{"id":10348,"date":"2019-07-04T12:32:28","date_gmt":"2019-07-04T10:32:28","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=10348"},"modified":"2021-01-24T11:56:02","modified_gmt":"2021-01-24T10:56:02","slug":"wsus-endpoint-decommissioned-sha2-update-required","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/07\/04\/wsus-endpoint-decommissioned-sha2-update-required\/","title":{"rendered":"WSUS: Endpoint decommissioned; SHA2 update required"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2013\/03\/winb.jpg\" width=\"58\" align=\"left\" height=\"58\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/07\/04\/wsus-sccm-endpunkt-wird-abgeschaltet-sha2-update-beachten\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]A brief note for corporate administrators who distribute updates using WSUS. Microsoft shuts down an endpoint before the next patchday. I would also like to remind you of the SHA2 migration issue. <\/p>\n<p><!--more--><\/p>\n<h2>WSUS: Synchronization endpoint is decommissioned<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/3014bad135ba464da68ee8bce2b733fc\" width=\"1\" height=\"1\">Windows Server Update Services (WSUS) uses certain server URLs to synchronize updates. Now I have been alerted by the following tweet that Microsoft will disable such a synchronization endpoint for the upcoming patchday.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">HEADS UP ENTERPRISE FOLKS, using SCCM &amp; WSUS:<br \/>EP SYNC being Decommissioned.<\/p>\n<p>Thank You: <a href=\"https:\/\/twitter.com\/MPECSInc?ref_src=twsrc%5Etfw\">@MPECSInc<\/a><\/p>\n<p>ICYMI: <a href=\"https:\/\/twitter.com\/SBSDiva?ref_src=twsrc%5Etfw\">@SBSDiva<\/a> <a href=\"https:\/\/twitter.com\/AdminKirsty?ref_src=twsrc%5Etfw\">@AdminKirsty<\/a> <a href=\"https:\/\/twitter.com\/thurrott?ref_src=twsrc%5Etfw\">@thurrott<\/a> <a href=\"https:\/\/twitter.com\/maryjofoley?ref_src=twsrc%5Etfw\">@maryjofoley<\/a> <a href=\"https:\/\/twitter.com\/bdsams?ref_src=twsrc%5Etfw\">@bdsams<\/a> <a href=\"https:\/\/twitter.com\/mehedih_?ref_src=twsrc%5Etfw\">@mehedih_<\/a> <a href=\"https:\/\/twitter.com\/ruthm?ref_src=twsrc%5Etfw\">@ruthm<\/a> <a href=\"https:\/\/twitter.com\/SwiftOnSecurity?ref_src=twsrc%5Etfw\">@SwiftOnSecurity<\/a> <a href=\"https:\/\/twitter.com\/pcper?ref_src=twsrc%5Etfw\">@pcper<\/a> <a href=\"https:\/\/twitter.com\/MalwareJake?ref_src=twsrc%5Etfw\">@MalwareJake<\/a> <a href=\"https:\/\/twitter.com\/JobCacka?ref_src=twsrc%5Etfw\">@JobCacka<\/a> <a href=\"https:\/\/twitter.com\/etguenni?ref_src=twsrc%5Etfw\">@etguenni<\/a><a href=\"https:\/\/t.co\/2BEArylkU7\">https:\/\/t.co\/2BEArylkU7<\/a><\/p>\n<p>1\/3<\/p>\n<p>\u2014 Crysta T. Lacey (@PhantomofMobile) <a href=\"https:\/\/twitter.com\/PhantomofMobile\/status\/1146546562153103360?ref_src=twsrc%5Etfw\">3. Juli 2019<\/a><\/p><\/blockquote>\n<p><span id=\"preserve69485f7ddd2647f4b3898170f8913b95\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>Microsoft announced within the Techcommunity article<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Configuration-Manager-Blog\/WSUS-synchronization-endpoint-being-decommissioned-on-Monday\/ba-p\/737039\" target=\"_blank\" rel=\"noopener noreferrer\">WSUS synchronization endpoint being decommissioned on Monday, July 8<\/a>, that the endpoint:<\/p>\n<p><em>fe2.update.microsoft.com<\/em><\/p>\n<p>will be decommissioned (shut down) next Monday, July 8, 2019. This URL will no longer be available for WSUS. For WSUS servers that are still configured for the old endpoint, this change should result in a one-time slow synchronization (typically only a few minutes), since the WSUS server automatically switches to the new endpoint. <\/p>\n<p>Although the change should take place automatically, it is recommended to keep an eye on it as an administrator. If synchronization errors occur after Monday, those affected will find hints in KB article <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4482416\/wsus-synchronization-fails-with-soapexception\" target=\"_blank\" rel=\"noopener noreferrer\">4482416<\/a> &#8211; <em><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4482416\/wsus-synchronization-fails-with-soapexception\" target=\"_blank\" rel=\"noopener noreferrer\">WSUS synchronization fails with SoapException<\/a>&nbsp;<\/em>to check whether they are affected by the problem. If this is the case, there are also instructions to fix it. <\/p>\n<h2>Note the mandatory SHA2 update for Win 7\/Server 2008<\/h2>\n<p>Microsoft had announced in 2018 that it would only add SHA-2 signatures to its Windows updates from mid-2019 onwards &#8211; signing with SHA-1 would then no longer be necessary for security reasons. I had in the article <a href=\"https:\/\/borncity.com\/win\/2018\/11\/21\/windows-7-from-april-2019-sha-2-support-is-required\/\">Windows 7: From April 2019 'SHA-2-Support' is required<\/a> is needed and reported in further blog posts (see article end) about it.<\/p>\n<p>Users of Windows 7 SP1 (as well as its server counterparts) and WSUS will need a special update from April 2019, which upgrades the machine for SHA2 code signatures. Without this update, these machines will not be able to process new updates in the future. As of March 12, 2019, Microsoft provided the required updates for Windows 7 SP1 and Server 2008\/R2 as part of the patchday.<\/p>\n<p>For Windows Server Update Services, Microsoft provided the standalone update <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4484071\" target=\"_blank\" rel=\"noopener noreferrer\">KB4484071<\/a> for WSUS 3.0 SP2 (SHA-2 Support for Windows Server Update Services 3.0 SP2), according to <a href=\"https:\/\/web.archive.org\/web\/20201231202502\/https:\/\/support.microsoft.com\/en-us\/help\/4472027\/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus\" target=\"_blank\" rel=\"noopener noreferrer\">this support article<\/a>. This upgrades the SHA-2 support for WSUS 3.0 SP2. Administrators using WSUS 3.0 SP2 must manually install this update by June 18, 2019. Now it is ensured that updates for Windows 7 and Windows Server 2008\/R2 can be distributed via WSUS 3.0 SP2. The prerequisite for manual installation of update KB4484071 is that the following updates:<\/p>\n<ul>\n<li>Windows Monthly Rollup <a href=\"https:\/\/support.microsoft.com\/de-de\/help\/4489880\" target=\"_blank\" rel=\"noopener noreferrer\">KB4489880<\/a> (or later) for Windows Server 2008 SP2\n<li><a href=\"https:\/\/support.microsoft.com\/de-de\/help\/4489878\" target=\"_blank\" rel=\"noopener noreferrer\">KB4489878<\/a> (or later) for Windows Server 2008 R2 SP1\n<li>and .NET 3.5 were previously installed.<\/li>\n<\/ul>\n<p>If this is ignored, errors may occur during installation. Microsoft also recommends backing up the WSUS database before installing these updates. If you have considered this, you can look forward to the July patchday on Tuesday, July 9, 2019.  <\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2019\/02\/18\/sha-2-patch-for-windows-7-arrives-on-march-2019\/\">SHA-2 patch for Windows 7 arrives on March 2019<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2018\/11\/21\/windows-7-from-april-2019-sha-2-support-is-required\/\">Windows 7: From April 2019 'SHA-2-Support' is required<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A brief note for corporate administrators who distribute updates using WSUS. Microsoft shuts down an endpoint before the next patchday. I would also like to remind you of the SHA2 migration issue.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1547,22,2],"tags":[570,195,194,569],"class_list":["post-10348","post","type-post","status-publish","format-standard","hentry","category-software","category-update","category-windows","tag-sccm","tag-update","tag-windows","tag-wsus"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=10348"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10348\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=10348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=10348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=10348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}