Internet MP WSUS SSL

I have a CS and 2 Primary sites and about 40 secondary sites. I am now looking at getting a 3 Primary Site but just for Internet MP and updates. this will have clients that never see the light of the office or untrusted workgroup\domain PC's from acquisitions.
my question is if my CAS and Primaries are not using SSL for WSUS and I introduce the Internet MP and use SSL is there a syncing issue or do they all have to be change to SSL?

You mean stating that you don't need to convert the whole site to HTTPS? Something like with the question
Where are the supported scenarios and network diagrams for Internet-based client management that you had for Configuration Manager 2007? here:
http://technet.microsoft.com/en-us/library/gg682088.aspx#FAQ_Sites_And_Hierarchies
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude

Similar Messages

WSUS - SSL and DMZ servers - 0x80072f8f

Hello,
First of all sorry for my english.
I've got error 0x80072F8F when i try to use WSUS (that is in the internal network) on my DMZ's servers.
Wsus server is a Wsus 3.0 SP1 on Windows 2003 (SSL enabled on port 8531)
DMZ's servers are Windows 2008 R2
1 - I have installed the root certificate of my PKI on the trust root certificate store of the DMZ's servers
2 - I have modified the Hosts file of the DMZ's servers for name resolution of the internal WSUS server therefore the wsus web certificate subject match the Wsus URL of the DMZ's servers.
3 - I created firewall rule for open the communications on port 8531 between DMZ's servers and Wsus server
4 -I created firewall rule for the download of the Certificate revocation list (of the WSUS certificate) by the DMZ's servers
5 - I am able to download
https://wsusserver/selfupdate/wuident.cab and there is no certificate error
6 - I am able to dowload the CRL of the WSUS certificate
7 - There is no time difference between Wsus server and DMZ's servers
But after all that when i run a 'wuauclt /detectnow' the DMZ's servers failed on the SelfUpdate check with error 0x80072F8F
anyone have a idea ?
WindowsUpdate.log :
WARNING: Send failed with hr = 80072f8f.
WARNING: SendRequest failed with hr = 80072f8f. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
WARNING: WinHttp: SendRequestUsingProxy failed for <https://WSUSserver:8531/selfupdate/wuident.cab>. error 0x80072f8f
WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072f8f
WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072f8f
WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072f8f
FATAL: SelfUpdate check failed, err = 0x80072F8F

Wsus server is a Wsus 3.0 SP1 on Windows 2003 (SSL enabled on port 8531)
The first step here is to either properly identify the actual version of WSUS in use, or to apply all of the required patches.
5 - I am able to download
https://wsusserver/selfupdate/wuident.cab and there is no certificate error
WARNING: WinHttp: SendRequestUsingProxy failed for <https://WSUSserver:8531/selfupdate/wuident.cab>. error 0x80072f8f
The second problem here is that SSL should *NOT* be used on the /selfupdate v-dir, so it seems that you have not properly configured the WSUS SSL implementation. Please refer to
Secure WSUS with the Secure Sockets Layer Protocol for the proper procedures.
Note also that there is a known issue with the April Update for Win8.1/WS2012R2 and WSUS SSL environments, so if you have Win8.1/WS2012R2 systems, since installing the update is fundamentally required, you should consider deferring the implementation of
SSL on WSUS until the patch for that issue is released.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Problems when trying to surf the Internet through a SSL VPN tunnel

Hi,
I have a small/big problem, I have a customer who have the need for the possibility to surf the internet through the SA500W when they are connected through a SSL VPN tunnel in to their network. I am not using a Split Tunnel. What I have seen until now, when you run IPCONFIG/ALL the default gateway for the SSL VPN IP settings is 0.0.0.0. Is this the problem and if so, how can this be solved?
Thanks in advance!
Brg
Niklas Eklov

There are various causes for this error, see [[Firefox is already running but is not responding]] for details.

Windows Updates from Internet or Wsus Server

Hi
We have licenced software for windows 2008r2,windows 7and office.
We are trying to install the update from Internet or from Sus server but we are not going through
Devdatta

Hi Devdatta,
What's the meaning? Did you want to install the Windows update for your computer?
You can obtain the updates from Windows Update:
Windows Update
http://windows.microsoft.com/en-IN/windows7/products/features/windows-update
How did you get the updates, download from Internet Explorer manually?
What's the error message or symptom when you attempt to install them?
Meanwhile, I suggest you refer to this article to fix your problem.
Troubleshoot problems with installing updates
http://windows.microsoft.com/en-in/windows/troubleshoot-problems-installing-updates#1TC=windows-7
Karen Hu
TechNet Community Support

WSUS clients on the internet

Can someone please point me to a complete article on setting up an internet facing WSUS server. I have been tasked with getting a WSUS server up and running and I need to know all of the steps required to get lots of POS systems using the WSUS server
for regular updates.
Thanks,
James

We are in need of finding a way to automate this process and acquire control of the patching process as the type that WSUS would give us.
It's good that you have already confirmed that your Windows Embedded Clients are WSUS-ready.
Beyond that, patching a Windows Embedded System works in exactly
the same way as it would for any other desktop or server operating system.
Have you ever deployed/configured WSUS to update a regular Windows system? If not, I would strongly encourage you to set up a test environment with WSUS using a normal client before you add the complications of an Embedded System client. This is because
diagnostic tools available for the Embedded Client are severely restricted from what are available on a regular Windows Desktop OS, and knowing how to troubleshoot client connectivity with, and without, those tools will almost certainly be a critical
component of a successful implementation to patch Point Of Sale systems.
As Milos has already suggested, for information on how this is done administratively and operationally you should review the WSUS Operations Guide.
For information on how to deploy WSUS and configure the clients, you'll need to review the WSUS Deployment Guide which is available in the same document collection as the OpsGuide -- from the link provided previously.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Best Practice to clean up WSUS content no longer needed

I have been researching this for days and probably have about 10 hours invested in trying to come to a conclusion and now want some feedback from this group. Below you will find everything I think you might need about my current configuration. I originally
installed my first WSUS server in 2006.Over the years I added new products as needed, changed to express files (seems to have been a bad decision), unselected products no longer needed, and when version 3 came out began running the cleanup wizard monthly.
I have never declined any updates myself and only approved those showing as needed. I watched my content grow to about 65 GB then decided to migrate to a new server. I followed this procedure which worked very well:
http://exchangeserverpro.com/how-to-move-wsus-30-to-a-new-server
After the migration I tested a round of updates and everything was working fine. Then I added Windows Server 2008 (only have one server with this OS) and SQL Server 2008 R2 (only have one server with this OS) products and was amazed when my content went
up to over 100 GB. I decided to remove those two products since only one server needs them and I could update it direct from MS instead thinking it would be easy to recover the space. Was I in for a surprise. No real easy way to do that. From my research these
seem to be the options to do a good clean up on all unneeded content. What do you suggest as the best way for me to proceed?
Option 1: uninstall and re-install fresh
Option 2: reset the content following this procedure:
http://blogs.technet.com/b/gborger/archive/2009/02/27/what-to-do-when-your-wsuscontent-folder-grows-too-large.aspx
Option 3: reset the content following this procedure: (I tested this on my old server and steps 1-4 took about 90 minutes)
1. Decline all previously approved updates. (Yes, all of them. Even the ones you want.)
2. Run the cleanup wizard -- this will remove files in the WsusContent folder.
3. Change the approval of all DECLINED updates from declined to "Not Approved" (and apply inheritance).
4. Run the cleanup wizard again -- this will decline all expired updates.
5. Re-approve needed updates. Content will be re-downloaded.
I do plan to remove the express files option first to reduce the amount of space needed for storage. If you see anything else in my config that should be tweaked please let me know. Thanks for any and all feedback. I appreciate you taking the time to read
this and respond.
My configuration follows:
1 Gbps switched network infrastructure with 10/10 fiber internet access
WSUS – current environment – 1 physical server also used as a file share server for user files
Windows Server 2008 Enterprise (x86)
Dual Intel Xeon 2.8 Ghz
2 GB Ram
1 Gbps Nic
136 GB hard drive for DB and WSUS Content files (currently DB=1.5 GB, Content = 108 GB)
WSUS Server version: 3.2.7600.226
Using the Windows Internal Database (I do have a SQL Server 2008 R2 server available now)
128 Computers in 13 groups manually assigned but computers are directed to this server via GP
(all Servers and 90% of workstations are current on updates through last month)
3189 Updates installed/NA
139 Updates needed
919 Updates with no status
Configuration options:
Update source – Microsoft
Products – Office 2003, Office 2010, Windows 7, Windows Defender, Windows Server 2003, Windows Server 2008 R2, Windows XP (previously selected but no longer needed: Office 2002/XP, SQL Server 2008 R2, Windows 2000, Windows Server 2008)
Classifications – critical, definition, security, service packs, update rollups, updates
Update files and languages – store locally, download only when approved, download express installation files, English
Automatic approvals – above classifications for test group which includes one computer with each of the following OS’s: Windows 7, Windows Server 2003, Windows Server 2008 R2, Windows XP
After those machines are tested then I approve and install needed updates for the server group (8 machines total) which include Windows Server 2003, Windows Server 2003 R2, Windows Server 2008 R2, Windows XP
After those machines are tested then I approve needed updates for all computers and let the users install them

Hi Lawrence,
How did you go with creating the FAQ?
Shortly after this thread was last active, I was acquired by SolarWinds, and shortly after that we created PatchZone.org. I've published a lot of this "FAQ" information as blog posts to that site. If you know of anything that's missing, please let me know.
It seems that finding definitive information on doing "proper" maintenance on WSUS is still hard to find and conflicting.
I don't know about "conflicting"; the process is pretty straight forward. But it has been hard to find. Truth is, until a couple of years ago it wasn't even required, but the voluminous number of updates now published in the catalog make it necessary. I posted
a series of blog articles at patchzone.org addressing this very issue.
Here in Australia the majority of businesses are on download limits with ISPs, so we have to be very careful about what we do with cleaning up WSUS, as it can lead to expensive excess data charges!
Cleaning up WSUS will **NEVER** lead to excessive data charges; failing to properly administer and manage the server absolutely will do that!
If you decline the updates that are no longer needed in your environment, isn't there a risk that, should somebody join or re-join an old computer to the network, the computer will never be identified as needing potentially critical updates? Would it be
a better option to change approved updates, that are no longer needed, to unapproved?
Absolutely! A critical observation, in fact. This is why only updates that are
superseded should ever be declined. Updates that are NOT superseded should not be declined, but merely left in a NotApproved state so that if a computer is introduced to the network that requires one of those updates, you would be able to readily determine
that fact.
Surely this would mean the update will still be cleared out after running the clean-up wizard, but, should somebody attach or reattach an old computer to the network it will still be identified and targeted for the correct updates?
Actually, no. Only if you explicitly decline an update, or if the Server Cleanup Wizard declines an update, will the files associated with that update be physically removed from the filesystem. If you merely remove the approvals, the files previously downloaded
will remain. This, then, brings attention to the conditions under which the Server Cleanup Wizard will DECLINE an update. In order for the Server Cleanup Wizard to decline an update it must either be expired or superseded. Furthermore, superseded updates must
be NotApproved, the replacement update must be Approved, and the superseded update must have been 100% Installed/NotApplicable for at least 30 days.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

How to use SSL Technology in JSP.

Can anybody Tell me that How to use SSL Technology in JSP ?
I am using Apache Tomcat 5.0.28 Server.
How to configure the Tomcat server so that it will access any web application supported by Tomcat via SSL ?
Thank you very much in advance.

The JSP does not need to know that the request is coming over SSL. If the application must be over SSL, but the server also allows non-SSL communication, then, like I said, you need to build in a Filter that will check if the incoming request is an https or http request and redirect to the https url if the request was http. And you can do that using the method listed in the previous post. As far as setting up the SSL certificate for Tomcat to use, refer to the Tomcat Documentation that comes with the server. Other than those two things, you don't need to know anything else about SSL inorder to run an SSL application through a Tomcat server (or any other enterprise server either, for that matter), but do an internet search for SSL and maybe one or two other keywords that apply to your situation and you should find plenty that will help.

Disconnect WSUS server and Process of Approving Updates via Metadata.

Hi Folks:
I have recently setup 2 WSUS servers. The first one has connectivity to the Internet and of course has access to Microsoft updates. The second WSUS server is part of a disconnected network. Both WSUS servers are supporting client workstations
of various operating system versions. The connected WSUS server is fairly easy, from a management viewpoint. I simply check to see what updates are "Needed" and I approve them for download. However, the disconnected WSUS server
is the one that I need some advice on. I want to have a fairly simply procedure for the disconnected WSUS server, but here is the procedure that I think would work:
Transfer metadata and updates via disc from the connected WSUS server to the disconnected WSUS server (using documented export/import procedure).
Check to see what is "Needed" updates on the disconnected WSUS server, once the WSUS server has had a chance to absorb all the imported metadata and updates. This means that the disconnected WSUS server has determined from it's supported
client workstations, what updates are required.
Generate a list of those "Needed" updates in some form, so that I can now approve those updates on the CONNECTED WSUS server for download.
Once those updates have been downloaded to the connected WSUS server, transfer the updates and metadata again to the disconnected WSUS server. Approve those updates, so that they can now be sent out to the client workstations on the disconnected
network.
If that is my procedure (can someone like Lawrence Garvin), please let me know, if that sounds correct. I'm concerned about the double export/import of the metadata and updates.
Also, I'm wondering if it would be better to have separate connected WSUS server for supporting the disconnected WSUS to keep things straight.
For example:
One connected WSUS servers supporting the set of client workstations, that are on the connect WSUS server's network.
One disconnected WSUS server supporting the set of client workstations that are on the disconnected WSUS server's network.
One more connected WSUS server, that would be used to download and transfer metadata and updates to the disconnect WSUS server. The advantage in keeping this separate, is that you would never confuse approved updates between the connected network
client workstations and the disconnected network client workstations. Especially, if they have different versions of software, that require updating.
Any input would be appreciated.

You will likely also want to configure your WSUS server to "Download express installation files." under the "Update Files and Languages," setting on your options.
I will unequivocally disagree with this statement, for several reasons:
First, there's nothing that needs to be deployed that would use Express Installation Files anyway. Express Installation Files were designed to facilitate the deployment of Very Large Updates (read: SERVICE PACKS) across slow-speed links by significantly
reducing the size of the binary that must be downloaded by the CLIENT. There are NO service packs in the catalog that won't already be installed on any client system.
Second, in exchange for that ability of clients to download less, it significantly increased the size of the binary that must be downloaded by the SERVER from Microsoft. Express Installation Files will cause hundreds of gigabytes of extra binaries to be
downloaded, which will need to be transferred to the disconnected server. None of which will actually ever be used.
Third, most disconnected networks do not include WAN links, so the primary purpose of Express Installation File is contra-indicated by the very scenario being discussed.
Otherwise by default you might get just an installer downloaded onto the WSUS server and clients might still need internet access to download the actual package contents.
It would seem that you do not correctly understand Express Installation Files.
There is an in-depth explanation of Express Installation Files in the WSUS Deployment Guide. For additional information see
https://technet.microsoft.com/en-us/library/dd939908(v=ws.10).aspx#express
I also would not recommend a internet facing WSUS server just to provide updates to the disconnected WSUS server as that will also need to download a full copy of the content to that server when it is likely already downloaded onto your internet
/ production WSUS server anyway.
Seemingly you are also not actually familiar with the documented guidance for how to manage disconnected networks. An Internet-facing (connected) WSUS server is *exactly* how this is done.
You may also find this part of the Deployment Guide to be useful reading:
Configure a Disconnected Network to Receive Updates
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

SUP and WSUS on the same server.

Hi,
My SCCM environment as follows:
Windows Server 2012 R2 Standard, Configuration Manager 2012 R2, SQL 2012 SP1 CU7
WSUS 6.3.9600.163.84 . All these running on the same server.
SCCM SUP role is enabled, WSUS using SQL Express database. This is Central and Primary site server as well.
Issue is:
1. SUP does not get updates. SUP is configured to get updates from Internet and WSUS console Sync options pointing to its own server name. I tried to change WSUS console sync option to internet couple of times but it looks WSUS changes this back.
2. I want to use WSUS/SUP for SCCM Endpoint definitions update and also for patch installation for clients (Clients Windows update pointing to this server)

What do you mean that this is a Central and Primary site server? Those two roles can not be installed on the same site server.
When it comes to SUP in ConfigMgr, the installation process on WS 2012 is basically this:
1. Install the Windows Server Update Services role, run the initial configuration wizard.
2. Install a SUP site system role on the server and let ConfigMgr configure everything.
Additionally I'd not run a SQL Express for the WSUS since you already have SQL installed. Instead I'd create the SUSDB on the same SQL server that you're running the ConfigMgr DB on.
In my preprequisites installation tool, all you need to do is to open a PowerShell console, run the tool and click on the Install WSUS button, specify the SQL Server and the tool will automatically configure everything. When the tool has completed, you can
go ahead and add the SUP from ConfigMgr and configure it from the ConfigMgr console.
You'll find the tool here:
http://gallery.technet.microsoft.com/ConfigMgr-2012-R2-e52919cd
Regards,
Nickolaj Andersen | www.scconfigmgr.com | @Nickolaja

OID and SSL

Currently I am implementing SSL on OID(With Oracle application server version 10.1.2.0.2) and following `13 Secure Socket Layer(SSL) and the Directory' document of 'Oracle Internet directory Administrator's Guide' 10G Release 2( Part No. B14082-02).
I have successfully taken all the steps and ldapbind was also success ful. Document suggests creating a new directory server through Oracle Dirctory manager(ODM) and subsequently starting this new LDAP instance through OEM(Clicking on Oracle Internet dierectory and clicking the 'start new instance'). I get confirmation that new instance is started but don't get to see the new instance in '
Directory Server Instances' list on OEM.
Also connecting to this instance through ODM doesn't happen. Registering this new Ldap instance in ODM is not successful. In select directory server applet window the status(Available) of this directory server is 'NO'.
I am not sure what to do. Am I missing something? Any help will be appreciated.
Regards,
Firoz

Hi,
This your default setting, this 'll be configset0. please do'nt change this setting, if you need to let your OID in SSL mode only then, you 'll need to confiugre a new configset for example Configset 2, in your new setting you can change to other port nr.
The reason why I say do'nt change your configset0 is just to let one door open in order to be able on login to OID at anytime. just read OID adminGuide "Configure Oracle Internet Directory for SSL" & AS adminGuide "confiugre SSL on infrastructure.
regards;
Hamdy

Deployment Packages Empty, WSUS syncs fine

Hello everyone
I have a 2007 r2 SCCM and 3.0 WSUS environment. I am trying to troubleshoot why my deployment packages are empty.
Looking at WSUS content folder, I have nearly 15 GB of data in there that appears to be all of the update information required. However when I attempt to Download the updates through SCCM from the internet, SCCM attempts to download, appears to show
that it is finished but each update says "Unable to contact server - timeout". Now I know this server can access the internet since WSUS has no problems connecting to Microsoft Updates.
Is the server being contacted the WSUS server? I downloaded the superflows on this but it really wasnt clear to me. if the server being contacted is Microsoft Update, then there really should be no reason why there is a communication issue since
the Proxy is set up through SCCM and WSUS uses that info to contact Microsoft Update.
What ends up is that in the directory where the updates deployments are stored, is a whole lot of empty GUID.1 directories, and no updates are deployed.
if you folks have an idea, please fire em off...
Matthew

Hi,
it is actually the computer where you run the sccm admin console that does the downloading of updates so you can use another computer with the console installed instead of the sccm site server.
The WSUS server content is never used when you use WSUS together with SCCM, it is only used to download information about available updates that the then shown in the admin console and by the clients when the clients scan for updates, then they use the wsus
server as well to download information about which updates it sould scan for.
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec

SSL overhead estimate??

Hi,
does someone have an estimate, how much overhead SSL 40 Bit / SSL 128
Bit encryption have on the server side compared to unencrypted http
connections?
Thanks,
Daniel

Also using Apache (or other) as proxy off-loads the SSL work to the proxy.
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com
+1.617.623.5782
WebLogic Consulting Available
"Frank Gerlach" <[email protected]> wrote in message
news:[email protected]..
I can't give you specific numbers, but the first establishment of an SSL
connection will create a lot of load (asymetric encryption), which
depends on the length of the public/private key, not the symmetric key
you are referring to.
After a certain timeout, the asymmetric encryption step will have to be
done again for a certain client.
This means that if you have a lot of people connecting to your server the
first time in a certain interval you will have an enormous CPU load from
the asymmetric RSA encryption. To solve this problem, there are hardware
devices like "crypto boxes" or "cryptographic coprocessors" (e.g. IBM
Mainframes) commercially available.
I don't know any specifics about Weblogic's support of dedicated crypto
devices, but if available and if you want to use it for a high-traffic
internet portal with SSL, you should ask BEA about this.
The symmetric encryption algorithms do not create a lot of load, at least
algorithms like RC4.
Daniel Hoppe wrote:
Hi,
does someone have an estimate, how much overhead SSL 40 Bit / SSL 128
Bit encryption have on the server side compared to unencrypted http
connections?
Thanks,
Daniel

Cisco AnyConnect VPN client and 256 AES encryption in IE8

Hey,
We have a site that we are trying to connect to with the AnyConnect VPN client version 2.5.3055 on Windows XP SP3. As soon as we enter the site info and hit select, it says a connection was unable to be established.
I believe this has to do with the encryption, its set up with 256 bit AES. We are only able to install IE8, which on XP only supports up to 128 bit encryption, so in IE8 the page will not load. To fix that issue we installed firefox which supports 256 bit encryption. We can get to the page there, but when we go to connect to the same site VIA the VPN client it still will not connect. It will work fine on a windows 7 box with IE9 installed from the same network.
My question mainly pertains to how the AnyConnect client connects on the back end. Does it use Internet explorer's SSL layer by default? Or does it have its own? If it connects through internet explorer, is there a way to change it to firefox so it will actually be able to open up a connection?
Thank you for your answers in advance,
John

Hey Jeff,
Thanks for answering that question. Hmm, so it doesnt go through the browsers SSL layer. We have systems on the same network (same proxy, firewall, vlan, etc). All the systems with windows XP SP3 and IE8/IE7 can not connect to the VPN (they arent even able to start the connection and ask for proxy/logon info.), all the systems with windows 7 and IE9 can. Same setups on each one as far as the security policies go as well. I thought it may have to do with the 256 bit encryption that they are using.
If thats not the case, what else could be causing the problem? weve tested it on about 5 XP machines and 5 Win 7 machines, same results on each. Connects on Win 7, does not connect on Win XP.
Thanks,
John

Setting timeout for SOAP requests in a webservice client

I am trying to set the timeout for a synchronous SOAP request sent to a Web Service deployed on weblogic 8.1 SP2. I tried setting timeout thru bindinginfo setTimeout() and also javax.xml.rpc.Stub _setProperty(). Both of them seem to be not working. I set the value to as low as 1 sec but i still donot get a timeout. Other properties/method from these two classes work fine though (like endpointaddress property in javax.xml.rpc.Stub and setVerbose flag to true in BindingInfo).
Can someone please help.
Thanks in Advance
srini

Our application calls the webservice provided by another company over the internet using the ssl. We use the wsdl url of the webservice on the destination while creating the port. If the destination is not available statement which creates the port blocks for around 4 minutes.
I think the first network call gets the wsdl from the remote server. Thus we encounter delays before getting the stub created. How can I timeout such a calls.
try {
port = (new ServiceName_Impl(remoteWsdlURL)).getServiceNameSoap();
} catch (IOException e) {

E-mail support with work e-mail

Hello all Blackberry users!! I got my blackberry Curve 8330 in April and recently my work has decided that it was against policy to have your e-mail go through a third party. Fair Enough. Then they said people with Blackberry's will have to have their email deactivated because you have to sign up for BIS, which is an unsecure e-mail server that could potentially pose harm via our secure e-mails.
Well... when I did set up my phone in april, I didn't have a BES server and I didn't sign up for BIS. I simply put in my e-mail and password and it found the webserver e-mail (https://....). I was using it fine, even though messages would come in up to 10 min later.
So here's the big question for me and the other 80 people who are confused, even though we went through and just put our e-mail address and got the proxy server via https and didn't sign into a BIS account with Blackberry, is it technically going through the BIS servers?
I don't want to buy a new phone, I can't afford it and work doesn't care. I don't want to do the wireless sync thing via laptop and have it push via a cable. Any thoughts?

if you put in a server address with "https://" then you integrated OWA, which is through BIS
example: https://companyname.org/exchange
if you touched the Email Settings icon on your phone, then you integrated through BIS
Here is some information about email security through BIS
1. Email messages and instant messages
Email messages and instant messages that are sent between the BlackBerry® Internet Service and your BlackBerry device use the security
features of the wireless network. Messages that are sent between your messaging server and the BlackBerry Internet Service are automatically
encrypted if the server supports SSL encryption.
2. Encryption of login information
When you log in to the BlackBerry® Internet Service web site using a browser on your computer, the BlackBerry Internet Service uses SSL
encryption to help protect your login information and any changes you make to your login information. This encryption is designed to protect
your user names, passwords, and other BlackBerry Internet Service account information from unauthorized access.
Email as a whole is one of the most unsecured portocols out there, The only way that your company could have secured emails is to only allow it on the intranet(internal tho the building) and not the internet(over the wide web). As soon they they expose their email to the internet it is unsecured, there is no encryption when sending over the web. It isnt possible for a BB to make it any less secure. Might want to get some more info from your company IT department. BBs are one of the most secure devices out there.
There are 3 ways to get emails to a BB. BES, BIS, and Redirector(requires exchange, outlook and DTM to open at all times, does not support attachments)

Internet MP WSUS SSL

Similar Messages

Maybe you are looking for