Windows 10
A Microsoft operating system that runs on personal computers and tablets.
12,075 questions
Can happen if your FW policies are restrictive and blocking Windows update urls.
Windows Updates For Business Failing updates
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 94%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Casey Throop
1
Reputation point
Hey Everyone,
I've been plagued by a Windows update issue for some time now and I'm having trouble pinning it down.
Environment;
Azure AD only
Windows update for business enabled
NO Sccm client on the machines
Fresh out of the Autopilot process
A device that was new out of box went through Autopilot and when I went to test running updates on the device they failed and undid changes.
WUfB policies are successfully applying to the device.
Now I successfully updated by REMOVING the firewall config policy we have set up which was great UNTIL I tested reapplying the firewall policy and running the update again. After reapplying the firewall policy it successfully updated again. This has thrown me for a loop in trying to pin point where my issue is.
Has anyone ran into this before? Or could anyone office any input?
{count} votes
-
Casey Throop 1 Reputation point
2021-07-22T13:25:02.907+00:00 More details here- This is what my Windows defender policies look like In Intune -
policy Enabling defender for all interfaces: set to allow inbound and outbound connections on all interfaces and to allow inbound notifications on all interfaces. Nothing mentioning a block in this profile.
A policy Blocking RDP in and out
A policy blocking NetBios TCP and UDP Inbound and outbound
A policy specifying allowed applications, services and ports.
Sign in to comment
2 answers
Sort by: Most helpful
-
Rahul Jindal [MVP] 10,871 Reputation points MVP2021-07-21T20:01:14.987+00:00 -
Casey Throop 1 Reputation point
2021-07-21T20:39:15.853+00:00 That was my thought as well.
I don't have anything specifically set to block update URLS.
The Weird thing to me is after successful update without firewall, I reapplied the firewall policy and uninstalled update to retry. After reinstalling with Firewall policies enabled this time it was successful.
Sign in to comment -
-
Rahul Jindal [MVP] 10,871 Reputation points MVP
2021-07-21T21:49:46.743+00:00 The content and meta data of the installed updates gets cached. I am not sure to what extent you are removing the already installed updates. The main thing is that without FW rules things work so the rules should be checked out. I did a search to access the list of urls, but couldn’t find anything official right now. Found an unofficial link here.
-
Casey Throop 1 Reputation point
2021-07-22T03:00:22.213+00:00 Thanks for the response.
This happens both on network and off network.
Is there a specific profile I can create within Intune to set these to allowed within Windows Defender Firewall? Our FW policy just configures Windows defender and I haven't seen anything within Intune Config policies that mentions how to allow URLs.
-
Rahul Jindal [MVP] 10,871 Reputation points MVP
2021-07-22T06:13:58.467+00:00 Sounds like you don’t really have any fw rules configured in Intune and maybe you are just switching defender fw on and that’s it. The rules I was referring to was for your network fw or proxy.
-
Casey Throop 1 Reputation point
2021-07-22T12:25:36.82+00:00 That's why I responded to clarify. We've got a policy enabling defender on all types of interfaces and then a policy allowing specific services or apps to function.
I've tried allowing wuauserv, svchost, and things like that through it but no success
-
Deleted
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Sign in to comment -