A local Group Policy setting will always be overwritten by an Active Directory Group Policy setting, and this can result in the Configuration Manager client failing to obtain software updates using Configuration Manager.
In order to check the WSUS server that the clients are contacting and also check for any GPOs affecting those clients, you will need to check the following aspects.
RsoP.msc on the client
Check the Computer Configuration > Administrative Templates > Windows Components > Windows Update
– Does it show the correct WSUS server?
Registry settings
Compare the following registry keys on the “problematic” machine with the same registry keys from a “working” machine:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
To check the two registry items’ properties, you can run in PowerShell:
Get-ItemProperty 'Registry::HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate' Get-ItemProperty 'Registry::HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU'
Active Directory Group Policy and SCCM settings
Check if WSUS is defined in the Group Policy (i.e: server name and port) versus how it is set in Configuration Manager(i.e. FQDN)
WUAHandler.log on the client
Check the WUAHandler.log for the WSUS URL used.
Enabling WUA Managed server policy to use server: http://wsussvr.contoso.com:8530
When an Active Directory Group Policy setting overrides the local Group Policy setting, you will see the following:
Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://newwsussvr.sccmpeek.com:8530 and Policy ENABLED WUAHandler
References
- Troubleshooting Group Policy Configuration for Software Updates – http://technet.microsoft.com/en-us/library/bb735866.aspx
SCCM Monde 