-2016281111 error Intune windows 10 update rings Using deadline settings

Brass Contributor

[Edited]

Hello everyone,

 

hoping you all are having a good day.

 

I need some inputs on my current Windows 10 update rings policy.

 

I set the deadline settings as shown below to multiple pilot devices. These devices are identical in all hardware but has different windows 10 builds (1909, 1709, 1903, 20H1, 21H2).

Devices with Windows 10 1709 builds has been successful but I got this error "-2016281111 (Not applicable for this device)" on other versions.

 

Policy Applied : User group

User License : M365 Business premium and Windows 10 Enterprise E3

 

almarlibetario_0-1644204606381.pngalmarlibetario_1-1644204712032.pngalmarlibetario_2-1644204812748.png

 

7 Replies
Hi, just to be sure .
1. How long did you waited? sometimes it takes a couple of days
2. are there any WUfBSafeguards configured?
3.Could you see any differences if you are comparing the WindowsUpdate policies inside the register like I am mentioning here
https://call4cloud.nl/2022/01/updates-rings-no-way-home/
4. and maybe also comparing this reg key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Hi @almarlibetario,

I have seen that issue before also on device with Windows 10 1709. When I manually updated these to 1909 the problem was resolved.

I thought the deadline csp setting in 1709 is different then 1909, but I am not 100% sure about the csp change.

Please let me know if the update to 1909 solves your not applicable issue.

Keep in mind your devices with 1709 is not supported by Microsoft anymore.

Kind regards,

René
Hi, I thought he was saying 1709 IS working and other ones not? Could be I misread it .. its still early :)
Yes, the policy applied to 1709 devices were successful. All errors I got are starting from build 1903 onwards. there is no WUfb safeguards configured or any other policies aside from Windows defender. To give you an overview of the enrollment, these devices are hybrid-joined from on-premise AD. We joined them now initially to managed the Defender and Updates then later on deploy policies. I can confirm no GPO policies related to Windows update are being applied to these devices. I haven't seen the registry entry though. Will try to check that one.

These devices are using SCCM before we hybrid-joined them to AD. And yes, they have very old versions of Windows 10 when we came in to the picture to manage their devices. No idea why the previous MSP did that to these devices but as of this writing, we already decommissioned the SCCM server and unenrolled these devices from SCCM. I also removed any group policies that was set before to block the Windows updates. However, the Not applicable error I am getting is only showing from devices with 1903 and above version.

Hi,

Ahh good to know some "backstory" about the issue. Just wondering but what happens when you install a totally new device with 1903? Normally the not applicable just means you have some licensing issues...

What is the latest update those 1903 devices got?

ANd what happens when you manually create a custom csp to define 1 of those settings and target a test device with it?

I have both Windows 10 Enterprise E3 and M365 Business premium assigned to the users (disabling the Windows update for business and Windows 10 business feature from the M365 Business Premium license).
I haven't tried a fresh install device yet for this policy and I got the 10.0.18362.1256 update for the 1903 builds.