Problem downloading updates software update deployment(SCCM and ADR) specfiy Windows 11 build 25 H2

Question

Problem downloading updates software update deployment(SCCM and ADR) specfiy Windows 11 build 25 H2

SSE@TUE 360

Hi,

I'm in the process of deploying windows updates to Windows Clients (Windows 11 build 25H2) Windows servers(2019,2022,2025) in my environment with SCCM and ADRs and most of the client computers have installed updates just fine however around 50 or so client computers are not installing updates and the updates are not getting downloaded. When I click to install updates it just stays stuck at 0% downloading and never installs until eventually it times out

My Boundary and Boundary Groups

the updates have been distributed to the DP servers. The boundaries are configured to include the clients in the scope. All of my boundary groups are set up with the Active Directory site only.

We have the following IP Range

192.168.0.0, 172.20.0.0, 172.10.0.0. 172.40.0.0

But I set my My Boundary and Boundary Groups with the Active Directory site only.

Is that the my issue?

Should/Could I create or add some new Boundary with IP address Range(what we have see above IP Range) additionally to my Active Directory site?

Could you please help me?

Regards

0 comments

1 answer

Your answer

Answer 1

Rayyan Fawad 0

Yes, that is exactly your issue. When your Configuration Manager (SCCM) clients hit a 0% downloading snag, it means they are successfully talking to the Management Point to receive their policy, but they cannot find a valid Distribution Point (DP) to pull the actual Windows 11 build 25H2 update binaries from.

Relying solely on an Active Directory site boundary frequently fails if your network subnets aren't perfectly mapped to your AD sites or if clients are using VPNs and remote subnets. Because you have distinct IP ranges (192.168.0.0, 172.20.0.0, etc.), you should immediately create explicit IP Address Range boundaries for each of them in your SCCM console. Once those boundaries are created, add them directly to your active Boundary Group and verify that your target Distribution Points are explicitly linked to that group under the References tab. This ensures that when the 50 failing machines request the content, SCCM can successfully map their current IP to a local DP hosting the package, which will instantly break the 0% download lock.

SSE@TUE 360 Reputation points

2026-06-05T10:23:22.17+00:00
First question

Can I have more as one Boundary and Boundary groups in SCCM Environments? As I told, I have a the time only the Active Directory site

Could you tell me please why I have a the time two Boundary groups, one is relatetd to the default Boundary the second have not any reference or member

Is that created by default? Because you cannot delete it.

second question.

I have to create 4 Boundary with following IP address Range

192.168.0.0

172.20.0.0

172.10.0.0.

172.40.0.0

do I create for each Boundary a new Boundary Groups too?

and the site assignment is still the same like my default site assignment?

Thank you
Rayyan Fawad 0 Reputation points

2026-06-05T10:25:54.64+00:00

Don't worry about those two default groups—that's completely normal behavior! Configuration Manager sets them up automatically as built-in safety nets, so you can leave them exactly as they are without deleting anything.

As for your four IP ranges, you don't need to overcomplicate things by making four separate groups. Just create the individual boundaries first, and then add all four of them right into your single, active Boundary Group (the one your Distribution Points belong to). Keep the site assignment checked exactly like your screenshot shows so machines map correctly. Once those IP ranges are bundled into your main group, your clients will finally see where the updates are hosted, and that 0% downloading progress bar should instantly start moving!
SSE@TUE 360 Reputation points

2026-06-05T10:39:28.9566667+00:00

Ok, if I understand you correctly, I am creating 4 Boundary with IP address Range (add my Site System, I have only one) and add all 4 new created Boundary to my default Boundary Group( the following)

and use the "Site assignment" for all new created Boundary.

Is there any more steps I have to do?
Rayyan Fawad 0 Reputation points

2026-06-05T10:43:34.8733333+00:00

You've got it down perfectly! Yes, that is exactly right.

Since you have already added those four new IP address range boundaries directly into your primary Default AD Site Boundary Group and ensured the site assignment is checked, the configuration side is fully complete.

There is just one final verification step to make sure the data actually flows:

Verify Content Distribution: Open your Windows 11 build 25H2 update package properties in the console, head to the Content Status section, and double-check that the update has successfully and completely distributed (showing a green 100% success state) to the specific Distribution Points (DPs) associated with that boundary group.

As long as the content is sitting green on those DPs, your work here is done! The client machines will automatically evaluate their network location during their next scheduled deployment evaluation cycle, spot the available local content source, and that 0% progress bar will cleanly start downloading.

Share via

Problem downloading updates software update deployment(SCCM and ADR) specfiy Windows 11 build 25 H2

1 answer

Your answer