Jay Paloma's Tech and Music Blog

Sometimes, this writer can no longer distinguish between the two.

ConfigMgr Automatic Deployment Rule Fails with Error Code 1326 if Source WSUS is not a Domain Member

leave a comment »


Behavior

ConfigMgr infrastructure uses a WSUS server in the DMZ which is not a member of the domain, as shown in the figure below:

SCCM ADR WSUS DMZ

If you use Automatic Deployment Rule, the sync fails with the following:

  • Error code 0X87D20417 in the SCCM Console
  •  “Failed to download the update from UNC content source. Error = 1326” in ruleengine.log.
Console Error annotate

Configuration Manager Console Automatic Deployment Rules showing error code 0X87D20417

 

Error 1326 Bigger

ruleengine.log showing error 1326

Meanwhile, patch metadata is successfully transferred over to ConfigMgr when you sync software updates. Manual patch synchronization by downloading to the Deployment Package is also successful

Cause

The top-level ConfigMgr server attempts to access the shared WsusContent folder in your DMZ WSUS using the computer account of your Primary Site Serveror CAS, and fails because it is denied access. On your DMZ WSUS, you cannot grant access to the CAS or Primary Site Server or make them a member of any local group.

Resolution

You can choose from one of the following options if you intend to use Automatic Deployment Rules

  1. 1. Copy the contents of \\dmz_wsus\WsusContent to a shared location which is accessible to your top-level ConfigMgr server (CAS or Primary Site Server), and sync the ADR from that location
  2. Make the DMZ WSUS server a member of the domain and ensure that the top-level Site Server (CAS or Primary Site Server) is a member either of the local Administrators group or the WSUS Administrators group.

Remember, this is only an issue if you use ADR. I haven’t done testing on a normal non user-initiated SCCM update sync. You might want to give me feedback if this error shows up on non user-initiated update sync.

Products

  • System Center 2012 R2 Configuration Manager SP1
  • Windows Server 2012 R2

jay paloma  |  1 may 2016  |  singapore

This post is provided “AS-IS” and makes no warranties and confers no rights

Advertisements

Written by jpaloma

May 1, 2016 at 9:29 AM

Posted in Configuration Manager, SCCM

Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: