How to Add a second ConfigMgr Software Update Point without ERROR 0x8024401c

Scenario:

The client has pretty standard ConfigMgr setup to manage there primary and dev systems. The clients communicate to Distribution and Management Points however, the PORT 8530 from the Software update Point (SRVSUP01) can not be opened to clients in the dev vlan.

Without getting into the technical architecture of the configured firewall rules a second Software update Point would be required to over come this architectural design. However, the Dev client would not switch over to the new SUP (SRVSUP02).

Upon opening a Browser window from a Dev client it was possible to navigate to the addresses below thus confirming the availability of the new SUP.

http://SRVSUP02.Contoso.local:8530/SimpleAuthWebService/SimpleAuth.asmx
 http://SRVSUP02.Contoso.local:8530/ClientWebService/wusserverversion.xml
 http://SRVSUP02.Contoso.local:8530/Selfupdate/wuident.cab

The WUAHandler.log was reporting a scan failure error code: 0x8024401c. Implying the Scan agent was not able to connect to SRVSUP01 (due to closed PORTS) however the client was not switching over to the SRVSUP02 as intended.

WUAHandler.log Extract
Its a WSUS Update Source type ({3BBB5556-AB2C-4D8E-9F11-741GE69677H2}), adding it.
OS Version is 6.3.9600
Existing WUA Managed server was already set ( http://SRVSUP01.CONTOSO.LOCAL:8530), skipping
Group Policy registration. Added Update Source ({3BBB5556-AB2C-4D8E-9F11-741GE69677H2}) of content type: 2 Scan results will include all superseded updates. 
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver') Async searching of updates using WUAgent started.
Async searching completed. 
OnSearchComplete - Failed to end search job. Error = 0x8024401c. 
Scan failed with error = 0x8024401c.


Resolution:
The Boundary groups were incorrectly configure and did not include the IP address range of the Dev clients.  The client therefore fell back to the Default Bound Group which only included SRVSUP01 as an available SUP; therefore preventing the clients from switching over.  Once the Boundary groups were resolved clients received new policy and switched over.
Its a WSUS Update Source type (3BBB5556-AB2C-4D8E-9F11-741GE69677H2}), adding it.
Enabling WUA Managed server policy to use server: http://SRVSUP02.CONTOSO.LOCAL:8530 
Waiting for 2 mins for Group Policy to notify of WUA policy change... Waiting for 30 secs for policy to take effect on WU Agent.
Added Update Source ({3AAB6A76-CE2D-4E8A-9F11-741AE69677A2}) of content type: 2 Scan results will include all superseded updates.
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver') Async searching of updates using WUAgent started.
Async searching completed.
Successfully completed scan.
Its a WSUS Update Source type ({3BBB5556-AB2C-4D8E-9F11-741GE69677H2}), adding it.
OS Version is 6.3.9600
Existing WUA Managed server was already set (http://SRVSUP02.CONTOSO.LOCAL:8530), skipping Group Policy registration.
Added Update Source ({3BBB5556-AB2C-4D8E-9F11-741GE69677H2}) of content type: 2 Scan results will include all superseded updates.
Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver') Async searching of updates using WUAgent started.
Async searching completed.
Successfully completed scan.

Comments