If you are using custom updates for things Java or Adobe updates via WSUS and SCUP, then you need to ensure that you enable signed intranet updates for all your client machines.
The best way to do this is to use Group Policy. You should create a new Group Policy Object (GPO) and apply that to the OU's in your Active Directory for machines that will need this setting.
The settings you need to create this GPO are below:
Create a new GPO and give it an appropriate (or inappropriate if you wish) name.
Then right click on the GPO and click Edit.
You then need to browse to the following location within the GPO:
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update
You should then see on the right side of the screen similar to below:
You then need to double click "Allow signed updates from an intranet Microsoft update service location" and click the Enable radio button like below:
You can then OK this box and you then can apply this GPO to the correct OU for your business.
Labels: Group Policy, Guide, SCCM, WSUS