I thought that this was an interesting one that doesn’t seem to be all that well documented.
As part of the Windows 7 deployment where I work it seemed that any Windows 7 machine post its deployment (SCCM ZTI) just would not run any advertised program, pull down any windows updates for example. HINV and SINV was about the only part of the local client components that seemed to work. The machine policies would come down and instruct the client of what it had to get from the DP, but nothing would happen after that.
Upon closer inspection I could see that the CAS and LS logs were showing that the client was attempting to connect to the SMS site. The problem was that it was the wrong site! It was connecting to our old SMS 2003 site and of course this wont have the content that the SCCM server was telling the client to look for.
I carried out some simple tests, like testing site discovery and even turning off the SMS server. I also tried an XP machine which actually worked fine, so this proved the SCCM setup was fine.
To cut a rather long story short I focused on how the Windows 7 client was searching for the SCCM MP and DP, we are not using an SLP and have set up AD to store the SCCM details. Windows 7 for whatever reason appears to go for the lowest name/site ID that it finds in AD, this happens to be our SMS 2003 site.
A simple but effective fix was to add all Windows 7 computers to a group and deny that group read access to the SMS AD objects. A new post build action was added to make sure the machines are added to this group to ease the admin.
Hope this helps someone else