I encountered an error loading the WSUS Console after I deployed some organization-mandated reconfigurations to the IIS server that supports WSUS. As I found the solution myself and did not see this anywhere else online, I figured documenting it here may help others.
My environment was Windows Server 2019 running in a virtual machine and hosting only what the default WSUS installation provides.
—
After deploying IIS reconfigurations, the WSUS Console fails with an error that reads like this:
The WSUS administration console was unable to connect to the WSUS Server via the remote API. Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC. System.IO.IOException — The handshake failed due to an unexpected packet format. Source System Stack Trace: at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) ** this exception was nested inside of the following exception ** System.Net.WebException — The underlying connection was closed: An unexpected error occurred on a send. Source Microsoft.UpdateServices.Administration Stack Trace: at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args) at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings) at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer() at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()
This is addressed in multiple places online, however, none of the solutions I found worked. The error appears to have something to do with SSL configurations, but in my case, this was a red herring. After following the advice online, including deleting the WSUS file in %appdata%\Microsoft\MMC. System.IO.IOException as the error suggests, I was unable to get the console to connect.
Best Answer
In my specific case, it had to do with my requirements disallowing "Unlisted File Name Extensions" on the WSUS Administration website inside IIS. You can set this by opening the IIS console, clicking the "WSUS Administration" site, clicking "Request Filtering" icon within the IIS settings group of the site, then clicking "Edit Feature Settings" on the right side of that request filtering menu.
Upon checking the box to "Allow Unlisted File Name Extensions" again, I was able to get the site to work. I am documenting this here in the event someone else experiences a similar issue.