SBS 2011 Update Status is Unknown

Problem details: Small Business Server 2011 Console shows computers with an update status of 'Unknown' or 'Critical'.

I've found two things that cause this:
1. Required Group Policy Objects are not there;
2. Unknown status switches between workstations that don't have unique ids (cloned stations).

Details 1: Missing Group Policy Objects

To verify that update service policies are missing, manually check the update services for your domain.

Start>
All Programs>
Administrative Tools>
Windows Server Update Services

As you can see, when I checked mine, I was a little concerned that SBS was reporting update status 'ok' but apparently the updates weren't coming through the SBS. When I looked into it further, it appeared that SBS 2011 Console's update status is not based on the actual update status, but rather things like 'ping' and a few queries to Windows Server Update Services (WSUS). Hence the reason why it says 'unknown' for the update status- because it can scan the computer but that computer isn't in WSUS and the console has no idea how to handle that situation.

If you can see that computers are not reporting to WSUS, and that new workstations aren't being added to the list, then you most likely have a GPO issue.

Solution: 1. Missing GPO for SBS 2011

Use the following Microsoft WSUS repair guide, skip to step 5 for the GPO repair process for WSUS.
http://technet.microsoft.com/en-us/library/gg680316.aspx

If all goes well, your SBS 2011 console should start to look more normal (and be more reliable).

What about cloned stations?

I'm still working on the solution for cloned stations, to save time- I had duplicated working stations over broken ones, and the duplicate ids confuse communication between wsus and the sbs console.