In an SCCM Current Branch 1602 environment with a Server 2008 R2 Software Update Point (have not upgraded to Server 2012 R2 yet), in a different site I had about 120 clients at a specific site that were not successfully scanning for updates.
I usually run the built in report “Last scan states by collection” to make sure the clients are scanning for software updates without issues.
When checking WUAHandler.log on the client I saw the errors
OnSearchComplete – Failed to end search job. Error = 0x80244019.
Scan failed with error = 0x80244019.
If you look up the error 0x80244019 it means “Same as HTTP status 404 – the server cannot find the requested URI (Uniform Resource Identifier).”
One thing to check is that you can actually get to the WSUS server in an Internet browser by going to http://wsusserver.domain.com:8530/SimpleAuthWebService/SimpleAuth.asmx and making sure it is reachable. If it is reachable it should take you to a page saying:
In my issue it was the proxy between the SUP and my client. My client was trying to go through a proxy instead of bypassing it, then it was getting the 404 error from the WSUS. There is also a good post on the Technet forums where people have had a bypass list which was lowercase, but in SCCM their SUP was in uppercase which caused the exact error. The post can be found here
In my site we are using a WinINET proxy script which sets the proxy for the Internet , and we also set the WinHTTP proxy. Our WinINET proxy had a bypass list for the WSUS server but our WinHTTP proxy did not for this specific site.
From Microsoft: https://support.microsoft.com/en-au/kb/900935
The Automatic Updates service does not have access to the user-specific proxy server settings that may be configured in Internet Explorer. WinHTTP has been employed, instead of WinInet in Internet Explorer, as the Automatic Updates service affects system wide level configuration and should require administrator level control
To view the current WinHTTP proxy and bypass list, load up cmd prompt and run:
netsh winhttp show proxy
To add the bypass list to your WinHTTP proxy, you can either set it manually through command prompt, or through group policy.
netsh winhttp set proxy proxy-server=”proxyserver.com:port” bypass-list=”*.domain.com;<local>”
The example above added a bypass list for a server <servername>.domain.com
Note: After setting the proxy through cmd using netsh winhttp or group policy, you must restart your computer before you do the next Software Update scan
After restarting the computer for the proxy settings to take affect and doing another Software Update evaluation scan on the client, the WUAHandler “Successfully completed scan.” on the clients.