Certs and policy do appear good.
Let's go back and take another look at what's happening on the client.
Please do the following:
- Restart the Windows Update service.
- Run a detection using wuauclt /resetauthorization /detectnow.
- After the detection completes, attempt to deploy the JRE6u45 update to the client.
- Extract the entries from the WindowsUpdate.log and attach.
Maybe there's more to the story. :-)