"Check online for updates from Microsoft Update" missing in Windows 11 (WSUS GPO)

Dieter Tontsch (GMail) 867

We have migrated our first few Windows 10 installations to Windows 11. We are operating in a 2019 Active Directory and we use GPOs for WSUS.
Our GPO provides a local WSUS server, but it also allows Updates from Microsoft.

I have observed that this blue link saying Check online for updates from Microsoft Update is entirely missing from Windows 11 update settings.
I am not very happy anyway with the approach MS takes, automating this update mechanism more and more, not even in Windows Server OS it's possible anymore, like it was with Windows 2021 R2, to deselect updates or such things. This whole procedure meanwhile is a take it ar leave it approach.
However, this Check online for updates from Microsoft Update was very handy, if some updates didn't arrive yet on our WSUS, or by some missing config they did not load to WSUS etc. Is there any chance to get this feature enabled?

Also, what happens if one has no connection to it's WSUS (no VPN) for quite a while, is there any chance to get updates directly online form MS?

Cheers,
Dieter

Rita Hu -MSFT 9,626 Reputation points

2021-10-15T02:12:20.32+00:00

@Anonymous
Please review the below registry value on windows 11 clients and share with us to help me research further:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Thanks for your sharing and cooperation.

Regards,
Rita

Accepted answer

myusrn 106 Reputation points

2021-12-02T19:46:32.153+00:00

Hi @Anonymous - I was experiencing what appears the same issue as you were on my win10 enterprise managed setup that i joined to insider program one month before win11 released in order to upgrade early and dogfood for any issues.

From that point up until and after rtm I lost access to the “check online for updates from microsoft update” link that normally displays just under the “check for updates [ from my enterprise IT managed wsus ]” button.

To work around this I was having to remove my enterprise IT [sc]cm client install in order to make the "check for updates" button revert to using microsoft update instead of my enterprise IT managed wsus so that I could pull win11 updates prior to rtm and cumulative updates after rtm. Not a viable long term solution as i want / need both options.

Coincidentally we have just started piloting the w365 cloud pc SaaS service and that team enabled me with a win11 enterprise managed cloud pc setup where i was seeing the expected and desired “check online for updates from microsoft update” link displayed just under the “check for updates [ from my enterprise IT managed wsus ]” button.

I compared my hklm\Software\Policies\Microsoft\Windows\WindowsUpdate key on that w365 cloud pc win11 setup, where I do see expected “check online for updates from microsoft update” link in addition to “check for updates [ from my enterprise IT managed wsus ]” button. I noticed it was lacking one value than mine contained, "DoNotConnectToWindowsUpdateInternetLocations"=dword:00000000.

I deleted that registry value and revisited windows update screen and now I am setting the expected “check online for updates from microsoft update” link just below the “check for updates [ from my enterprise IT managed wsus ]” button and when i click it i appear to be getting the expected functionality. This would suggest the presence of "DoNotConnectToWindowsUpdateInternetLocations" is being interpreted as 0x1 and ignoring what value data settings of 0x0.
Please sign in to rate this answer.

4 people found this answer helpful.
Dieter Tontsch (GMail) 867 Reputation points

2021-12-08T18:50:06.89+00:00

You are gorgeous, deleting this key, respectively even just renaming it, did also solve my problem.

Thank you very much

Cheeers,
Dieter

boxfox 1 Reputation point

2022-10-18T15:31:07.56+00:00

My apologies for the thread necromancy, but I wanted to add that this also functions in Windows 10 Education edition (10/18/22, build 10.0.19043), and also to thank you, myusrn.

Thomas Langhans 1 Reputation point

2023-09-22T10:37:22.3233333+00:00

I found out a very strange behaviour there: I've got two computers, identically configured, same ConfigMgr Task Seqence installation, same GPOs, same computer group memberships, one shows "Check online for updates from Microsoft Update Link" if "DoNotConnectToWindowsUpdateInternetLocations" is set to 0 and the other one shows the link if the value is set to 1. That's definitly seems to be a bug.

Can anyone kindly expain that issue please?
Sign in to comment

13 additional answers

Dieter Tontsch (GMail) 867 Reputation points

2021-10-19T07:06:16.023+00:00

Hello,
thanks for your effort. Are you referring to this section on the linked post?

Because that's not quite what we experience. I never saw that option in Windows 11, it's not greyed out, it's simply not there.
Can you eventually post a screenshot with how that should look like, and where this option should pe present?

thanks,
Dieter
Please sign in to rate this answer.

1 person found this answer helpful.
Rita Hu -MSFT 9,626 Reputation points

2021-10-20T01:13:38.053+00:00

@Anonymous
Thanks for your feedback.

I don't know what the actual change in the new Windows 11. My windows 10 clients could not upgrade to windows 11 through WSUS right now. But I have upgraded a windows 10 by MECM, it seems that the issue occurred as the same as yours'. There is no Official Document from MS for reference. So I have no definite conclusion now.

I will try my best to feedback to the MS to confirm whether they have any comments, but not guarantee. I will come back if they have any feedback.

Thanks for your understanding and cooperations.

Regards,
Rita

Petr Plenkov 1 Reputation point

2022-06-08T13:23:35.447+00:00

Worked for me perfectly! Thank you so much for this fix!
Sign in to comment
Barbara Joost 11 Reputation points

2021-12-08T15:23:38.413+00:00

@myusrn : I had the same issue. I had also this registry key on my PC. Deleting the registry key solved the problem for me too.

We don't have SCCM. We use only WSUS. I think there must be a policy that creates the registry key. I will try to find it.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment
Barbara Joost 11 Reputation points

2021-12-08T15:57:50.767+00:00

Found it. This registry key will be controlled by the policy "Do not connect to any Windows Update Internet locations".

https://gpsearch.azurewebsites.net/#10875

In our environment this policy is explicitly set to disabled. This creates the registry key in question with the value "0", I think. The key exists on Windows 10 too, but has not the same effect like on Windows 11.

I will create a GPO for W11 where this policy is set to "not configured". Let's see.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment
Dieter Tontsch (GMail) 867 Reputation points

2021-10-17T09:25:35.157+00:00

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Please sign in to rate this answer.
Rita Hu -MSFT 9,626 Reputation points

2021-10-18T07:10:54.737+00:00

@Anonymous
Thanks for your feedback.

May I know the method how the Windows 10 clients upgrade to Windows 11? Please help to confirm the OS version of the Windows 11 clients. We could run the winver command on RUN to get the information. It will be better if you could provide the screenshot.

Thanks for your understanding and cooperation.

Regards,
Rita
Sign in to comment