Though not virtualization focused, I had to do a post on this issue I had when setting a 2-tier WSUS deployment for a client that couldn’t be put on SCCM (for whatever reason).
- Upstream Server (connected to the Internet, sitting in a DMZ in a workgroup, able to sync with MS update servers)
- Downstream Server (not connected to the Internet, sitting in a Prod domain, unable to sync with the upstream server)
Error I got:
Port 80 was allowed through the firewall, no problems there. So I turned to Wireshark to determine where the problem lied. I got the following message in a Wireshark capture:
“Header checksum 0x0000 incorrect should be 0xbafe may be caused by ip checksum offload”
Googling the above error led me to this link that suggested disabling checksum offload. Here’s how to do it:
After this I attempted another manual sync and Voila! – I have the downstream server syncing with the upstream server!
Honestly though, I found it odd that the checksum offload was the problem, but it’s what got it working.