We help IT Professionals succeed at work.

Using stand-alone WSUS in SCCM environment

Hi @ all,

We are using Microsoft SCCM 2012 in our environment. Due to technical problems to deploy Microsoft Updates with SCCM and the lack of knowledge about SCCM, we decided to temporarily migrate the MS patch level management to a stand-alone WSUS environment. Unfortunately the clients do not report fully to the new WSUS server. The clients appear in the computer group, attachend with client side targetting, but with "Not yet reported" state.

What we allready did:
1. Removed the Software Update Point component configuration from the Configuration Manager 2012 environment.
2. disabled the "Software updates on clients" option in the sccm client agent settings
2. deactivated the WSUS that was installed on the sccm server
3. Reinstalled WSUS to be used as a standalone environment (with SSL communication).
4. Configure Group Policies to point the clients to the new standalone WSUS server.

when I run the command:
wuauclt /resetauthorization /detectnow

I can find one of these warnings i the eventvwr:
Capture1.PNGCapture2.PNG
It seems that the sccm agent installed on the computer is responsible for this problem.

What shall we do?

Thanks a lot for your help!
Comment
Watch Question

Commented:
In the group policy you need to make sure you configured the right URL and port for updates. In this case it seems that the client can not access the server. This is usually either a firewall problem or a wrong value in the group policy. I would use GPRESULT to read out the values. Usually the internal path should be something like "http://192.168.1.99:8530". You also need to enable the option to allow signed updates from an intranet address.

Author

Commented:
Hi Kyoday,
Thanks for your fast answer. The url configured in the GPO is correct and there is no firewall problem... It seems there is another problem.

Commented:
Then I'd hook a sniffer in between and see if the packages reach the server properly. I assume you already tried to reboot one of the clients having that problem?

Commented:
ANother thing i would try - maybe switch from SSL to unencrypted just to see if the problem is SSL related...
Network Administrator
Commented:
The 800b0001 is indication that your WSUS server itself is missing an update.

http://support.microsoft.com/en-us/kb/2828185

Clients are getting the error you see because the windows update agent on the Client doesnt match the agent from WSUS.
one part could be solved with the following KB:
https://support.microsoft.com/en-us/kb/2734608

This update lets WSUS servers that are running Windows Server 2008 R2 provide updates to computers that are running Windows 8 or Windows Server 2012.

But we had to reinstall the WSUS to solve all issues.
DonNetwork Administrator

Commented:
http://support.microsoft.com/en-us/kb/2828185

^^ This is the most recent update and includes KB2734608^^

Notes

   Update 2720211 and update 2734608 are included in this update. These updates strengthen the WSUS communication channels.

Author

Commented:
found a KnowledgeBase article which solved a big part of the issues