Known Issue – Windows Updates occasionally incorrectly show as not succeeded in Intune

by | Jul 27, 2020 | Uncategorized | 0 comments

This article is contributed. See the original author and article here.

We were recently alerted to an issue whereby a device in the Microsoft Endpoint Manager admin console was showing “failed” for their Windows Update status.

 

Upon investigation, we discovered that the device was not missing any updates – everything had successfully applied. However, we did find two error codes on the device, which then were calculated by Intune as “failed”.  After the policy was re-evaluated, then the device returned to healthy.

 

Here’s the steps we took to replicate this experience: 

  1. Create a basic Windows Update ring policy and apply to Windows 10 devices. 
  2. Trigger a check for updates and refresh the device. 
  3. Download Psexec.exe
  4. Run psexec /sid PowerShell.exe from an elevated command prompt or elevated PowerShell window.  A new PowerShell instance will open, running in system context.
  5. Run the following command in the system-context PowerShell window you created in step 4:

gwmi MDM_Update_FailedUpdates01_01 -Namespace ROOTCIMV2mdmdmmap

 

If nothing is returned, the device does not currently have a failed update.  

WU_1.png

 

If Windows Update returns one of the two error codes as you can see on the device, then you’ll see “failed” in the console: 

 

HResult    : -2145082874   

InstanceID : ec67ed82-8cf6-4fa9-86bf-efdb4e7b5d00

ParentID   : ./Vendor/MSFT/Update/FailedUpdates

State      : 

 

HResult    : -2145082858   

InstanceID : 33e3f18f-c868-4d00-8266-01c100acf444

ParentID   : ./Vendor/MSFT/Update/FailedUpdates

State      : 

 

These two error codes are specific to Windows Update being too busy. It’s rare, but there are times that the service will return these codes. If you run into this, both the Intune policy refresh and then likely the Windows Update policy refresh will need to trigger to ensure policy is evaluated and updated. For more info on Intune policy refresh timelines, see:
https://docs.microsoft.com/mem/intune/configuration/device-profile-troubleshoot#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned

 

 

Follow Intune Support as a Feature on Twitter as @intunesuppteam for helpful articles, release info, and more!

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Submit a Comment