SUP Scan failing - Unable to find or read WUA Managed server policy.


  • I've got 150 server 2003 clients and all but 6 of them are working great. On 6 I am having an issue with the Software Updates Deployment Evaluation Cycle - pasted below is some of the WUAHandler.log. What I know

    • I have reinstalled the client - this does nothign.
    • There is a GPO in place with that is setting the intranet update service pointing towards the CM SUP. - This is applied to all servers (only 6 are not working).
    • I noticed that on the problem machines that in the local policy "Specify intranet Microsoft update service location is not being set" neither by the CM client nor the GPO that is in place.
    • For kicks I've manually set this and it still is still failing.

    I know that the WSUS GPO should not be necessary and I should just remove it however am up against some political barriers. Regardless most of the boxes are working fine with it in place. What could it be that is preventing these few machines from sucesfully scanning agains the WSUS repositroy?

    Thanks for any help.



    Its a WSUS Update Source type ({E8D04AA7-83D3-47F5-A69E-B19494F36646}), adding it.
    Unable to find or read WUA Managed server policy.
    Unable to read existing WUA Group Policy object. Error = 0x80040154.
    Enabling WUA Managed server policy to use server: http://PROPERSERVER.DOMAIN.COM:8530
    Failed to Add Update Source for WUAgent of type (2) and id ({E8D04AA7-83D3-47F5-A69E-B19494F36646}). Error = 0x80040154.

    Thursday, March 26, 2009 6:28 PM

All replies

  • Hi,

    What are the error codes returned in the Last scan state by collection report? I have just seen a lot of scanning errors that was fixed by applying this WSUS SP1 patch -

    Kent Agerlund
    Sunday, March 29, 2009 12:41 PM
  • 0x80040154 = "Class not registered"
    Is there anything useful in %windir%\WindowsUpdate.log (if ConfigMgr was able to kick-off a WUA scan at all)?
    Monday, March 30, 2009 1:56 PM
  • Thanks for the replies both of you. The error codes reported in the the Last Scan Stat by Collection are -2147221164.

    Triggering a new Software Updates Scan Cycle causes no activity in the WindowsUpdate.log so it appears that the scan does not start. Thanks for the tip, I was unaware of this file.

    I've found the following discussion with a potential fix - however I am very hesitant to try something like this on a production server and unfortunately am only experiencing this issue on a few production servers and have not been able to reproduce.

    any additional thoughts?

    Thanks again.


    Monday, March 30, 2009 4:02 PM
  • I've run across that issue a few times. Typically, reinstalling Windows Update Agent (pulling it from the client install directory from the SCCM server and running it with a \wuforce switch) and rebooting fixes it.

    If that still doesn't work, I've used the following in a batch file after reinstalling WUA and that usually fixes the more hardnosed systems -

    cd %windir%\system32
    regsvr32 wuapi.dll /s
    regsvr32 wuaueng.dll /s
    regsvr32 wuaueng1.dll /s
    regsvr32 wucltui.dll /s
    regsvr32 wups.dll /s
    regsvr32 wups2.dll /s
    regsvr32 wuweb.dll /s
    net stop wuauserv
    net stop bits
    rmdir /S /Q %windir%\softwaredistribution
    net start wuauserv
    net start bits
    exit /B 0
    Tuesday, March 31, 2009 6:28 AM