We help IT Professionals succeed at work.

SCCM Update Deployment

fr0nk used Ask the Experts™
Hi experts,

I'm having trouble with updates.
1st hierarchy level: Empty Central Site (IP Boundary = its own IP). (AD Forest 1, Domain 1)
2nd Level: Primary Site (AD Forest 1, Domain 1) (this means: this primary site resides in the same forest and domain as the central site)
3rd Level: Another Primary Site (AD Forest 2, Domain 2 - this means: different forest, different domain)
The AD Forest are trusted unidirectionally from Domain 1 -> Domain 2
All Sites are SCCM 2007 SP2 R3

The Central Site should be used as an software update point to synchronize with MS. The Central site has a WSUS 3.0 SP2 (3.2.7600.226) installed locally. WSUS uses Port 80. The Central Site also holds the Reporting point. The Central Site should be used for reporting purposes and for update synchronisazion.

The update synchronisation with microsoft works.

I don't receive status messages from agents. Update status is 100% unknown on all clients. Therefore I have no idea which updates are required.

Configuration: Central Site: Software Update point site system: Use proxy, correctly configured -> otherwise the sync with ms wouldn't work
Software update point component configuration: Active software update point on site server: Port 80.
http://localhost:80/selfupdate/iuident.cab works and offers me a download.

Client logs:
ScanAgent.log: After manually initiating a scan cycle:
Message received: '<?xml version='1.0' ?>	<UpdateSourceMessage MessageType='ScanByUpdateSource'>
			<ID>{51CB6FFB-29C0-45A8-AFED-1614F3E25ACA}			</ID>
	ScanAgent	4/17/2012 10:33:57 AM	6020 (0x1784)
*****ScanByTool request received with ForceReScan=2, ScanOptions=0x0000000a, DownloadPriority = 2, LocationTimeout = 604800, DownloadTimeout = 864000, PerDPInactivityTimeout = 0, TotalInactivityTimeout = 0, DPLocalityFlags = 10, ForceInventory=0	ScanAgent	4/17/2012 10:33:57 AM	6020 (0x1784)
-Scan will be requested for ToolUniqueID={51CB6FFB-29C0-45A8-AFED-1614F3E25ACA} ToolVersion=3.0 ToolName=WSUS Enterprise Server ToolContentVersion=0	ScanAgent	4/17/2012 10:33:57 AM	6020 (0x1784)
- -1 Scan requests added, creating Scan-Job to track these scan requests.	ScanAgent	4/17/2012 10:33:57 AM	6020 (0x1784)
- -Processing Scan tool history removal request	ScanAgent	4/17/2012 10:34:00 AM	6020 (0x1784)
- -Processing Scan tool history removal request	ScanAgent	4/17/2012 10:37:47 AM	5756 (0x167C)

Open in new window

ClientLocation.log: No errors. Last log entries:
Current Management Point is CentralSite.fq.dn with version 6487 and capabilities: <Capabilities SchemaVersion="1.0">

Open in new window

The agent is resolving the AD site it resides on correctly.

Do you have any idea why the clients arent reporting properly?

I already tried initiating the update scan cycle manually on the agent with no success.

Thanks and kind regards!
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Desktop Applications Specialist
Try WSUS to work on port 8530 and see.
Try to install WSUS on the Primary Sites as Active Sofware Update Points also. They then act as downstream servers of the Central Sites Update Point


This was a tricky one, but I figured it out. It was a really weird network issue.
Erik CurtisEnterprise Architect

Did you need to install WSUS on both CAS and Primary? What did you do to resolve this?