Windows Updates over VPN

Unable to update Win8.1 devices over VPN - devices appear in SCCM, so are SEEN by SCCM/WSUS.

Extract of windowsupdate.log from client device:

2015-07-21      11:07:27:931       420      10a0      Agent        * Include potentially superseded updates
2015-07-21      11:07:27:931       420      10a0      Agent        * Online = Yes; Ignore download priority = Yes
2015-07-21      11:07:27:931       420      10a0      Agent        * Criteria = "(DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')"
2015-07-21      11:07:27:931       420      10a0      Agent        * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2015-07-21      11:07:27:931       420      10a0      Agent        * Search Scope = {Machine}
2015-07-21      11:07:27:931       420      10a0      Agent        * Caller SID for Applicability: S-1-5-18
2015-07-21      11:07:27:931       420      10a0      Agent        * RegisterService is set
2015-07-21      11:07:27:931       420      10a0      EP      Got WSUS Client/Server URL: "http://servername.local:8530/ClientWebService/client.asmx"
2015-07-21      11:07:28:431       420      10a0      PT      +++++++++++  PT: Synchronizing server updates  +++++++++++
2015-07-21      11:07:28:431       420      10a0      PT        + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://servername.local:8530/ClientWebService/client.asmx
2015-07-21      11:07:28:431       420      10a0      PT      WARNING: Cached cookie has expired or new PID is available
2015-07-21      11:07:28:431       420      10a0      EP      Got WSUS SimpleTargeting URL: "http://servername.local:8530"
2015-07-21      11:07:28:431       420      10a0      IdleTmr      WU operation (CAuthorizationCookieWrapper::InitializeSimpleTargetingCookie) started; operation # 6; does use network; is at background priority
2015-07-21      11:07:28:431       420      10a0      PT      Initializing simple targeting cookie, clientId = 033c840a-86a4-43e4-95f1-ce649aed8dfc, target group = , DNS name = device.domain.local
2015-07-21      11:07:28:431       420      10a0      PT        Server URL = http://servername.local:8530/SimpleAuthWebService/SimpleAuth.asmx
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Nws Failure: errorCode=0x803d0006
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Original error code: 0x80072ee2
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Error string with resource id '0x81' is not found for the language id '0x809'.
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Could not get error string (errorCode=0x80073b01)
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: MapToSusHResult mapped Nws error 0x803d0006 to 0x8024401c
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Web service call failed with hr = 8024401c.
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Current service auth scheme='None'.
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: Proxy List used: '(null)', Bypass List used: '(null)', Last Proxy used: '(null)', Last auth Schemes used: 'None'.
2015-07-21      11:07:49:478       420      10a0      WS      FATAL: OnCallFailure failed with hr=0X8024401C
2015-07-21      11:07:49:478       420      10a0      WS      WARNING: NWS retry 1 for transient error 0x8024401C
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Nws Failure: errorCode=0x803d0006
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Original error code: 0x80072ee2
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Could not get error string (errorCode=0x80073b01)
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: MapToSusHResult mapped Nws error 0x803d0006 to 0x8024401c
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Web service call failed with hr = 8024401c.
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Current service auth scheme='None'.
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: Proxy List used: '(null)', Bypass List used: '(null)', Last Proxy used: '(null)', Last auth Schemes used: 'None'.
2015-07-21      11:08:12:514       420      10a0      WS      FATAL: OnCallFailure failed with hr=0X8024401C
2015-07-21      11:08:12:514       420      10a0      WS      WARNING: NWS retry 2 for transient error 0x8024401C
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Nws Failure: errorCode=0x803d0006
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Original error code: 0x80072ee2
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Could not get error string (errorCode=0x80073b01)
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: MapToSusHResult mapped Nws error 0x803d0006 to 0x8024401c
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Web service call failed with hr = 8024401c.
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Current service auth scheme='None'.
2015-07-21      11:08:35:545       420      10a0      WS      WARNING: Proxy List used: '(null)', Bypass List used: '(null)', Last Proxy used: '(null)', Last auth Schemes used: 'None'.

Feels like a proxy/firewall issue, but could od with some Expert guidance please?
carob65Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KimputerCommented:
Client probably can't resolve this link: http://servername.local:8530/ClientWebService/client.asmx
You should tell the VPN profile to use the DNS server from the domain instead of the DNS server of where the client is at that time.

You can tell by pinging servername.local when the VPN is connected. Until it replies back, you didn't solve your DNS problems yet.
carob65Author Commented:
Looks like it was a Firewall port issue. DNS was fine.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
carob65Author Commented:
Thank you for your response. This was a Firewall port issue and not DNS.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 8

From novice to tech pro — start learning today.