Download failed for content under context System, error 0x80070005

Last week I had a nasty issue, where a lot of clients didn't receive new packages and Windows/Endpoint Protection updates. Sometimes you where seeing new folders created in ccmcache, but they were deleted empty a few seconds later. When looking in Monitoring on the package the following status was seen: Failed to download update(s), error 0x80070005 (Access is denied) and Failed to install update(s), 0x80070005 (Access is denied). What's going on here?

Client Updates

 

Definition Updates

 

Looking in multiple logfiles I saw the following errors:

CAS.log
Download failed for content XYZ under context System, error 0x80070005
Download failed for download request {DCE900A1-B51F-46A6-B278-167C2F94C307}
User policy requested with no user credentials.
DataTransferService.log
Sending location services HTTP failure message.
Successfully sent location services HTTP failure message.
Error sending DAV request. HTTP code 401, status 'Unauthorized'
GetDirectoryList_HTTP('http://<FQDN>/SMS_DP_SMSPKG$/90812187-ade0-4dd8-b29f-66f5db5af2c1') failed with code 0x80070005.
UpdatesHandler.log
CAS failed to download update (6983a782-828c-40b8-bf9c-c8e381e25f5e). Error = 0x80070005. Releasing content request.
ContentAvailable notification received from CAS.

I did a lot troubleshooting the issue (ConfigMgr client repair, ConfigMgr cache clear, Update distribution point), but in the end it was IIS Security. On 3 of 6 remote Site servers, IIS security (Windows authentication) was missing. After installing the role feature, the issue was solved right away! Still strange how this could happen, because in the past everything worked fine. When having the 0x80070005 error in the future, verify that Windows authentication is installed.

Hope it helps!

Source: SCCM 2012 - client waiting for content