![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 56.00000000000001%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
4,608 questions
If you are using GPO to set the update server location, then it gets applied when you are on intranet over VPN. However, when Configmgr doesn't detect the intranet location during the lookup, it switches to internet. At this stage, wuahandler doesn't wait for a response from the Domain to validate the update server policy and simply skips the check and applies the CMG url for SUP location. Once the network state changes back to intranet, the check against the SUP location is not skipped anymore and the policy from GPO will take precedence. On a side note, don't apply the GPO for setting SUP location. Let ConfigMgr client settings do it for you.
