February 28, 2024

Troubleshooting Issues with Windows Updates within Workspace ONE UEM

Occasionally, issues may arise with Windows Updates, and this article points to information and resources that can help you identify and remediate quickly.

Multiple dependencies impact the propagation of Windows Updates, and any one or more of those can cause Windows Updates to fail, generally behave unexpectedly, or worse yet, appear to occur intermittently. This article focuses on how to resolve Windows Updates issues easier and faster.

For a more detailed explanation of Workspace ONE UEM Windows Updates functionality and configuration, see the tutorial:

This post will walk through the following troubleshooting activities:

  • Halting the deployment of a specific Windows Update
  • Checking the state in the UEM Console and on the Windows device
  • Determining the status of a specific Windows Update.
  • Viewing the full status of all Windows Updates.
  • How to address transition issues when moving from a Windows Update (Legacy) profile to a Windows Update profile.

For each, a sample scenario will be presented.

Scenario 1: How do I quickly stop the installation of a new Windows Update?

Every so often, a Windows Update will create an issue that is noted during the initial rollout stage.  Rather than risk an issue with all Windows devices, administrators can elect to quickly rollback and/or pause the update until it can be further investigated and remedied. 

Pause, resume, and rollback may now be executed directly within the Workspace ONE UEM console; it is no longer necessary to execute scripts to enable this functionality.

Figure 1: Pause, Resume, and Rollback within the console

Pause, Resume, and Rollback may be based on the entire profile or individual devices. When quality updates are paused or rolled back, a warning screen is presented:

A screen shot of a computer</p> <p>Description automatically generated

Figure 2: Rollback warning

Pause and rollback should be used with caution because both will prevent new quality updates for installing for 35 days.

Scenario 2: “Detective, what do you know so far?” 

When you’re in detective mode, start with options within the Workspace ONE UEM console. If you are unable to find the required answers, you may need to access the Windows device. 

The sources outlined below should be the first steps taken to address Windows Updates issues:

A screenshot of a computer program</p> <p>Description automatically generated

Figure 3: Windows Update issue resolution options

Note that the Update Sample Query and Troubleshooting tabs are accessed under the Devices tab within the UEM Console. After locating the device within the Dashboard or List View, the administrator can elect either of these actions. More Actions is located in the upper right corner, whereas the Troubleshooting tab is a dropdown option from the More button.

Scenario 3: Has a specific Windows Update been applied to certain devices?

The status of a specific Windows Update can be verified within the UEM Console. To see the status of Windows Updates within your environment, go to Resources > Devices Updates > Update Overview.

A white background with black text</p> <p>Description automatically generated

Figure 4: Administrative view of Windows Updates

The administrator can drill down on the specific KB number to learn more about the status, as well as to view the Microsoft KB.

Note that if a specific update was quickly superseded, it may not have been installed and thus not appear on this list.

Scenario 4: What is the full and complete status of all Windows Updates?

In the past, Workspace ONE UEM Windows Update reports may have sometimes reflected inaccuracies because only one type of data point was accessed.   Now with three data sources, the UEM Console enables administrators to get a full and accurate view of the status of all Windows updates.

After selecting a device, an administrator can select a device and view the Updates tab for a holistic view of all updates that have been installed on the device. The Windows Update sources now uniquely include queries based on the Windows Update Agent (WUA), DISM, and WMI. Because these three sources are used, the accuracy and validity of the Windows Update status is ensured.

 A computer screen shot of a diagram</p> <p>Description automatically generated

Figure 5: Device report showing Windows Updates by source

Scenario 5: How do I address issues when transitioning from Windows Update (Legacy) profile to Windows Update profile?

Suppose that a Windows Update (Legacy) profile has been in use for WSUS. After upgrading to Windows Update for Business, a new Windows Update profile was created and configured because the Windows Update source cannot be modified within a profile. Now, most devices are functioning properly, but some devices are not installing Windows Updates.

The first step is to ensure that the Windows Update (Legacy) profile has been properly unlinked/disabled and the new Windows Update policy has been configured and applied correctly. In particular, examine the Smart Group designation.

Secondarily, it is possible that some residual impact of the old policy remains on the Windows device, and this can be validated by checking registry keys on the Windows device.

A close-up of a sign</p> <p>Description automatically generated

Figure 6: Main Windows registry keys impacted by legacy and new Windows Update policies

The next step is to ascertain which resource is being accessed for Windows Updates by checking the following registry key:

  • HKLM\Software\Microsoft\PolicyManager\current\device\Update\UpdateServiceUrl

If this key points to the previous Windows Update resource, the new Windows Update policy has not been applied properly, and/or antiquated settings have not been correctly updated.

It may be necessary to remove the Windows Update registry keys from the following location:

  • HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Of course, the registry should be backed up before making any changes.

If the Windows device still does not properly apply Windows Updates, it may be necessary to reset Windows Update components.

Summary

These troubleshooting steps should address most Windows Updates issues. For a more detailed explanation of Windows Updates, including the propagation process and configuration, see the Managing Updates for Windows Devices tutorial

If you are still having issues with Windows Updates applying correctly, please contact Workspace ONE Technical Support.

Filter Tags

Workspace ONE Workspace ONE UEM Blog Announcement Intermediate Win10 and Windows Desktop

Jo Harder

Read More from the Author

Senior Technical Marketing Architect, End-User Computing, VMware. Jo has been working with EUC technologies since 1999 and now focuses on Workspace ONE solutions. She holds CISSP certification, and her resume includes roles in Product Management, Technical Product Marketing, Cloud Architecture in FinTech, Consulting, and Technical Readiness.