Windows 10 Feature Update Fails

Question

Windows 10 Feature Update Fails

Sam Conroy 20

I'm using MS Intune and have had to switch off feature updates (as its forcing Windows 10 to 11 upgrades, and we don't want Windows 11 yet).

So I've tried to roll out an Intune remediation script, I have two versions and they both fail to run, as follows.

Script 1 - No remediation script
Script 2 - Detection & Remediation Script

All scripts are configured to UTF-8 encoding in Notepad++, and run under the system account.

Intune reports the scripts as run, but the code is not being run properly, for example at the start its creating a new C:\TEMP folder, but this failed to get created, even when it does not exist.

If I run the scripts manually on the client, then they work correctly.

Any ideas ?

Sam Conroy 20

Script 1 - Detection Script Only

# Detect Windows Build Number
$OSBuildnumber = [System.Environment]::OSVersion.version.Build
# Check to see if OS Build Number is Windows 10 22H1 or 22H2, which needs updating to 22H2
#
# Win 10 21H1 - 19043
# Win 10 21H2 - 19044
if ($OSBuildnumber -eq "19043") {
    $UpgradeNeeded = "Yes"
} elseif ($OSBuildnumber -eq "19044") {
    $UpgradeNeeded = "Yes"
} else {
    $UpgradeNeeded = "No"
}
if ($UpgradeNeeded -eq "No") {
    #Windows version is not Win10 21H1 or 21H2
} else {
    # Run the upgrade from 21H1/2 to 22H2
 
    # Create temporary location
    $dir = ‘C:\Temp’
    mkdir $dir
    # Download Update from MS
    $webClient = New-Object System.Net.WebClient
    $url = ’https://go.microsoft.com/fwlink/?LinkID=799445’
    $file = “$($dir)\Windows10Upgrade9252.exe”
    $webClient.DownloadFile($url,$file)
 
    #Run the update with custom start-up parameters
    Start-Process -FilePath $file -ArgumentList ‘/quietinstall /skipeula /auto upgrade /copylogs $dir’  
}

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Sam Conroy 20 Reputation points

2024-08-19T14:22:04.1966667+00:00

Strange, it won't allow me to post the detection script on the portal, reporting the messages above as a violation of the code of conduct, nothing in it that should trigger that. I think its because I have the word "exit" in the message.

With it using "exit 1" for finding the correct (21H1/2) build version and "exit 0" for not finding the build version to upgrade.

Sam Conroy 20

Script 2b - Remediation Script

# Run the upgrade from 21H1/2 to 22H2
 
# Create temporary location
$dir = ‘C:\Temp’
mkdir $dir

# Download Update from MS
$webClient = New-Object System.Net.WebClient
$url = ’https://go.microsoft.com/fwlink/?LinkID=799445’
$file = “$($dir)\Windows10Upgrade9252.exe”
$webClient.DownloadFile($url,$file)
 
#Run the update with custom start-up parameters
Start-Process -FilePath $file -ArgumentList ‘/quietinstall /skipeula /auto upgrade /copylogs $dir’

Answer accepted by question author

2 additional answers

Your answer

Sam Conroy 20 Reputation points

2024-08-19T14:16:58.7666667+00:00

Script 1 - Detection Script Only

# Detect Windows Build Number $OSBuildnumber = [System.Environment]::OSVersion.version.Build # Check to see if OS Build Number is Windows 10 22H1 or 22H2, which needs updating to 22H2 # # Win 10 21H1 - 19043 # Win 10 21H2 - 19044 if ($OSBuildnumber -eq "19043") { $UpgradeNeeded = "Yes" } elseif ($OSBuildnumber -eq "19044") { $UpgradeNeeded = "Yes" } else { $UpgradeNeeded = "No" } if ($UpgradeNeeded -eq "No") { #Windows version is not Win10 21H1 or 21H2 } else { # Run the upgrade from 21H1/2 to 22H2 # Create temporary location $dir = ‘C:\Temp’ mkdir $dir # Download Update from MS $webClient = New-Object System.Net.WebClient $url = ’https://go.microsoft.com/fwlink/?LinkID=799445’ $file = “$($dir)\Windows10Upgrade9252.exe” $webClient.DownloadFile($url,$file) #Run the update with custom start-up parameters Start-Process -FilePath $file -ArgumentList ‘/quietinstall /skipeula /auto upgrade /copylogs $dir’ }
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Sam Conroy 20 Reputation points

2024-08-19T14:22:04.1966667+00:00

Strange, it won't allow me to post the detection script on the portal, reporting the messages above as a violation of the code of conduct, nothing in it that should trigger that. I think its because I have the word "exit" in the message.

With it using "exit 1" for finding the correct (21H1/2) build version and "exit 0" for not finding the build version to upgrade.
Sam Conroy 20 Reputation points

2024-08-19T14:28:02.07+00:00

Script 2b - Remediation Script

# Run the upgrade from 21H1/2 to 22H2 # Create temporary location $dir = ‘C:\Temp’ mkdir $dir # Download Update from MS $webClient = New-Object System.Net.WebClient $url = ’https://go.microsoft.com/fwlink/?LinkID=799445’ $file = “$($dir)\Windows10Upgrade9252.exe” $webClient.DownloadFile($url,$file) #Run the update with custom start-up parameters Start-Process -FilePath $file -ArgumentList ‘/quietinstall /skipeula /auto upgrade /copylogs $dir’

Answer 1

@Sam Conroy, Thanks for the update, I am glad it is working now. Here, please let me write a brief summary of the issue:

Issue:

Intune remediation script to upgrade windows 10 Feature update is not working.

Resolution:

User's image

Thanks for your time and have a nice day!

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

@Sam Conroy, Thanks for posing in Q&A. From your description, it seems you want to stay on Windows 10, have we tried to configure Feature Update policy to let it stay at Windows 10, version 22H2 version.

https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-feature-updates

Meanwhile, for script testing manually on the device, to test it under system account, we need to use PsExec tool to let it run under system account because environment variable is different when run under different account. Please confirm if we use PsExec.

https://learn.microsoft.com/en-us/sysinternals/downloads/psexec

After reviewing the detection script, I find the format is not correct. You don't have exit code included. Based as I know, exit code exit 1, meaning the issue was detected. Here are links with script example you can refer.

https://learn.microsoft.com/en-us/mem/intune/fundamentals/powershell-scripts-remediation#script-descriptions

https://www.velessoftware.com/deploy-a-remediation-script-using-intune/

Note: Non-Microsoft link, just for the reference.

Hope the above information can help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

Sam Conroy 20

@Crystal-MSFT Thanks for your reply, below is the detection & remediation script, which has exit 1 and exit 0 set. This is the second option from the script above which is a detection only script that performs all the works, neither of these options work for me.

Script 2a - Detection Script only
User's image

Script 2b - Remediation Script Only
User's image

When I have been testing the PS scripts manually, no I have not been using PSExec, I have been manually running the PS script on the endpoint computer.

Crystal-MSFT 54,201 Reputation points Microsoft External Staff

2024-08-20T07:29:40.2066667+00:00

@Sam Conroy, Thanks for the reply. Please get screen shot of the detection status and remediation status of the affected device to see if it is applied.
Sam Conroy 20 Reputation points

2024-08-20T07:42:59.4666667+00:00

@Crystal-MSFT Checked this morning and this time it looks to have run, however its failed on the Windows 10 21H1 test device, do you have any help in diagnoising why ?
Crystal-MSFT 54,201 Reputation points Microsoft External Staff

2024-08-20T07:57:32.9833333+00:00

@Sam Conroy, Thanks for the reply. It seems the Remediation script is failed to run on the affected device. Please check if the C:|Temp folder is created.

Meanwhile, you can manually download PsExec to run as system account. And then run the remediation script on the affected device to see if it will upgrade the device. In addition, please check how long will it finish the upgrade. If it takes too long time. It may time out and response failed I think.
Sam Conroy 20 Reputation points

2024-08-20T08:02:09.5133333+00:00

@Crystal-MSFT Thanks to one of your original links, I've tracked down the issue in the C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\AgentExecutor.log file.

It appears that the PS file being run on the device has a number of prefix characters on each line that can't be interpreted, eg

<![LOG[error from script =â?~C:\Tempâ?T : The term 'â?~C:\Tempâ?T' is not recognized as the name of a cmdlet, function, script file, or operable

I've resummitted the PS remediation script again and waiting for this to be run on the machine.
Sam Conroy 20 Reputation points

2024-08-20T08:09:17.9333333+00:00

@Crystal-MSFT I think that I have found the issue, located in the file
C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\AgentExecutor.log

It looks like we have some additional none readable characters in the remediation script when its being run, which are not displayed in the Intune portal. An example of the error is as follows

<![LOG[error from script =â?~C:\Tempâ?T : The term 'â?~C:\Tempâ?T' is not recognized as the name of a cmdlet, function, script file, or operable

I've resumitted the remediation script in UTF-8 format.

The intune portal is showing the following

But its still failing to run with the same issues, possibly due to â? representing " in the script.
Sam Conroy 20 Reputation points

2024-08-20T08:41:59.5033333+00:00
I noticed that the quotes I had in the remediation script were single quotes, these have been changed to double quotes, this also failed, as the line

$file = "($dir)\Windows10Upgrade9252.exe"

also contained extra characters inplace of the quotes, so I had to delete the whole line and retype and save again.

This passed this part, but now it looks like it can't execute the command

$webClient.DownloadFile($url,$file)

reporting that it can't execute as an exception occured during the WebClient request. See below

Exception calling "DownloadFile" with "2" argument(s): "An exception occurred during a WebClient request."

At C:\Windows\IMECache\HealthScripts\9a3e0b5d-a477-4909-ae37-dce725183ceb_6\remediate.ps1:11 char:1

$webClient.DownloadFile($url,$file)

CategoryInfo : NotSpecified: (:) [], MethodInvocationException

FullyQualifiedErrorId : WebException
Sam Conroy 20 Reputation points

2024-08-20T08:53:55.8433333+00:00

Now changed the remediation code to This now appears to be running sucessfully.
Sam Conroy 20 Reputation points

2024-08-20T08:54:20.25+00:00

Now changed the remediation code to This now appears to be running sucessfully.

Share via

Windows 10 Feature Update Fails

2 additional answers

Your answer