The
second error message you are receiving in relation to the DataStore is directly related to the WSUS (formerly known as SUS) server and it's distributions.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log is where Windows is catalogging and reporting any errors in installations pulled from your SUS server. I say SUS because you are still running version 2.0. Just out of curisosity, why not upgrade to WSUS 3.0?
The
first error message you are receiving in relation to
wuauclt is the machine's Windows Update Client. Have you made any recent modifcations to the Server or the GPO for pushing out updates?
What I can think of here, is for some reason, you are having communication issues with the SUS server. It has been a long time, but I cannot at this time recall the exact port numbers in use from the SUS server in relation to the new WSUS server.
I am going to go on a limbe here and say, you have installed NTP (Network Threat Protection) on the workstations and probably also on the SUS Server.
I would start by:
A. Uninstalling NTP from the server or
B. Identifying the port(s) in use on the SUS server and create the appropriate Firewall rules. This definitely seems to me as a timeout in communications issue while trying to write to the database.
For your clients that are logging in and receiving a "Blue Screen" but no desktop icons, etc. This is because "Explorer.exe" is having a hard time loading up. Most likely because the machine is processing tasks in the background, such as pulling down updates or trying to apply updates, which in turn may be being 'blocked' or 'scanned' while in route to the local machine.
If both sides have NTP and SEP installed, than the file is being scanned on the way out (from the server) and on the way in (to the client). Should this be the case, and multiple machines are trying to access the same updates simultaneously, the strain on the server and the client, due to the slowness of the access is causing most of your problems.
If I recall, this has been addressed and fixed by M$ with the Background Intelligent Transfer Service (or BITS) for WSUS 3.X.
In a way, tech support may actually be correct. Contacting M$ however may not yield any significant results...
I hope that helps. I may be completely off.
Apologies to Symantec for being completely out of scope (if applicable) in this thread. Please post back.
Cheers,
Jason1222