SCCM 2012 R2 - 3 WSUS Points problems

Hello there,

We have an issue with SCCM and his agents by change our firewall rules.

We have 3 Domains; in Domain A1 is our Primary Site Server with the MP A1 WSUS A1 Role.

In Domain B2 is a MP B2 with WSUS B2 and in Domain C3 is a MP C3 with WSUS C3. There is no Secondary Site in both domains.

In the Past all Agents can communicate with all WSUS Server and all is running fine but our Security Rules are changed. The idea is that only client/agents communicate with the own WSUS and MP.

Now I have agents in domain B2 that would like communicate with the MP B2 and with WSUS B3 whats is not running fine, they becomes no updates and have problems in the WUAHANDLER:

OnSearchComplete - Failed to end search job. Error = 0x80072ee2.       WUAHandler     18.05.2015 09:01:03        5908 (0x1714) Scan failed with error = 0x80072ee2.     WUAHandler     18.05.2015 09:01:03        5908 (0x1714) Its a WSUS Update Source type ({7A250DB5-2AE5-4062-A594-7C56744DB6C3}), adding it.          WUAHandler     18.05.2015 09:01:03               6360 (0x18D8) Existing WUA Managed server was already set (http://domainB3:8530), skipping Group Policy registration.     WUAHandler                18.05.2015 09:01:03        6360 (0x18D8)

So the idea was to work with GPO and WSUS Setting but this not the right solution, on a test gpo I changed the server to WSUS B2 for a client in domain B2, make a gpupdate restart the WUAUSERV and the CCMEXEC but now I have other errors:

Enabling WUA Managed server policy to use server: http://DOMAINC3:8530   WUAHandler     18.05.2015 13:31:12        2476 (0x09AC) Waiting for 2 mins for Group Policy to notify of WUA policy change...   WUAHandler     18.05.2015 13:31:12        2476 (0x09AC) Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://DOMAINB2:8530 and Policy ENABLED                WUAHandler     18.05.2015 13:31:16        2476 (0x09AC) Failed to Add Update Source for WUAgent of type (2) and id ({7A250DB5-2AE5-4062-A594-7C56744DB6C3}). Error = 0x87d00692.      WUAHandler     18.05.2015 13:31:16        2476 (0x09AC)

I know that the agents should be change the server himself when its someone not reachable but thats doesnt helps really.

For the MP we forced them with a Policy but is it possible to force the WSUS Update Server as MP?

With best regards


  • Edited by mr. AAJ 19 hours 2 minutes ago
May 18th, 2015 8:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics