cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Known Issue – Windows Updates occasionally incorrectly show as not succeeded in Intune
By
Intune_Support_Team
Published Jul 27 2020 06:02 PM 15.8K Views
Intune_Support_Team
Microsoft
‎Jul 27 2020 06:02 PM

Known Issue – Windows Updates occasionally incorrectly show as not succeeded in Intune

‎Jul 27 2020 06:02 PM

Updated 6/3/21: To minimize confusion about the update state, (noted in MC254874) we will be removing the End user update status report found in Devices > Windows > Windows 10 Feature updates > Select a Profile. You will be able to find the same information in the Windows Feature Update report under Reports > Windows Updates (preview) > Reports tab > Generate Windows Feature Update report, “Update State” and “Update SubStates” columns.

 

We will also be removing the Update Status column in the June (2106) Intune service release. (Devices > Windows > Windows 10 update rings > Select a Profile).

 

We were recently alerted to an issue whereby a device in the Microsoft Endpoint Manager admin console was showing “failed” for their Windows Update status.

 

Upon investigation, we discovered that the device was not missing any updates – everything had successfully applied. However, we did find two error codes on the device, which then were calculated by Intune as “failed”.  After the policy was re-evaluated, then the device returned to healthy.

 

Here’s the steps we took to replicate this experience: 

  1. Create a basic Windows Update ring policy and apply to Windows 10 devices. 
  2. Trigger a check for updates and refresh the device. 
  3. Download Psexec.exe
  4. Run psexec /sid PowerShell.exe from an elevated command prompt or elevated PowerShell window.  A new PowerShell instance will open, running in system context.
  5. Run the following command in the system-context PowerShell window you created in step 4:

gwmi MDM_Update_FailedUpdates01_01 -Namespace ROOT\CIMV2\mdm\dmmap

 

If nothing is returned, the device does not currently have a failed update.  

WU_1.png

 

If Windows Update returns one of the two error codes as you can see on the device, then you’ll see “failed” in the console: 

 

HResult    : -2145082874   

InstanceID : ec67ed82-8cf6-4fa9-86bf-efdb4e7b5d00

ParentID   : ./Vendor/MSFT/Update/FailedUpdates

State      : 

 

HResult    : -2145082858   

InstanceID : 33e3f18f-c868-4d00-8266-01c100acf444

ParentID   : ./Vendor/MSFT/Update/FailedUpdates

State      : 

 

These two error codes are specific to Windows Update being too busy. It’s rare, but there are times that the service will return these codes. If you run into this, both the Intune policy refresh and then likely the Windows Update policy refresh will need to trigger to ensure policy is evaluated and updated. For more info on Intune policy refresh timelines, see: How long does it take for devices to get a policy, profile, or app after they are assigned? to learn more.

 

Follow Intune Support as a Feature on Twitter as @IntuneSuppTeam for helpful articles, release info, and more!

 

Blog updates:

6/3/21: To minimize confusion about the update state, we will be removing the Update Status column in the June (2106) Intune service release.

6/30/21: Additional note that in the in the May (2105) service release, we have also removed the Alert details column in the Windows 10 Feature Updates report. For accurate information on Alert details, you should use the operational report under Devices > Monitor > Feature update failures (Preview) > Select a Profile and then select an Alert Message. This will provide a pop-up with the description and recommendation to resolve.

12 Comments
James Russell
Copper Contributor
‎Jul 31 2020 09:01 AM
‎Jul 31 2020 09:01 AM

I have seen computers report failed and then up-to-date for some time be great to see a fix for this.

AadilTeeluckdharry
Copper Contributor
‎Aug 20 2020 11:45 PM
‎Aug 20 2020 11:45 PM

Do you have an ETA for the issue to be resolved? 

0 Likes
Like
Intune_Support_Team
Microsoft
‎Sep 10 2020 04:38 PM
‎Sep 10 2020 04:38 PM

Hi @AadilTeeluckdharry, thanks for the question! Though we don't have an ETA to share at this time, we'll post an update to this blog as soon as we have more info to share.

Rich_T1955
Copper Contributor
‎Nov 11 2020 05:01 AM
‎Nov 11 2020 05:01 AM

Hi, Is there any further update? This looks to be working for us now, but it would be nice to confirm the bug has been fixed.

0 Likes
Like
RTaylor105
Copper Contributor
‎Dec 01 2020 07:05 AM
‎Dec 01 2020 07:05 AM

Any update on this? I have lots of devices which show failed but have no errors and have applied all of the updates. The gwmi command returns no errors either.

0 Likes
Like
Chetan_Jadhav
Copper Contributor
‎Jan 22 2021 09:55 AM
‎Jan 22 2021 09:55 AM

Hello Team,

Could you please confirm whether this issue has been resolved or not.

0 Likes
Like
KernelCaleb
Copper Contributor
‎Feb 11 2021 05:35 PM
‎Feb 11 2021 05:35 PM

Hi Intune Support Team,

 

We currently have many devices showing as failed under the 'end user update status' (my device included), however most of these devices are running the most recent update available to them.

 

Is there an ETA on a fix? Or is there a work around that can be deployed in bulk remotely?

 

Thank you

Chetan_Jadhav
Copper Contributor
‎Feb 25 2021 02:26 AM
‎Feb 25 2021 02:26 AM

@KernelCaleb ,

 

Same issue in my tenant, Please check in your Windows Update ring driver update are enabled or disable. What we observed is monthly windows patches getting installed perfectly but due to system drivers in Intune portal windows update status is shows as Failed.

 

After disabling driver updates it's showing correct status.

 

Thanks and Regards,

Chetan Jadhav

 

0 Likes
Like
PeterB79
Copper Contributor
‎Mar 10 2021 07:29 AM
‎Mar 10 2021 07:29 AM

Having the exact same issue..out of approx. 300 devices 270 are shown as failed although they have the latest patches applied...Is there anything we can do about that?

 

GLDDBK
Copper Contributor
‎Mar 25 2021 09:18 AM
‎Mar 25 2021 09:18 AM

We are seeing the same issue. While the devices eventually show as Up to Date, it takes weeks for that to occur. This makes identifying actual issues during a rollout frustrating and time consuming.

Infinity_Bowler
Copper Contributor
‎Mar 31 2021 12:02 AM
‎Mar 31 2021 12:02 AM

Same thing for us. Ensuring your devices up to date is one of the key things you can do to reduce cyber risk. Having this issue makes our job to secure our organisations much harder than it needs to be. 

PhilWallbank
Copper Contributor
‎Apr 20 2021 01:23 AM
‎Apr 20 2021 01:23 AM

We are having the same issue - is there an ETA for a fix (or a workaround such as a PowerShell script to run on the clients to clear/re-sync to fix the issue?)

I find it very frustrating that your support teams response is its a known issue but we can't do anything to fix it!

 

 

0 Likes
Like
Version history
Last update:
‎Nov 30 2023 04:00 PM
Updated by: