Recently I have been setting up Software Updates in SCCM 2007 to take over from an existing WSUS Server.

The setup went fine however I quickly noticed computers were not returning any status to the SCCM server and when I checked the report “Scan 3 – Clients of a collection reporting a specific state” I  found that ever computer had a “State Name” of “Scan Failed” and an “Error Status ID” of “11423”


Next I went to theWUAHandler.log log on one of the clients which can be found under C:\WINDOWS\system32\CCM\Logs on a 32-bit system and under C:\WINDOWS\sysWOW64\CCM\Logs on a 64-bit machine

I noticed that SCCM seemed to be tring to overwrite the existing WSUS GPO but wouldn’t as the WSUS address in the existing GPO did not exactly match what was setup in SCCM.

Its a WSUS Update Source type ({699EA848-CA0E-44CC-A4AD-1147D9714A7C}), adding it.

Enabling WUA Managed server policy to use server:

Waiting for 2 mins for Group Policy to notify of WUA policy change…

Group policy settings were overwritten by a higher authority (Domain Controller) to: Server http://wsusserver and Policy ENABLED

Failed to Add Update Source for WUAgent of type (2) and id ({699EA848-CA0E-44CC-A4AD-1147D9714A7C}). Error = 0x80040692.


My WSUS GPO “Specify Intranet Microsoft update service location” was set to http://wsusserver changing the GPO to exactly how is was listed in the log resolved the issue.