Forum Discussion

Tiran700's avatar
Tiran700
Copper Contributor
Apr 23, 2023

Unable to install Feature Updates using Intune policies

Hello,

I am encountering an issue where Feature Updates are not being applied to a group of 10 computers that I have assigned an Update Ring and Intune Feature & Quality Update policies to. The policies are correctly configured and Quality updates are being applied successfully without any issues. However, Feature Updates are not being installed on the target computers.

 

To give you more context, I have created an Update Ring in Intune and assigned it to the 10 target computers for testing. The Update Ring is configured to receive both Feature and Quality Update policies. The policy settings are correctly configured as seen in the picture below:

 

 

Feature Update Policy:

 

To try and fix the issue, I have performed the following steps:

  1. Restarted the services: Bits, Windows Updates, Cryptography Service, Windows Installer, Microsoft Assistant
  2. Configured Windows Health Monitoring to Windows Updates
  3. Configured Telemetry
  4. Turned off Firewall & Proxy
  5. Ran SFC Scan & DISM Scan and Restore commands
  6. Renamed \ Deleted the folders SoftwareDistrubution and Cartoon2
  7. Configured MDM Over GP Policy
  8. Turned off Safe Guard
  9. Ran the computer in Clean Boot while only Microsoft Services are on
  10. Disabled all Startup Applications
  11. Checked Registry configurations to ensure MDM policy is applied
  12. Ran the Windows Updates Troubleshooter.
  13. Removing GPO Policies that were applied to computers.
  14. Ran the following commands:
    • net stop cryptSvc
    • net stop bits
    • net stop msiserver
    • ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
    • ren C:\Windows\System32\catroot2 catroot2.old
    • net start wuauserv
    • net start cryptSvc
    • net start bits
    • net start msiserver

 

Furthermore, I have attempted to run the updates through the Windows Updates page and a KB file, but both methods resulted in errors with codes 0x80240437, 0x8019001, and 0x8024401C.

 

I have consulted various troubleshooting websites but have not been able to find a solution. Any help would be greatly appreciated.

feature updates
Intune
Intune Update Ring
Mobile Device Management (MDM)
Windows Updates
  • somesh_pathak's avatar
    somesh_pathak
    Iron Contributor
    Apr 25, 2023

    Hi Tiran700 ,

     

    You mentioned pushing the "MDM wins over GP" policy. Is it a co-managed environment with workloads shifted? Also, check the Windows Update policy on any one of the endpoints by checking the GroupPolicy it is getting and the configured update policies on it. 

     

    Best Regards,

    Somesh

    • AriaUpdated's avatar
      AriaUpdated
      Icon for Microsoft rankMicrosoft
      May 24, 2023
      Note MDM wins over GP is not applicable to any Windows Update policies. You should confirm that no Gorup Policies are configured (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate)

      Additionally, it looks like you are using the Graph API to offer feature updates. What do the Intune reports say about Offer State? (Aka have these devices been offered the feature update)

Resources