none
Unable to read existing resultant WUA policy. Error = 0x80070002.

    Question

  • We have ConfigMgr 2007 client being deployed to servers.  We have a group of servers that are not getting updates.  The servers in the group that are Windows 2008 SP2 are getting the following errors.  The servers that are Windows Server 2008 R2 are not getting the errors and they are getting software updates deployed properly.  There is a Domain policy to disable Automatic Windows Update that is hitting all Windows 2008 and 2008 r2 servers.  There is not a domain policy to point to another WSUS server.  We are not getting the error: Group policy settings were overwritten by a higher authority (Domain Controller).  The Windows 2008 R2 servers are receiving the local group policy from the configmgr client which correctly updates the registry keys with the ConfigMgr server running the Software Update role (WSUS) at the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate.  The Windows 2008 SP2 servers do not show the local group policy being applied in rsop.msc, hence the reason for the errors.  I assume either the local group policy cannot be read or cannot be written.  I am getting close but I just cant determine the resolution to the issue.

    WUHandler:

    Failed to save WUAgent policy with updated WSUS Server. Error = 0x80070005.

    Failed to Add Update Source for WUAgent of type (2) and id ({<removed>}). Error = 0x80070005.

    Unable to read existing resultant WUA policy. Error = 0x80070002.

    UpdatesDeployment:

    Job error (0x80070005) received for assignment ({<removed>}) action

    Updates will not be made available

    Thanks


    • Edited by IT-NOOB Tuesday, March 12, 2013 4:46 PM
    Tuesday, March 12, 2013 4:46 PM

Answers

  • 0x80070005 = "Access Denied"

    You've got some other non-standard configuration or security lockdown in your environment preventing the agent from doing its work. This could be one of a million things though so I can't say anything definitively.

    You can use procmon to see if you can narrow things down.


    Jason | http://blog.configmgrftw.com

    • Marked as answer by Yog Li Friday, March 22, 2013 7:24 AM
    Tuesday, March 12, 2013 6:08 PM

All replies

  • 0x80070005 = "Access Denied"

    You've got some other non-standard configuration or security lockdown in your environment preventing the agent from doing its work. This could be one of a million things though so I can't say anything definitively.

    You can use procmon to see if you can narrow things down.


    Jason | http://blog.configmgrftw.com

    • Marked as answer by Yog Li Friday, March 22, 2013 7:24 AM
    Tuesday, March 12, 2013 6:08 PM
  • I am looking into Group Policy corruption (registry.pol) but like you said, it could be one of a million things.  I will update if I am able to discover the issue.

    Thanks


    • Edited by IT-NOOB Tuesday, March 12, 2013 6:50 PM
    Tuesday, March 12, 2013 6:49 PM
  • By renaming the system\registry.pol and triggering an update scan the file is re-created and the Software Update server is properly listed in the registry and the client can scan for and download updates.

    Thanks

    Friday, March 22, 2013 3:48 PM