This could also be related to SMS agents not downloading policy from the associated Management Point.
There are many links out there on the network that discuss these, but I found an interesting one that I hadn't seen before. Basically, we are rolling out SMS agents to client machines, and that part went well. However, once the SMS Agent got to the workstation, it could not pull down any policies.
After a Premier Microsoft call, it was determined that the BITS service on the workstation, which is needed for SMS to pull down policy from a Management Point, was not starting. See that error message up at the top there. It was at that point that we noticed that the Automatic Updates service, which is set to Automatic, was not started. The error for that is above too.
While I did find an article to specifically change the security settings on Automatic Updates, that wasn't the root cause of the problem. We had a Group Policy Object for these services which had specific settings for Administrators, Interactive, and System. What I found out, via this link, was that Network Service needed Read access to these services. I'm still confused on if this specifically because of the Active Directory provided by Windows Server 2003 SP1 or not. However, I changed this GPO to also add Network Service the read access to the two services. After that modified GPO applied to the desktop computers, the services were able to start as expected, and the SMS Agent was able to download policy as expected.
Pretty weird, huh?
If this was helpful, feel free to drop me a comment to let me know. Also, I have written several other WSUS helps in this journal, available here. This is the first SMS article I've written, but there may be more available later here.