Intune Windows Update/Feature Update Ring applied but clients not updating

Copper Contributor

We recently moved some of our co-managed workloads from SCCM to Intune, not pilot, and for the most part our devices are happy with our Intune Windows 10 Update Ring settings.  We have a profile created for Quality updates and are also using the Window 10 Feature Updates as a separate profile. What we're seeing on some devices is the profiles are being applied to the Windows 10 device but the device is not going out to WUfB to grab the required Quality or Feature update. I can see the settings have been applied by reviewing the MDMDiagReport and these settings are identical to a working device. In Intune I can see that the device does have the proper workloads as well. What is odd though, is on the device when I look at the configured update policies, it shows that no policies have been configured yet. There are no GPO or MECM client settings that are still configured that could be stomping on the Intune policy as I've ran an RSOP and have checked to make sure the client settings have been removed.

 

Has anyone else seen this? Any ideas what else to check?


Thanks very much everyone!

12 Replies

Hello @HenrikInAB!

 

I am sure we can solve this together, I have some questions to get us going :)

 

 

Let me know if above helps, otherwise we will keep digging :)

 

Best regards

 

Nicklas Ahlberg

 

https://nicklasahlberg.se/ 

@NicklasAhlberg 

 

I am facing exact similar issue and found .

Do we have any working solution and fix .

 

Note : 

I can see all the registry values from : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Update

But when i goto Settings->Windows Update -> View Configured Update Policy -> still seeing "No policy have been configured Yet"

 

This is happening to only some computers (not all).

 

@MSIreport 

 

Hi,
this does probably come down to Co-Management workloads not being applied to the faulty devices yet.


Please try below to start the troubleshooting:
1. Open SCCM Agent from control panel or from cmd/Powershell by running: control smscfgrc

2. Compare "Co-management capabilities" score on a faulty and a functional device... do both devices have same score?
2021-10-11_08-45-55.png

 

//Nicklas

Hi,

isnt that because the SCCM client is still installed on the devices and a configured windows update group/point?

Thank you@NicklasAhlberg .

 

I did compare the SCCM workload values and all are same but only the problem which i noticed after my deep dive was, i was able to see WUServer details from SCCM eventhough we disabled Software Update client policy.

 

Do we have any correct procedure from MS to handle this situation.

 

Thanks in advance.

Yes, that is probably what is going on here. The co-mgmt capabilities should give us further insights on this issue. Usually this issue comes down to co-mgmt workloads.
Hi Rudy,
We do have SCCM client and Software Update client policy disabled for all our Windows update workload computers.

We still see the WUServer in our registry path and i do not know why.
Just wondering, but what happens when removign the sccm client.. is the wuserver key also removed or?
Is the workload set to Intune or Intune pilot? If it is set to "intune pilot" any device(s) not part of the selected collection will not have the workload changed.

The SCCM client policy is supposed to change the regvalues as soon as the SCCM client policy has been set to not use SCCM as SUP.
Yes, i removed my SCCM client completely and rebooted the device.
Still i could not see anything under "Policies set on your device" :(

Thanks...
I do not think that uninstalling the SCCM client will actually solve this as this issue should not be related to the client itself.
1. SCCM Client Policy is correctly configured (make sure you do not have any overlapping policies)
2. Co-Management SU workload is set to Intune or Intune pilot
2.1 If Intune pilot is being used, make sure that your devices are members of the pilot collection
3. Windows Update for Business policies are successfully assigned and applied
4. Check CoManagementHandler.log - make sure the merged capabilities are successfully applied to the device. %WinDir%\CCM\logs\CoManagementHandler.log

After step 1-4, check this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
If possible share a print screen (blur any sensitive info)

//Nicklas

@NicklasAhlberg 

Feature updates for Windows 10 and later policies cannot be applied during the Autopilot out of box experience (OOBE).

 

so I don’t understand is autopilot in comanaged supported for feature updates or not