PENDING Issues with Software update deployments

[bhumesh_t]

from last couple of days facing issues with Microsoft software update deployments- the targeted clients for deployments are categorized as "unknown" devices.
validated the clients and the clients are active and connected, no issues with connecting admin shares on clients.
tried many of the suggestions/solutions mentioned on the various forums but it is not helping .
tried deployment on win7, win8 & win10 but same issues.

looking for assistance to resolve this problems.

------------------

what i have observed on many clients the local policy settings of "Specify intranet Microsoft update service location" is not enabled..
is this a mandatory settings, on the same clients i can see that client is and under control panel configuration manager properties the management point and site code is correctly set..
i am not pushing the local policy settings for client through group policy and this used to work previously.

 

[bhumesh_t]

guys if anyone has faced this type of issues in past ?

 

[bhumesh_t]

i am bit confused - is it mandatory to enable client side setting to set "specify intranet microsoft update service location" through group policies ?
i have distributed architecture with CAS and 4 Primary servers .
SCCM version is 2012 R2 SP1 installed on Windows server 2012 R2 Standard edition.

 

[Edy]

i am bit confused - is it mandatory to enable client side setting to set "specify intranet microsoft update service location" through group policies ?
i have distributed architecture with CAS and 4 Primary servers .
SCCM version is 2012 R2 SP1 installed on Windows server 2012 R2 Standard edition.

Yes and you would need to use Group Policy to set the WUServer and WUStatusServer reg keys

 

[Edy]

 

[bhumesh_t]

Yes and you would need to use Group Policy to set the WUServer and WUStatusServer reg keys
View attachment 2042

Thanks Edy.
Is it mandatory to enable group policy settings for Software updates on clients ?
or can client communicate with SCCM with the configured assigned management point settings in SCCM client configuration on the endpoints?

also the settings for WUServer and WUstatusserver should point to the primary SCCM server or can we point this settings to CAS server role ?

 

[bhumesh_t]

further while i was checking some client logs have found below errors

Scanagent.log

CScanAgent::ScanByUpdates - Update Source Policies not found no scan will be performed, returning E_FAIL_POLICY_NOT_FOUND

CUpdatesScan::ScanByUpdates - failed at call to CScanAgent::ScanByUpdates(), error=0x87d00600



Updatestore.log

Failed to refresh Resync state message. Error = 0x87d00310.
Failed to refresh sync message. Error = 0x87d00310.


UpdatesDeployment.log

Job error (0x87d00600) received for assignment ({604E1165-3D42-4A86-860C-EE209E5EE81B}) action
Updates will not be made available

UpdatesHandler.log

CApplicabilityHandler - ScanByUpdates failed. Error = 0x87d00600
Failed to initiate applicability scanning, error = 0x87d00600

This errors are common accross all laptops and desktops

 

[bhumesh_t]

Thanks Edy.
Is it mandatory to enable group policy settings for Software updates on clients ?
or can client communicate with SCCM with the configured assigned management point settings in SCCM client configuration on the endpoints?

also the settings for WUServer and WUstatusserver should point to the primary SCCM server or can we point this settings to CAS server role ?

through Group policies we have configured below settings on domain wide

Configure Automatic updates - Disabled
NO auto-restart with logged on users for scheduled automatic updates - Enabled
Specify intranet microsoft update service location - Enabled (with http://sccm2012r2.domain.com:8530

but same issues ...
further while i was checking some client logs have found below errors

Scanagent.log

CScanAgent::ScanByUpdates - Update Source Policies not found no scan will be performed, returning E_FAIL_POLICY_NOT_FOUND

CUpdatesScan::ScanByUpdates - failed at call to CScanAgent::ScanByUpdates(), error=0x87d00600



Updatestore.log

Failed to refresh Resync state message. Error = 0x87d00310.
Failed to refresh sync message. Error = 0x87d00310.


UpdatesDeployment.log

Job error (0x87d00600) received for assignment ({604E1165-3D42-4A86-860C-EE209E5EE81B}) action
Updates will not be made available

UpdatesHandler.log

CApplicabilityHandler - ScanByUpdates failed. Error = 0x87d00600
Failed to initiate applicability scanning, error = 0x87d00600

This errors are common accross all laptops and desktops

 

[Edy]

through Group policies we have configured below settings on domain wide

Configure Automatic updates - Disabled
NO auto-restart with logged on users for scheduled automatic updates - Enabled
Specify intranet microsoft update service location - Enabled (with http://sccm2012r2.domain.com:8530

but same issues ...
further while i was checking some client logs have found below errors

Scanagent.log

CScanAgent::ScanByUpdates - Update Source Policies not found no scan will be performed, returning E_FAIL_POLICY_NOT_FOUND

Did you update your client setting with the intranet SUS address?

 

[bhumesh_t]

Did you update your client setting with the intranet SUS address?

Yes on few machines through GP to test - but all that machines still have same issues for which i have shared the logs...

i understand that these SUS address updation is handled by SCCM agent / client itself locally and it is not required to push from GP ...

 

[Edy]

Yes on few machines through GP to test - but all that machines still have same issues for which i have shared the logs...

i understand that these SUS address updation is handled by SCCM agent / client itself locally and it is not required to push from GP ...

am completely unsure on this. however, the two companies that i work at, i setup GP to update the regkey with the wsus server location

 

[bhumesh_t]

am completely unsure on this. however, the two companies that i work at, i setup GP to update the regkey with the wsus server location

I have applied the GP settings required for SUS address and the address is visible under regkey..but still i am observing same errors

error - scan tool policy not found - with error code error code 0x87d00600

 

[Edy]

lets go back one step. Is your client properly connected? check LocationServices.log and ClientLocation

 

[bhumesh_t]

lets go back one step. Is your client properly connected? check LocationServices.log and ClientLocation
[/QUO

lets go back one step. Is your client properly connected? check LocationServices.log and ClientLocation

LocationServices.log and clientlocation.log are showing correct AD site and MP

 

[Edy]

are you experiencing this with all of the machines or just some?

can you go to the machine c:\Windows\System32\GroupPolicy\Machine - Registry.pol is today's date?

otherwise, you would need stop SMS Service and delete the Registry.pol

 

[Edy]

can you also telnet from the client to WSUS server over 8530?

 

[bhumesh_t]

can you also telnet from the client to WSUS server over 8530?

Telnet from client to WSUS server is working on port 8530

 

[bhumesh_t]

are you experiencing this with all of the machines or just some?

can you go to the machine c:\Windows\System32\GroupPolicy\Machine - Registry.pol is today's date?

otherwise, you would need stop SMS Service and delete the Registry.pol

i have tried this but its not helping

 

[icenil]

Any other advice on this, I have same issue? Thanks