This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 67%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
We have SCCM with a single site. With the latest updates (August 2021, Windows 10 20H2) our test clients internally got the updates, but the test clients over the VPN are not detecting the deployment.
In the UpdatesDeployment.log the last entry shows:
EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0
The IP address for VPN users is included in the boundary. So I am stumped where else to look to solve this problem.
We use the GlobalProtect VPN client.
Managing and deploying updates via Configuration Manager
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 60%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Hi, i already had this identical issue vpn devices, after upgrade windows 10 1909 to 20h2.
can you try install sccm client this options and tell result after?
This action solved the problem for me. Hopefully it will be resolved with you too
I tried this and it didn't change anything.
Answer accepted by question author
We were able to solve this, but I don't know the cause. For every VPN user we had them run disk clean and click on Cleanup System Files as well. After that ran and they restarted the SCCM client was able to detect and install the missing updates.
Hi @Daniel Kaliel ,
First please check if these clients over the VPN have received the policy of update. When policy is received, the following entry is logged in PolicyAgent.log:
We could check if Deployment Unique Id on the console is consistent with policy id displayed in PolicyAgent.log.
Software update would be checked if it is required by client , kindly check UpdatesStore.log. UpdateStore.log would record updates as missing if they are required. If it is not required or has been installed by client, there is no record in this log. So we could check the update is really required by these clients over the VPN.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Just checking in to see if there is any update. We haven't heard from you for a few days and would like to know the current status of the problem. Is the problem solved? Do you need any further assistance? Look forward to hearing from you.
Thanks for your time.
Amanda
I ran the update Machine Policy action and waited 20 minutes. Then I opened the PolicyAgent.log and searched for the UID of the August software update deployment. No results were found.
I created a new boundary of the type VPN and specified the name of our Vendors VPN adapter and associated it with a boundary group.. Then I ran a full device scan. Now the VPN devices have a boundary group.
I'll run scans on the client and see if they now pick up the updates.
I've run every task on the client in Control Panel and no updates yet. Maybe they will arrive tomorrow morning.
Although the VPN workstations now show as part of a boundary group, they still do not receive the Windows Updates.
It is required.
I get that it "won't show" but it does show while it installs in the updates list and disappears after that. This update does not do that. Having said that, the issue is that it does not install and never shows up as "installing" in Software Center. The Windows update is not found in the installed updates list and users are never notified to reboot their PC's as the deployment is configured.
In the UpdatesStore.log on a VPN attached device I see:
Queried Update (6e88be6e-d470-4e7e-9f36-01479049aadb): Status=Missing, Title=2021-08 Servicing Stack Update for Windows 10 Version 20H2 for x64-based Systems (KB5005260), BulletinID=, QNumbers=5005260, LocaleID=, ProductID=b3c75dc1-155f-4be4-b015-3f1a91758e52, UpdateClassification = 0fa1201d-4330-4fa8-8ae9-b877473b6441, ExcludeForStateReporting=FALSE.
But it has been over an hour and Software Center still does not any available updates and they are still not installed.
Hi,
The deployment settings of update is available or required? If it is required, the client will download and install the update automatically and after installing, the update would not be shown in the software center. If it is available, it will be shown in software center.
Best regards,
Amanda
I added the "Boundaries Group" column to the Devices list and it shows all VPN devices with no boundaries.
But I verified the IP address of the adapter is within the IP range associated with a boundary group
