We were able to solve this, but I don't know the cause. For every VPN user we had them run disk clean and click on Cleanup System Files as well. After that ran and they restarted the SCCM client was able to detect and install the missing updates.
SCCM client not detecting software updates over VPN
We have SCCM with a single site. With the latest updates (August 2021, Windows 10 20H2) our test clients internally got the updates, but the test clients over the VPN are not detecting the deployment.
In the UpdatesDeployment.log the last entry shows:
EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0
The IP address for VPN users is included in the boundary. So I am stumped where else to look to solve this problem.
We use the GlobalProtect VPN client.
5 additional answers
Sort by: Most helpful
-
Amandayou-MSFT 11,141 Reputation points
2021-08-20T03:08:44.373+00:00 Hi @Daniel Kaliel ,
First please check if these clients over the VPN have received the policy of update. When policy is received, the following entry is logged in PolicyAgent.log:
We could check if Deployment Unique Id on the console is consistent with policy id displayed in PolicyAgent.log.
Software update would be checked if it is required by client , kindly check UpdatesStore.log. UpdateStore.log would record updates as missing if they are required. If it is not required or has been installed by client, there is no record in this log. So we could check the update is really required by these clients over the VPN.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
Daniel Kaliel 1,266 Reputation points
2021-08-26T20:01:30.373+00:00 I added the "Boundaries Group" column to the Devices list and it shows all VPN devices with no boundaries.
But I verified the IP address of the adapter is within the IP range associated with a boundary group
-
Daniel Kaliel 1,266 Reputation points
2021-08-27T15:59:13.097+00:00 In the UpdatesStore.log on a VPN attached device I see:
Queried Update (6e88be6e-d470-4e7e-9f36-01479049aadb): Status=Missing, Title=2021-08 Servicing Stack Update for Windows 10 Version 20H2 for x64-based Systems (KB5005260), BulletinID=, QNumbers=5005260, LocaleID=, ProductID=b3c75dc1-155f-4be4-b015-3f1a91758e52, UpdateClassification = 0fa1201d-4330-4fa8-8ae9-b877473b6441, ExcludeForStateReporting=FALSE.
But it has been over an hour and Software Center still does not any available updates and they are still not installed.
-
Daniel Kaliel 1,266 Reputation points
2021-08-30T15:38:34.08+00:00 It is required.
I get that it "won't show" but it does show while it installs in the updates list and disappears after that. This update does not do that. Having said that, the issue is that it does not install and never shows up as "installing" in Software Center. The Windows update is not found in the installed updates list and users are never notified to reboot their PC's as the deployment is configured.