PCI Computers Not Receiving WSUS Updates After Domain Addition

PCI Computers Not Receiving WSUS Updates After Domain Addition

Details:

PCI computers are not receiving WSUS updates after being added to the domain.

The following steps have been taken so far:

• Verified GPO settings.
• Submitted firewall exceptions to open ports 8530 and 8531.

The Windows Update log displays errors, specifically:

2025/04/03 08:24:10.5755312 7912  7888  Agent           *FAILED* [8024500C] wuauengcore.dll, C:\__w\1\s\src\Client\lib\EndpointProviders\EndpointProviders.cpp @1831 
2025/04/03 08:24:10.5755328 7912  7888  Agent           *FAILED* [8024500C] wuauengcore.dll, C:\__w\1\s\src\Client\lib\EndpointProviders\EndpointProviders.cpp @1376 
2025/04/03 08:24:10.5755340 7912  7888  Agent           *FAILED* [8024500C] wuauengcore.dll, C:\__w\1\s\src\Client\lib\EndpointProviders\EndpointProviders.cpp @1387 
2025/04/03 08:24:10.5755352 7912  7888  Agent           *FAILED* [8024500C] Method failed [CAgentServiceManager::DetectAndToggleServiceState:3018] 
2025/04/03 08:24:10.5755361 7912  7888  Agent           *FAILED* [8024500C] SLS sync failed during service registration (cV: aWsdrmNHxE+Owokr.1.0.0.)

Additional troubleshooting steps include:

• No proxy interference.
• ICMP disabled for PCI compliance.
• DNS resolution for the WSUS server is functional.
• Cleared the cert URL cache.
• Performed offline updates of the Trusted Root Certs store.
• Stopped and restarted wuauserv, bits, cryptsvc, and renamed catroot and scecomp.

Other computers on protected VLANs are successfully receiving updates, leading to the suspicion that this may be GPO related. Any suggestions or recommendations would be greatly appreciated!