I have a Windows 2008 R2 server which has been running the WSUS Role for several years and I have not had a problem in the past with any of my clients. I setup 2 RDP/ Citrix Servers with Windows 2012 in the beginning of the year. WSUS seemed to have worked initially but the last update was April. Since then it tells me that there are updates when I log in but when I go to the Wndows Update screen, it won’t give me the option to update because it says the settings are managed by my system (through GP and WSUS). I pushed the WSUS settings with GPO. I had a similar problem with my third 2012 server which wasn’t RDP / Citrix. I removed that one from the OU so it doesn't get the GP for WSUS and I am now able to manually run updates. I ran RSOP on the first 2 servers, but can’t see anything that would block the WSUS. Not sure why I would only have an issue with 2012 servers.