Event banner
Event details
Any plans to stabilize UUP updates requiring multiple reboots to finish patching? This has been pretty hit or miss and unpredictable since UUP rolled out (July patches needed 3 reboots in most systems!) and causes a few issues like:
- Policy to disable BitLocker PIN for patch reboots in ConfigMgr only disables for one reboot, so systems that patch and reboot unattended for remote workers get stuck on PIN prompt
- Native OS orchestrations fail, e.g. selecting "Update and Shutdown" results in the system never completing the shutdown and just being left at the login prompt
The first item above seems like an easy fix from the ConfigMgr side - just change the BitLocker PIN disable to allow arbitrary reboots, after all the Client will re-engage protectors when it's back in control anyway. The second item seems like a deeper bug that will need to be addressed in the Windows Update agent or Windows itself though?
- SteveThomas
Microsoft
I assume you mean multiple reboots pre-logon while the payloads update. I am not aware of a UUP-specific update requiring multiple reboots post-logon unless you were experiencing additional payload updates (i.e. .NET, hardware/firmware packages, etc.) As far as the orchestration of reboots with Bitlocker PINs, the advent of more secure modern hardware (with Secure boot, TPM 2.0, etc.) has surpassed PIN leveraging as our recommended practice as you mentioned.
