Greetings! I have also been struggling with a similar issue, seemingly only on client operating systems. Our single primary site was at 1606, did the update to 1610 without issue, then enabled the site-wide client upgrade over 30 days. I realized that our clients were actually still on 1511, though. When I deployed December updates, I included them in a newly created 2016 Software Update Group, deleted all the previous SUGs, then created new ones for 2015 and for 2014 and Prior--all deployed in December.
What I noticed was that I had about 2500 machines out of ~10K that were in an error state when viewing the deployment through the Monitoring workspace. The error is
“Failed to install updates”, Error Code: 0x80040e37, Error Description: unknown error (-2147217865).
When I look at one of the affected clients, I also saw messages like those previously reported in the UpdatesDeployment.log
Failed to get SDM CI for update from type store, error = 0x80070002
Failed to GetSupersededUpdatesFromDigest for the update
UpdatesHandler.log,
Since then, I have deployed January updates to our pilot groups and found that the pilot servers were updated properly, but the clients just sit with updates in Software Center as "Past Due - Will Be Installed." This is a required deployment, ASAP/ASAP, with no maintenance window on the clients, and I even tried it outside of business hours although I thought it ignores that after the deadline anyway.
The weird thing is that I can install an update locally from Software Center. I have a case open with Microsoft, but haven't gotten anywhere yet.