SCEP updates pushed out to clients through SCCM 2012

Last week I had an issue on my ConfigMgr server with local WSUS installation. After fixing WSUS in a earlier blogpost, Definition Updates didn't install on my systems. This because of a Group Policy (GPO) which was set by a colleague ;) The following was seen in the WUAHandler log: Group policy settings were overwritten by a higher authority (Domain Controller). The GPO just had the server name and port (SCCM01:8530) and SCCM had the FQDN and port (SCCM01.Contoso.local:8530).

Sample from WindowsUpdate.log

 

Sample from WUAHandler.log

 
Lucky me I found the issue reading the following post:

EP updates pushed out to clients through SCCM 2012
http://social.technet.microsoft.com/Forums/forefront/en-US/a9bb6c1c-1473-4fe7-bf1d-a689792c8100/ep-updates-pushed-out-to-clients-through-sccm-2012?forum=FCSNext
It mentions: It looks like there was a conflict on how the WSUS server was defined in Group Policy versus what SCCM had (GP just had the server name and port and SCCM had the FQDN and port). Once I removed the GP setting all together and updated the policy etc then it seemed like things started to happen. In the UpdateDeployment.log I was seeing these errors:
Job error (0x87d00692) received for assignment ({76d342f7-e312-4c6d-9c60-29be10cc5212}) action
The setup recommends the short name for your GPO but I wasn't seeing deployments reach any of the endpoints. Changing to the FQDN of the server in the GPO fixed the issue and I'm now seeing percentage completed stats and deployments working.

What you have to do is use a GPO with only "Specify intranet Microsoft update service location" (FQDN) & "Allow Automatic Updates immediate installation". When using FQDN for update management above error messages are gone. This time it will work fine again!