Hi
We have been running a WSUS server on our network for several years with no issue. Recently we found that about 70 of the 2500 machines we manage were not receiving any updates. All of our managed machines are configured to use out WSUS server
using the same Group Policy. I checked the WSUS log and the problem machines are successfully connecting to the WSUS server but they report that no updates are required. If I disable the GPO or manually point them to Microsoft Update, they immediately
detect 50 to 60 pending updates. If I point them back to the local WSUS server, they again claim there are no updates available. I've even gone so far as to install a new WSUS server and the symptom remains the same when I point affected machines
to it.
Here's a typical log entry.
2012-04-0302:58:24:8738980af8Misc=========== Logging initialized (build: 7.4.7600.226, tz: -0600) ===========
2012-04-0302:58:24:8738980af8Misc = Process: c:\program files\windows defender\MpCmdRun.exe
2012-04-0302:58:24:8578980af8COMAPI-------------
2012-04-0302:58:24:8738980af8COMAPI-- START -- COMAPI: Search [ClientId = Windows Defender]
2012-04-0302:58:24:8738980af8COMAPI---------
2012-04-0302:58:24:91988823a0Agent*************
2012-04-0302:58:24:9198980af8COMAPI<<-- SUBMITTED -- COMAPI: Search [ClientId = Windows Defender]
2012-04-0302:58:24:91988823a0Agent** START ** Agent: Finding updates [CallerId = Windows Defender]
2012-04-0302:58:24:91988823a0Agent*********
2012-04-0302:58:24:91988823a0Agent * Online = Yes; Ignore download priority = No
2012-04-0302:58:24:91988823a0Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '8c3fcc84-7410-4a95-8b89-a166a0190486' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
2012-04-0302:58:24:91988823a0Agent * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
2012-04-0302:58:24:91988823a0Agent * Search Scope = {Machine}
2012-04-0302:58:25:32688823a0PTWARNING: Cached cookie has expired or new PID is available
2012-04-0302:58:25:32688823a0PTInitializing simple targeting cookie, clientId = 9be6f469-abe0-439d-848d-f465b74d361a, target group = , DNS name = si-imac-dhjq-w7.domainnameremoved
2012-04-0302:58:25:32688823a0PT Server URL = http://msupdate.domainnameremoved/SimpleAuthWebService/SimpleAuth.asmx
2012-04-0302:58:27:95188823a0PT+++++++++++ PT: Starting category scan +++++++++++
2012-04-0302:58:27:95188823a0PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://msupdate.domainnameremoved/ClientWebService/client.asmx
2012-04-0302:58:28:26388823a0PT+++++++++++ PT: Synchronizing server updates +++++++++++
2012-04-0302:58:28:26388823a0PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://msupdate.domainnameremoved/ClientWebService/client.asmx
2012-04-0302:58:28:40488823a0Agent * Found 0 updates and 4 categories in search; evaluated appl. rules of 18 out of 60 deployed entities
2012-04-0302:58:28:51388823a0Agent*********
2012-04-0302:58:28:51388823a0Agent** END ** Agent: Finding updates [CallerId = Windows Defender]
2012-04-0302:58:28:51388823a0Agent*************
2012-04-0302:58:28:51389802270COMAPI>>-- RESUMED -- COMAPI: Search [ClientId = Windows Defender]
2012-04-0302:58:28:51389802270COMAPI - Updates found = 0
2012-04-0302:58:28:51389802270COMAPI---------
2012-04-0302:58:28:51389802270COMAPI-- END -- COMAPI: Search [ClientId = Windows Defender]
2012-04-0302:58:28:51389802270COMAPI-------------
2012-04-0302:58:33:52988823a0ReportREPORT EVENT: {B7473B8F-C3BA-41EF-82B8-7E46ADED44AD}2012-04-03 02:58:28:513-06001147101{00000000-0000-0000-0000-000000000000} 00Windows DefenderSuccessSoftware SynchronizationWindows Update Client successfully detected 0 updates.
2012-04-0302:58:33:52988823a0ReportCWERReporter finishing event handling. (00000000)
2012-04-0303:03:07:63288823a0ReportUploading 1 events using cached cookie, reporting URL = http://msupdate.domainnameremoved/ReportingWebService/ReportingWebService.asmx
2012-04-0303:03:07:63288823a0ReportReporter successfully uploaded 1 events.