And it wasn't half bad. At this customer site I am at currently doing MDT 2010 deployment creation for a Windows Server 2008 R2 rollout, WSUS was breaking for the desktop deployment folks.
WSUS was enabled on a Windows 2008 R2 server. The website couldn't be accessed, giving a server 500 error. When I looked in the Application and System event logs, two things stood out at me.
The first thing that caught my eye was in the System event log. A 2025, from SRV stating that the MDT reference machine in a VM on the 2008 R2 host was doing a possible Denial of Service attack against the 2008 R2 server and the connection was closed.
Second was that in the logs for WSUS, 13042, could not self update. Strange. I started messing around with it, and long story short of it, the service that the Application Pools in IIS were running under did not have any rights to the IIS folders. Restoring rights to the IIS folders resolved the issue and WSUS happily patched the MDT Reference image.