Event banner
Event details
Lately, our biggest problem with Windows Updates might be caused by driver updates. I say "might be" as, that is the problem… it is hard to tell.
The details are vague, even from our PC techs. And it is hard to remotely (or at least without local administrative rights) diagnose vague and intermittent hardware problems. And, yes, we have a growing collection of vague and intermittent hardware problems.
I know drivers are managed by manufactures and that we can set deferrals or pause them via Intune.
My questions related to Windows Update troubleshooting are the following:
- Is it possible to correlate a driver ID found in the WindowsUpdate.log to a specific entry in the Microsoft Update Catalog? We have found them not to be searchable and replacing the GUID on a driver entry with one does not return anything. Searching by Hardware ID finds pages and pages of potential hits. Here is an example that returns 40 pages of hits. Many pages of the same version number, presumably because Intel published it repeatedly for each PC manufacturer.
https://www.catalog.update.microsoft.com/Search.aspx?q=PCI%5CVEN_8086%26DEV_1A1C - Are all drivers that will upadte via Windows Update visible in the Microsoft Update Catalog? Just before Driver Update Policies gave us more visibility, we had a driver install that could not be found by any means in the Catalog.
- Is there anything else we should be doing besides attempting to contact the hardware manufacturer (where the first levels of support folks are often unaware their drivers are being installed and updated via Windows Update) and submitting an incident through Windows Feedback Hub?
Hello Nathan. Thank you for the feedback!
- Our platform is designed to automatically identify all applicable updates that are newer than what is currently installed on your devices, which typically eliminates the need for manual correlation with the Update Catalog. Can you share more about what information you are hoping to get from the Windows Update catalog about the driver that is installed?
- While there is significant overlap, the Update Catalog and Windows Update are not identical repositories. Publishers have the discretion to choose where they list their updates, which means some updates may appear in one and not the other. This choice can be influenced by factors such as the intended audience or specific update strategies. Thus, it's possible for an update to be distributed through Windows Update without being listed in the Catalog.
- In dealing with driver updates via Windows Update, you can employ standard troubleshooting methods to address installation and deployment issues. These techniques include reviewing update logs, rolling back recent updates, or using the built-in troubleshooter. If you're encountering specific problems, contacting the hardware manufacturer is a recommended step, although the initial support levels may not have detailed distribution information. Additionally, submitting detailed incident through the Windows Feedback Hub is the best way to engage our engineering teams for support.
Here is a recent example. Why would Windows Update have choosen a driver from 2016 over the 2022 version, the latest found by searching for the Hardware ID "VID_0BDA&PID_8153" it says it used? Please note, I had to make some assumptions to link to those drivers, as I have found no primary key or link between systems.
2023/11/29 09:11:24.1753684 30632 26636 Handler Device id = usb\vid_0bda&pid_8153
2023/11/29 09:11:24.1753707 30632 26636 Handler DriverPingback=1|1|USB\VID_0BDA&PID_8153&REV_3310|2016-03-09|11.4.211.2022|0xff0001|0x180600a|0|Realtek|Realtek|Realtek(R) USB Ethernet Controller|USB\VID_0BDA&PID_8153
2023/11/29 09:11:24.2714190 30632 26636 Handler QueryDriver result for {3C7BA486-8D4B-5094-9022-D3238BFBF90F}usb\vid_0bda&pid_8153: Problem code 0, Problem status 0
2023/11/29 09:11:24.2714270 30632 26636 Handler Driver Install of {59B0D79A-91FC-4477-88A5-C7F375B114D3} on usb\vid_0bda&pid_8153 succeededAt this moment, my ethernet randomly stops functioning with no obvious signs of trouble. Everything says connected and healthy. No logs entries saying otherwise or what changed. It can ping local host, however it cannot ping the gateway. Luckily this is on Windows 11, where the network troubleshooter does not require local admin. Restarting the interface gets it running again, for some random number of minutes.
>Why would Windows Update have choosen a driver from https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=c5ed893b-7196-4a04-8318-dfcd9ab324bb over the https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=24904656-f227-4de9-90f7-c369a45e59ee version, the latest found by searching for the Hardware ID "https://www.catalog.update.microsoft.com/Search.aspx?q=VID_0BDA%26PID_8153" it says it used?
treestryder, almost certainly because of CHIDs (https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/using-chids). In short, the OEM/IHV label the drivers they submit with a CHID that identifies the device model that driver is approved for. Once a device has a driver with a matching CHID it will not update to a newer driver that does not have a matching CHID. So in your example I'm willing to bet solid money that the 2016 version was published with a matching CHID for that device and the 2022 version was not. The rub is that, today, it's non-trivial for an end user to get the CHID of a given device and impossible to get the CHID of the driver.
Which is why I agree that it'd be useful to be able to have a driver/update identifier that can more easily be related to an update in the catalog (if the OEM/IHV published it there).BryanDam ,
Do OEM/IHVs receive feedback about their driver installs and problems? For example, does Realtek know this PC is forced to use an old driver? Does the Windows 11 Troubleshooter (which does not require admin rights) inform Realtek each time the adapter is reset to make it work?
Note: We expect all administration to be done through Intune. To elevate on a PC, our technicians have to change the name of the PC to signify it will no longer only be managed by Intune.
3a. reviewing update logs: As mentioned in another post, I can find no public documentation on the cryptic driver update logs (to be fair, the entries in the System event log give a nice overview) and BingGPT has not figured out how to read them either.
3b. rolling back recent updates: Unless the manufacturer has made the last version optional AND that optional update has been approved in Intune, there is no way to roll back a driver without local administrator rights. Even then, the next scan would see it needs to update again. The only real solution is that the manufacturer needs to be ready to fail forward fast, hopefully for the better.
3c. built-in troubleshooter: Unfortunately, most of the built-in troubleshooters require a local administrator to run them. Besides, much of our support is done remotely. What would be best is if Intune could run troubleshooters and report the results.
Re 1. I get that. The problem is, my co-workers do not fully trust this, yet. They are quick to turn to their old ways. When we (read mostly me) are trying to ensure all changes are made through Intune and Windows Update, they will download a giant driver installation executable labeled with a certain version number from Dell and "solve" a problem with it. Then convince a VP to demand I repackage and deploy the EXE as a Win32 app and block all newer versions of the driver, because there was an outage for which there is no other solution. (For this particular issue, the NIC on the laptop could have been used, while we waited for the Windows October Quality update to install and solve the random network dropping problem, that is once the PCs were left on long enough... And I never did learn of more than ~6 PCs having this problem.)
The new reports I saw today should shed some light on this. However, I still think some documentation for troubleshooting driver updates through Windows Update could help. I have read nearly all of the driver authoring documents to understand the OEM side. (I first read them all when we had boot-start drivers from Dell that were not surviving a wipe.) But I can find nothing public about how to read the Windows Update log. Or how to determine which drivers should be included in an update scan (we have some we expect to update which are not). Things like that.
If it helps anyone, here are some things I've figured out when reading a driver update scan:
Status
ProblemNumber
Meaning
00000000
00000000
Appears to mean an update was found and is followed by the Hardware ID that was matched following "DriverUtil:"
0x180200a
00000000
Appears to mean currently has the most recent driver.
0x1802400
0x00000a
Appears to mean a driver wasn't found in the update catalog.
Example:
2023/11/27 12:16:28.0275039 22604 23620 Driver Matched driver to device USB\VID_0BDA&PID_8153&REV_3310
2023/11/27 12:16:28.0275076 22604 23620 Driver Status: 0x1802400, ProblemNumber: 0x00000a
2023/11/27 12:16:28.0277771 22604 23620 Driver DrvUtil: idx=0 {usb\vid_0bda&pid_8153}
- ryan_playdoe, I think a key use case here would be to further troubleshoot on other devices. Let's say I've deployed driver X to a testing ring and it goes poorly. Ok, now I'd like to dig in and try manually installing that driver.
