WSUS issues

[firstcom]

Hi all,

 

I've come across some workstations in our environment that don't show as out of compliance in SCCM, but when you run a Compliance 5 - Specific computer report on it to view updates, they are blank.

 

If you go in to view installed updates on the PC, they aren't up to date or show as failed.

 

Has anyone seen this before and know what steps can be taken to troubleshoot?

 

Thank you!

[firstcom]

Also, if you install some of the recently released updates manually, they DO install.

[firstcom]

An update on this issue:

 

I re-installed our WSUS environment last night. It re-synced with SCCM. Everything seems to be up and running and 100%. Logs look good.

 

However, the problem persists.

 

* On one example PC, it shows no updates available when you check through WSUS. However, when you check online, there's 80 - some of which are security/critical updates, which is what we target.

* When you pull up this specific PC in SCCM reporting for updates, it shows up blank.

* WindowsUpdates.log suggests "Found 0 updates and 91 categories in search" and "0 updates detected"

 

Does anyone have any clue why this is happening? Windows should not be showing as compliant and the reports for this specific should not show as blank. Updates ARE available.

[GarthMJ]

You are not getting results in CM12 it means they are NO scanning for SU using CM12. Review the log files on the client side to figure out what is going one.

You should NOT be looking at WSUS as this can cause problems.

[firstcom]

WindowsUpdate.log does suggest that it's connecting through my configmanager server. I've been reviewing WindowsUpdate.log in C:\Windows, and UpdatesDeployment.log and UpdatesStore.log.

 

 

You are not getting results in CM12 it means they are NO scanning for SU using CM12. Review the log files on the client side to figure out what is going one.

You should NOT be looking at WSUS as this can cause problems.

[firstcom]

I can initiate a Software Update Scan, SoftwareDeployment scan, etc and watch the logs process the request...

 

WindowsUpdate.log does suggest that it's connecting through my configmanager server. I've been reviewing WindowsUpdate.log in C:\Windows, and UpdatesDeployment.log and UpdatesStore.log.

 

 

[firstcom]

In UpdatesDeployment.log, I can see updates getting added to the targeted list. In UpdatesStore.log, I can see it querying the status of updates.

 

In WindowsUpdate.log I can see lines that say "Added Update { ... } to search result..

 

I do see occasional warnings that say ISusInternal::GetUpdateMetadata3 failed, hr=8007000E

 

 

I can initiate a Software Update Scan, SoftwareDeployment scan, etc and watch the logs process the request...

 

[firstcom]

I am now in the process of deleting all ADR's, deployment packages, and software groups and forcing SCCM to re-sync across the board. We'll see if that works!

[RLC-Andrew]

Are these clients 32 bit clients by chance?

I had this same issue. Kind of an interesting issue if you research the reasons why...but nonetheless....the follow link has the hotfix that will fix it.

 

https://blogs.technet.microsoft.com/configurationmgr/2015/04/15/support-tip-configmgr-2012-update-scan-fails-and-causes-incorrect-compliance-status/

 

 

 

 

[firstcom]

After uninstalling WSUS, re-installing, and re-syncing, I've deleted all ADRs, deployment packages and software groups. Initialized a re-sync. The impacted PCs are still experiencing the same issue.

 

Garth, et al - any advice on where I can look next? This is, needless to say, frustrating to experience.

 

Thank you!