I was working at a customers site where there were some infrequent issues with patching. While I was viewing all status message queries there was a frequent occurrence for status message ID 11756. This particular error points to a GPO Conflict. You can also use the report “Last Scan States By Collection” to validate my findings.
The problem was occurring at an entire office location where all scans were failing. You can see below the majority of the failures are due to group policy conflict.
I have verified there were no problems with the GPO setting the WSUS and determined the local system had issues laying down policy. It’s a meh thing, but you will find this in different environments from time to time. This is an easy fix for my customers by rebuilding the registry.pol located at “C:WindowsSystem32GroupPolicyMachineRegistry.pol”
My quick fix is to create a package with the bat file created from the lines of text. You see I delete the file, force gpupdate, software update scan and machine policy.
DEL /q “C:WindowsSystem32GroupPolicyMachineRegistry.pol”
Echo N | gpupdate /force
WMIC /namespace:\rootccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000113}” /NOINTERACTIVE
WMIC /namespace:\rootccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000022}” /NOINTERACTIVE
exit
You can set up auto-remediation by creating a collection based on any system reporting status message 11756 within 24 hours and deploying the package to rebuild local policy.
Query below for collection:
select distinct SYS.Name,SYS.Client from sms_r_system as SYS join SMS_StatusMessage as stat on stat.machinename = SYS.name where stat.ModuleName = “SMS Client” and stat.MessageID = 11756 and DateDiff(dd,stat.Time, GetDate()) <1
After this runs monitor your log files to verify the software update scan has ran successfully and also run the last software update scan report for additional validation.
Please see this link for TechNet to download the bat file
https://gallery.technet.microsoft.com/Windows-update-scan-74f70f62?redir=0
ALSO SEE : Windows 10 Migration Project (General UEFI Queries)
Do you mean error status ID 11423?
That is the error ID in the report however when you view all status messages you will filter for 11756 and it will correspond to group policy conflict.