Hello People,I am becoming nuts.I have a brand-new wsus 3.0 sp2. I'm trying to setup SSL on it, and i've been stuck with the same issue for 3 days.The server name is toto.child.rootdomain.ext, and I've configured a gpo for it to be accessed via https://wsus.rootdomain.ext. The need for https is that we need to use wsus as a Software update point in SCCM native mode.I hadfirst tried to set up directly the WSUS as a SCCM SUP, but the client updates fail with the error I am still encountering.To make troubleshooting simpler, I am now only trying to set up SSL on WSUS, but still I am getting the same error in the clients' WindowsUpdate.log.I created a certificate on our CA (with certificate name = wsus.rootdomain.ext), confiured IIS with it, enabled SSL on the adequate Virtual Directories, ran the wsusutil configuressl wsus.rootdomain.ext.Still the client always fail with a 80072f0c error. I've seen many people having that error on the web, but did not find a solution.PLease find the log below. May I add that without ssl, wsus works like a charm.############### START ## AU: Search for updates#########<<## SUBMITTED ## AU: Search for updates [CallId = {DE2B0ED0-B6B2-4871-8FAE-1A4BD4F8B8BA}]*************** START ** Agent: Finding updates [CallerId = AutomaticUpdates]*********" * Online = Yes; Ignore download priority = No"" * Criteria = ""IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1""" * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed * Search Scope = {Machine}Checking for agent SelfUpdateClient version: Core: 7.4.7600.226 Aux: 7.4.7600.226Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:Microsoft signed: YesValidating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:Microsoft signed: YesValidating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:Microsoft signed: YesValidating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:Microsoft signed: YesDetermining whether a new setup handler needs to be downloadedValidating signature for C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe:Microsoft signed: YesSelfUpdate handler update NOT required: Current version: 7.4.7600.226, required version: 7.4.7600.226"Evaluating applicability of setup package ""WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.4.7600.226""""Setup package ""WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.4.7600.226"" is already installed.""Evaluating applicability of setup package ""WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226""""Setup package ""WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226"" is already installed.""Evaluating applicability of setup package ""WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226""""Setup package ""WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.4.7600.226"" is already installed."SelfUpdate check completed. SelfUpdate is NOT required.+++++++++++ PT: Synchronizing server updates +++++++++++ + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://wsus.rootdomain.ext/ClientWebService/client.asmxWARNING: Cached cookie has expired or new PID is availableInitializing simple targeting cookie, clientId = 51d3ff3f-2f60-459a-b54e-ea8b9eb78ede, target group = , DNS name = testwin7img.child.rootdomain.ext Server URL = https://wsus.rootdomain.ext/SimpleAuthWebService/SimpleAuth.asmxWARNING: Send failed with hr = 80072f0c.WARNING: SendRequest failed with hr = 80072f0c. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <> + Last proxy send request failed with hr = 0x80072F0C, HTTP status code = 0 + Caller provided credentials = No + Impersonate flags = 0 + Possible authorization schemes used = WARNING: GetAuthorizationCookie failure, error = 0x80072F0C, soap client error = 5, soap error code = 0, HTTP status code = 200WARNING: Failed to initialize Simple Targeting Cookie: 0x80072f0cWARNING: PopulateAuthCookies failed: 0x80072f0cWARNING: RefreshCookie failed: 0x80072f0cWARNING: RefreshPTState failed: 0x80072f0cWARNING: Sync of Updates: 0x80072f0cWARNING: SyncServerUpdatesInternal failed: 0x80072f0c * WARNING: Failed to synchronize, error = 0x80072F0C * WARNING: Exit code = 0x80072F0C*********** END ** Agent: Finding updates [CallerId = AutomaticUpdates]*************WARNING: WU client failed Searching for update with error 0x80072f0c>>## RESUMED ## AU: Search for updates [CallId = {DE2B0ED0-B6B2-4871-8FAE-1A4BD4F8B8BA}] # WARNING: Search callback failed, result = 0x80072F0C # WARNING: Failed to find updates with error code 80072F0C########### END ## AU: Search for updates [CallId = {DE2B0ED0-B6B2-4871-8FAE-1A4BD4F8B8BA}]#############Successfully wrote event for AU health state:0AU setting next detection timeout to 2009-12-14 20:38:40Setting AU scheduled install time to 2009-12-14 16:00:00Successfully wrote event for AU health state:0Successfully wrote event for AU health state:0REPORT EVENT: {0D434A75-5412-46FB-8BB7-4DA344C4F5B2}2009-12-14 16:38:40:259+01001148101{00000000-0000-0000-0000-000000000000}080072f0cAutomaticUpdatesFailure Software SynchronizationWindows Update Client failed to detect with error 0x80072f0c.CWERReporter::HandleEvents - WER report upload completed with status 0x8WER Report sent: 7.4.7600.226 0x80072f0c 00000000-0000-0000-0000-000000000000 Scan 101 ManagedCWERReporter finishing event handling. (00000000)

Hi,The error 0x80072f0c means A certificate is required to complete client authentication.Please perform the following steps and check if the issue goes away:1) Open IIS Manager.2) Expand the WSUS Administration Web Site.3) Select each of the virtual directories.4) In the middle pane, Select "SSL Settings" per virtual directory.5) Under "Client Certificates", make sure the option "Ignore" is selected instead of "Accept" or "Require".This posting is provided "AS IS" with no warranties, and confers no rights.

Actually, I found that out yesterday, and guess what, it works :)However, could you briefly explain why I need to set that setting to "ignore" ?All my client do have a client certificate, therefore I had thought"Accept"wold be ok.There is probably a notion that I am not understanding here...