I think it was last week when I made the changes to the WSUS configuration so that the clients would use SSL. Everything kind of worked but I was not happy. Today I finally got everything to work as expected. The first annoyance was to enable “Display mixed content” for Intranet sites so that I would stop seeing the popup everytime I went into WSUSAdmin using https. The next configuration change was more subtle. I could not go into WSUSAdmin with a fully qualified domain name when I cranked up the browser on my server. I would get a 502 error complaining about https traffic should be on 443. I think this same problem kept MBSA from downloading the latest updates file since it was probably using port 8531, too. The problem was probably related to my IE proxy setup. I had set this manually when I installed the server. Since then I had successfully verified that my automatic configuration with wpad.dat was working. So I set the IE LAN Setting to automatically detect the settings. I can now go into WSUSAdmin. MBSA works correctly, too! At least for me I found that if I can go into WSUSAdmin via https on port 8531 I have the WSUS client set up correctly. I still need to work on distributing the certificate to new clients.
I had been monitoring WSUS ever since Office 2K3 SP2 was released. I was looking for it to appear as a package needing approval. I did find it today but it had been disapproved. I wonder how that happened? Hmm!
This whole episode started off this morning when I noticed that my PC had rebooted. I forgot that I had set it up to automatically install critical updates at 3 AM. I did confirm that I configured WSUS to automatically approve critical updates.