We have 12 systems failing updates with the 87D00962 error.

From WUAHandler.log

5/13/2015 12:38:11 PM Its a WSUS Update Source type ({51B4E073-05A0-45D6-8550-2E4C0356F811}), adding it. WUAHandler 4488 (0x1188)
5/13/2015 12:38:11 PM Unable to read existing resultant WUA policy. Error = 0x80070002. WUAHandler 4488 (0x1188)
5/13/2015 12:38:11 PM Enabling WUA Managed server policy to use server: http://hostname.domainname.lan:8530 WUAHandler 4488 (0x1188)
5/13/2015 12:38:11 PM Waiting for 2 mins for Group Policy to notify of WUA policy change... WUAHandler 4488 (0x1188)
5/13/2015 12:38:18 PM Unable to read existing WUA resultant policy. Error = 0x80070002. WUAHandler 4488 (0x1188)
5/13/2015 12:38:18 PM Group policy settings were overwritten by a higher authority (Domain Controller) to: Server  and Policy NOT CONFIGURED WUAHandler 4488 (0x1188)
5/13/2015 12:38:18 PM Failed to Add Update Source for WUAgent of type (2) and id ({51B4E073-05A0-45D6-8550-2E4C0356F811}). Error = 0x87d00692. WUAHandler 4488 (0x1188)

From UpdatesDeployment.log

5/13/2015 6:32:36 AM Job error (0x87d00692) received for assignment ({D3EE9888-2EAE-4BB8-A2C2-CD913CAA10BB}) action UpdatesDeploymentAgent 6532 (0x1984)
5/13/2015 6:32:36 AM Updates will not be made available UpdatesDeploymentAgent 6532 (0x1984)
5/13/2015 5:32:19 PM Assignment {D3EE9888-2EAE-4BB8-A2C2-CD913CAA10BB} has total CI = 657 UpdatesDeploymentAgent 504 (0x01F8)
5/13/2015 5:32:19 PM OnPolicyModify for assignment ({D3EE9888-2EAE-4BB8-A2C2-CD913CAA10BB})...  UpdatesDeploymentAgent 504 (0x01F8)
5/13/2015 5:32:19 PM GetUpdateInfo - failed to get targeted update, error = 0x87d00215. UpdatesDeploymentAgent 504 (0x01F8)
5/13/2015 5:32:19 PM Failed to notify policy modification to the assignment, error = 0x0 UpdatesDeploymentAgent 504 (0x01F8)

I can't see anything in group policy preventing this, and the same policies are applied and not filtered to many more PCs not receiving these problems.  I also don't know much about group policy, so I am probably just missing it.  The only setting I see is Configure Automatic Updates -> Disabled, but I don't think that precludes the following setting.

On systems without this problem, there is a line in RSOP.msc -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Specify intranet Microsoft update service location that includes the FQDN for the SCCM server, and it is missing on the problem PCs.

The only thing I can think of is maybe the client install failed during OSD on the 12 PCs and once GPO was applied it did block the setting from applying right on them, but the ones that succeeded with client install during OSD have it set locally which wins?

• Edited by Jeff Piontek 16 hours 51 minutes ago redaction

Hello,

http://04svwsccm01p.ecmc.lan:8530

Is this server your SUP?

Check registry key

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\WUServer

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer

Configure Automatic Updates using Registry Editor

Run software update scan cycle manually.

And please also check windowsupdate.log

Also worth a read.

http://eskonr.com/2014/10/sccm-configmgr-2012-software-update-scan-error-group-policy-settings-were-overwritten-by-a-higher-authority-error-code-0x87d00692/

I tried renaming registry.pol first without success, then I just exported the key at the WindowsUpdate level from a working one and imported it to one of the problem ones, and that seemed to do it. The old server was not listed, just none of the three values Daniel JiSun listed existed.

I still like my theory above.  I need to test on one more just to make sure the fix doesn't require both changes, then I might try to implement the fix with Compliance Settings, as I don't have access to GPOs.

Thanks for the articles guys, I'll be back to mark the answer tomorrow.

p.s. If you get back to this Daniel, could you please remove the servername I accidentally posted from your response?  It was a rough day.