You need to ensure that Server02 synchronizes updates from Server01

You have two Windows Server Update Services (WSUS) servers named Server01 and Server02.
Server01 synchronizes from Microsoft Update. Server02 synchronizes updates from Server01. Both
servers are members of the same Active Directory domain.
You configure Server01 to require SSL for all WSUS metadata by using a certificate issued by an
enterprise root certification authority (CA).
You need to ensure that Server02 synchronizes updates from Server01.
What should you do on Server02?

You have two Windows Server Update Services (WSUS) servers named Server01 and Server02.
Server01 synchronizes from Microsoft Update. Server02 synchronizes updates from Server01. Both
servers are members of the same Active Directory domain.
You configure Server01 to require SSL for all WSUS metadata by using a certificate issued by an
enterprise root certification authority (CA).
You need to ensure that Server02 synchronizes updates from Server01.
What should you do on Server02?

A.
From a command prompt, run wsusutil.exe configuresslproxy server02 443.

B.
From a command prompt, run wsusutil.exe configuressl server01.

C.
From a command prompt, run wsusutil.exe configuresslproxy server01 443.

D.
From the Update Services console, modify the Update Source and Proxy Server options.

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

MancaMulas

MancaMulas

C and D are both correct answers.

Source: https://technet.microsoft.com/en-us/library/hh852346.aspx#BKM_ConfigureNetworkConnections

“4.In the Command Prompt window, go to the C:\Program Files\Update Services\Tools folder. Type the following command:

wsusutil ConfigureSSLProxy [] –enable”

1.Open the WSUS Administration Console.

2.In the left pane, expand the server name, and then click Options.

3.In the Options pane, click Update Source and Update Server, and then click the Proxy Server tab.”

Reply

Nelson

Nelson

After reading the the explanation on technet, I think answer is D because: A is wrong, B is used for WSUS root server, C is used for proxy servers.
https://technet.microsoft.com/en-us/library/hh852346.aspx#bkmk_3.5.ConfigSSL
“To configure SSL on the WSUS root server

4. Wsusutil configuressl certificateName
where:
certificateName is the DNS name of the WSUS server. ”

“Configure SSL for downstream WSUS servers

4. Click Options, and then click Update Source and Proxy Server.
5. On the Update Source page, select Synchronize from another Windows Server Update Services server.
6. Type the name of the upstream server into the Server name text box. Type the port number that the server uses for SSL connections into the Port number text box.

Reply

f_idiot

f_idiot

Agreed. Just D.

Reply

Josh

Josh

Thanks Nelson, was confused here

Reply

Reeyon

Reeyon

But question asked, what should we do on Server2? Not on Server 1.

For me i will go for C. SSL proxy command.

D is used for HTTP proxy.

Reply

testtaker

testtaker

Absolutely just D.

tested in my lab environment.

the whole procedure is as follows:

To force WSUS connectivity to use HTTPS you need 3 things:

1. Configure the WSUS virtual directories in IIS on the upstream server to require SSL
2. Bind the WSUS website on port 8351 to a server certificate
3. Configure the WSUS service on the Upstream server to use port 8351 and the Server name on the certificate (wsusutil configuressl )
4. Configure the downstream server to start a WSUS connection on port 8351, to use the server name as on the certificate and to use SSL

Step 4 can be achieved with:

GUI
Update Services console, modify the Update Source
PS
Wsussyncronizationserver -UssServername -usessl

Reply

testtaker

testtaker

full command

wsusutil configuressl [name as on the certificate]

Reply