I'm using SCCM 2012 R2 CU3
The Primary site server and the SCUP (WSUS) server are separate machines....
I'm building 2012 servers, and 2008 servers, using SCCM Task Sequences. I have a single "install updates" step in those task sequences. When the build is finished I run windows updates within the OS. The result is "No More Updates Found", I felt this was suspicions as there were no were near enough updates installed so far. I then pointed the machines at Microsoft's own update servers and, bingo, it finds more updates. I assumed these updates where missing from my Updates Package in SCCM but that turned out to be wrong, they are right there. The package is distributed to the DP, and deployed to the right collection.
As far as I understand it, the WSUS console should never be touched (just like with WDS), but seeing as I didn't build this SCCM environment, I thought I would check it out anyway. It looks like WSUS may have been partly configured directly at some point, rather letting SCCM do it all.
Example: I searched in the WSUS console for appoved updates and found 6 old ones (2003 server and XP) approved for Install. A further search found 421 "Declined" updates. Everything else is marked "Not Approved". Does any of this matter if SCCM is supposed to be managing it? Should I trash WSUS and the SCUP and reinstall it, or is there something else I should be doing?