikler

Makale No: 2959977 - Son İnceleme: 17 Nis 2014 - Düzeltme: 1

Geri bildirim