Posted inMicrosoft Cloud

Troubleshooting Windows Update Failures in Intune

No Comments
Troubleshooting Windows Update Failures in Intune

If Windows updates are failing on devices managed through Microsoft Intune, you can follow these steps to diagnose and resolve the issue.

Step 1: Check the Windows Update Settings in Intune

  1. Log in to Intune:
  2. Verify Windows Update Policies:
    • In the Intune Admin Center, go to Devices > Windows > Update rings for Windows 10 and later.
    • Check if there are Windows Update Rings configured and assigned to devices.
    • Review the settings for:
      • Update deferral settings: Check for deferral periods that might delay updates.
      • Active hours: Ensure that active hours are set appropriately for when devices can install updates.
      • Restart settings: Make sure restarts are allowed after updates.
    • Make adjustments if necessary (e.g., reduce deferral time, ensure restarts are not blocked).

Step 2: Check Device-Specific Logs

  1. Collect Logs from the Affected Device:
    • On the device, navigate to C:\Windows\Logs\WindowsUpdate to check the WindowsUpdate.log for detailed error information.
    • Use the Event Viewer to look for any errors related to Windows Update:
      • Go to Event Viewer > Applications and Services Logs > Microsoft > Windows > WindowsUpdateClient.
      • Check for any Error or Warning messages regarding the update process.
  2. Use Windows Update Troubleshooter:
    • Open Settings > Update & Security > Troubleshoot.
    • Select Windows Update and run the troubleshooter to detect and automatically fix common issues.

Step 3: Check Network and Connectivity Issues

  1. Verify Device Connectivity:
    • Ensure the device has a stable internet connection and can communicate with the Microsoft Update Servers.
    • If the device is on a corporate network, check that there is no proxy server or firewall blocking access to Windows Update services.
  2. Check VPN or Endpoint Security Tools:
    • Sometimes, a VPN or security software (like antivirus or firewall) can block the connection to Microsoft Update servers.
    • Ensure there are no VPN or security software configurations that are preventing Windows Update from accessing required services.

Step 4: Review Device Enrollment Status

  1. Ensure Device Compliance:
    • In the Intune Admin Center, go to Devices > Monitor > Device compliance.
    • Verify if the device is in a compliant state. If it is non-compliant, it might be restricted from receiving updates.
    • Review and resolve any compliance policies or issues that may be blocking updates.
  2. Review Device Configuration Profiles:
    • Go to Devices > Windows > Configuration Profiles and check for any policies that might affect Windows Update, such as:
      • Update Ring settings.
      • Device restrictions that could block updates (e.g., disabling certain update features).

Step 5: Restart the Windows Update Service

  1. Manually Restart Windows Update Service:
    • On the affected device, press Win + R, type services.msc, and press Enter.
    • Find Windows Update in the list of services.
    • Right-click and select Restart.

Step 6: Manually Trigger Updates on the Device

  1. Trigger Windows Update Manually:
    • On the affected device, open Settings > Update & Security > Windows Update.
    • Click on Check for Updates to manually force the device to search for and install updates.
  2. Reset Windows Update Components:
    • Run the following commands in Command Prompt (Admin) to reset Windows Update components:bashCopy codenet stop wuauserv net stop bits ren %windir%\SoftwareDistribution SoftwareDistribution.old net start wuauserv net start bits
    • After running the commands, try running the update again.

Step 7: Monitor and Investigate Deployment Status in Intune

  1. Monitor Windows Update Deployment in Intune:
    • In the Intune Admin Center, go to Devices > Monitor > Windows Update Deployment.
    • Check if any errors or failures are logged for the update deployment.
  2. Check Update Deployment Reports:
    • Go to Devices > Windows > Update Rings for Windows 10 and later.
    • Check the deployment status of the update ring, and view deployment logs to understand why the update failed.

Step 8: Other Potential Fixes

  1. Check for Pending Reboot:
    • Sometimes updates won’t install if a reboot is pending. Ensure there are no pending reboots before trying again.
  2. Clear Windows Update Cache:
    • Clearing the update cache may resolve issues. Delete the contents of the C:\Windows\SoftwareDistribution\Download folder, then restart the Windows Update service.
  3. Update the Device Manually via WSUS:
    • If updates are failing via Intune, you can manually install the update through WSUS (Windows Server Update Services) or by downloading the update manually from the Microsoft Update Catalog.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *