I'm having a problem getting software updates to install using SCCM 2012 R2. This is a new site setup - new site code, new everything, etc.. We previously had SCCM 2007 R2. There are three site MP & DP systems, the primary site server houses the database and reporting service point and there's a single SUP currently.
The installation of the updates never starts during the maintenance windows for the server or the workstations which have no maintenance window. From the logs, servers are seeing the maintenance window, but again the updates installation never starts.
I recently had to move a dedicated single SUP due to performance issues when a SUP was installed on each MP/DP system, however this doesn't seem to be related - I think. The new SUP is setup to use HTTPS and I've seen in the client logs they are communicating with the new SUP.
I have noted this interesting behavior: If I click on 'check for updates' on a client system, it returns no new updates needed. In this case presumably it's going to the SUP for the catalog. If I next click on 'check online for updates from Windows Update', I get a list of new required updates as expected. If I click on 'check for updates' again, I now see the new required updates.
It appears that the catalog isn't updating locally on the client to use for the scan. Is this possibly why the systems aren't installing the assigned updates or is this an unrelated issue?
I thought that I could possibly resolve this by pushing out the latest Windows Update Agent to fix this problem, but this seems like the big hammer approach. I've also considered that this could be a Symantec (SEP) issue on the clients, but I'm unsure how to begin troubleshooting that. I need some advice on where to begin troubleshooting the assigned update issue here.
Any help is very much appreciated.
Thanks in advance!