SCCM 1606. Software Updates Deployment fails after enabling HTTPS

After I have enabled HTTPS on every SCCM 1606 component all my windows update client just suddenly stopped working. Windows Update check stopped with “0x80244019”

WindowsUpdate.log on a client side:
2016/11/21 13:13:00.7947333 1396 5228 WebServices Auto proxy settings for this web service call.
2016/11/21 13:13:00.8137726 1396 5228 WebServices Auto proxy settings for this web service call.
2016/11/21 13:13:00.8267772 1396 5228 WebServices WS error: There was an error communicating with the endpoint at ‘’.
2016/11/21 13:13:00.8267778 1396 5228 WebServices WS error: The server returned HTTP status code ‘404 (0x194)’ with text ‘Not Found’.
2016/11/21 13:13:00.8267778 1396 5228 WebServices WS error: The requested resource was not found.
2016/11/21 13:13:00.8267787 1396 5228 WebServices Web service call failed with hr = 80244019.
2016/11/21 13:13:00.8267787 1396 5228 WebServices Current service auth scheme=0.
2016/11/21 13:13:00.8267790 1396 5228 WebServices Current Proxy auth scheme=0.

Ok, lets troubleshoot:

netsh winhttp show proxy

Current WinHTTP proxy settings:

Direct access (no proxy server). – reachable – reachable

Clients/DMZ firewalls were fine also

After some useless googling I’ve found this Microsoft TechNet thread .
And last replay was: “Whats in WCM.log on the SUP? Was KB3159706 recently installed? If you do, there is some post installation steps”. Interesting. I checked updates on my SCCM server and I found KB3159706 installed there. Great. Let me copy-paste from the article:

Manual steps required to complete the installation of this update

Open an elevated Command Prompt window, and then run the following command (case sensitive, assume “C” as the system volume):

“C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing

Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.

HTTP activation
Restart the WSUS service.

If SSL is enabled on the WSUS server

Assign ownership of the Web.Config file to the administrators group (run at an elevated command prompt):
cd “C:\Program Files\Update Services\WebServices\ClientWebService\”
takeown /f web.config /a

icacls “C:\Program Files\Update Services\WebServices\ClientWebService\Web.config” /grant administrators:f

Locate the Web.Config file in the following path:
C:\Program Files\Update Services\WebServices\ClientWebService\Web.Config
Make the following changes in the file.

Note This code sample represents a single text block. The line spacing is used only to emphasize the text changes, which are shown in bold.

                  These 4 endpoint bindings are required for supporting both http and https
                <endpoint address=""
                        contract="Microsoft.UpdateServices.Internal.IClientWebService" />
                <endpoint address="secured"
                        contract="Microsoft.UpdateServices.Internal.IClientWebService" />
               <endpoint address=""
                        contract="Microsoft.UpdateServices.Internal.IClientWebService" />
                <endpoint address="secured"
                        contract="Microsoft.UpdateServices.Internal.IClientWebService" />

Add the multipleSiteBindingsEnabled=”true” attribute to the bottom of the Web.Config file, as shown:

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />


Leave a comment

You must be logged in to post a comment.