Using stand-alone WSUS in SCCM environment

Hi @ all,

We are using Microsoft SCCM 2012 in our environment. Due to technical problems to deploy Microsoft Updates with SCCM and the lack of knowledge about SCCM, we decided to temporarily migrate the MS patch level management to a stand-alone WSUS environment. Unfortunately the clients do not report fully to the new WSUS server. The clients appear in the computer group, attachend with client side targetting, but with "Not yet reported" state.

What we allready did:
1. Removed the Software Update Point component configuration from the Configuration Manager 2012 environment.
2. disabled the "Software updates on clients" option in the sccm client agent settings
2. deactivated the WSUS that was installed on the sccm server
3. Reinstalled WSUS to be used as a standalone environment (with SSL communication).
4. Configure Group Policies to point the clients to the new standalone WSUS server.

when I run the command:
wuauclt /resetauthorization /detectnow

I can find one of these warnings i the eventvwr:
Capture1.PNGCapture2.PNG
It seems that the sccm agent installed on the computer is responsible for this problem.

What shall we do?

Thanks a lot for your help!
windows-itAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kyodaiCommented:
In the group policy you need to make sure you configured the right URL and port for updates. In this case it seems that the client can not access the server. This is usually either a firewall problem or a wrong value in the group policy. I would use GPRESULT to read out the values. Usually the internal path should be something like "http://192.168.1.99:8530". You also need to enable the option to allow signed updates from an intranet address.
0
windows-itAuthor Commented:
Hi Kyoday,
Thanks for your fast answer. The url configured in the GPO is correct and there is no firewall problem... It seems there is another problem.
0
kyodaiCommented:
Then I'd hook a sniffer in between and see if the packages reach the server properly. I assume you already tried to reboot one of the clients having that problem?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

kyodaiCommented:
ANother thing i would try - maybe switch from SSL to unencrypted just to see if the problem is SSL related...
0
DonNetwork AdministratorCommented:
The 800b0001 is indication that your WSUS server itself is missing an update.

http://support.microsoft.com/en-us/kb/2828185

Clients are getting the error you see because the windows update agent on the Client doesnt match the agent from WSUS.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
windows-itAuthor Commented:
one part could be solved with the following KB:
https://support.microsoft.com/en-us/kb/2734608

This update lets WSUS servers that are running Windows Server 2008 R2 provide updates to computers that are running Windows 8 or Windows Server 2012.

But we had to reinstall the WSUS to solve all issues.
0
DonNetwork AdministratorCommented:
http://support.microsoft.com/en-us/kb/2828185

^^ This is the most recent update and includes KB2734608^^

Notes

   Update 2720211 and update 2734608 are included in this update. These updates strengthen the WSUS communication channels.
0
windows-itAuthor Commented:
found a KnowledgeBase article which solved a big part of the issues
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Enterprise

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.