Since deploying a number of ISA Server 2006 as part of a network segmentation process, I am experiecing 'Failed' installation of updates from my central WSUS server on most of the workstations with the Result code 0x80200011.
When doing wuauclt.exe /detectnow, the workstation will successfully sycnhronise with WSUS server but the updates are not installed. When I get through the ISA logs I have noted that the update is failing with 0xd82 - Failed.
I can confirm that all other traffic is being routed correctly and I have also opened all internal traffic between the ISA servers for the time being but still the problem is not sorted out. It seems that there is a BITS problem, when posting the HEAD request it will not receive the reply back from the ISA Server.
Yes, workstations are on a separate ISA FW than the one WSUS server is behind.
Basically for the workstations to access the WSUS Server, they need to get access from 2 ISA FW's but the traffic between these 2 FW's is fully allowed (temporarily) and No strict RPC compliance, no FTP read-only and no Webproxy is enabled between them.
Other traffic and routing is working perfectly between these 2 zones and has been working well for the last 2 months.
Another strange thing is that on some workstations, updates are being deployed ok and on others the updates fail and when checking through the ISA logs I have noted traffic being logged with error 0xd82 - Failed.