Issues with Windows/3rd party apps updates installation (CMG)

Question

Hi, recently we have deployed CMG just to be sure that all Windows 10 clients are manageable without need for VPN. Having distributed 3rd party apps updates package to CMG I tested patching on my laptop and ran into this (WUAHandler.log) - I have not distributed package for Windows 10 updates since Microsoft locations should be used to pull content from:

Its a WSUS Update Source type ({A4BF5916-DF74-44C1-BF58-68AE14A43278}), adding it.
SourceManager::GetIsWUfBEnabled - There is no Windows Update for Business settings assignment. Windows Update for Business is not enabled through ConfigMgr
Existing WUA Managed server was already set (https://CMGFQDN/CCM_Proxy_ServerAuth/...), skipping Group Policy registration.
Added Update Source ({A4BF5916-DF74-44C1-BF58-68AE14A43278}) of content type: 2
Scan results will include superseded updates only when they are superseded by service packs and definition updates.
Search Criteria is (DeploymentAction= AND Type='Software') OR (DeploymentAction= AND Type='Driver')
Async searching of updates using WUAgent started.
Async searching completed.
OnSearchComplete - Failed to end search job. Error = 0x8024402c.
Scan failed with error = 0x8024402c.

I see that content was downloaded in ccmcache (probably when I was on VPN the day before to do something VPN is required for - access to some internal AD forests) - having connected to VPN I could install June updates without issues but that defies purpose of CMG altogether.

It seems client still tries to connect to internal WSUS although that is not apparent in log.

Answer 1

Hi @Bojan Zivkovic ,

Please check if the WUStatusServer resource is from CMG or just internal WSUS? If it is from WSUS, please check the CMG building.

Please refer to the following screenshot:

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Currently I am not on VPN and I see CMG listed:

PS C:\> Get-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -Name WUServer,WUStatusServer | Format-List -Property WUServer,WUStatusServer

WUServer : https://CMGHostName.WESTUS.CLOUDAPP.AZURE.COM/CCM_Proxy_ServerAuth/...
WUStatusServer : https://CMGHostName.WESTUS.CLOUDAPP.AZURE.COM/CCM_Proxy_ServerAuth/...

Error = 0x8024402c according to error lookup has something to do with failed name resolution but failed resolution of what if registry entries point to CMG and I can resolve CMG FQDN while not on VPN.

Latest update: I managed to install two 3rd party apps updates from Software Center while not being on VPN, maybe error above was temporary but still do not know root cause:

What I can't check now is whether Windows updates installation would be successful since I already installed June updates last week over VPN.

Answer 3

Do you know how much it takes for registry entries above to change having disconnected from VPN (and how to trigger that manually)? Today I was on VPN and still I see internal WSUS in registry even though I disconnected from VPN more than 1hr ago.

Had it been some update in Software Center its installation definitely would have failed with original error so this may happen again since registry entries are not reflecting the fact CM client is on internet.

This is too much really (1hr+) not to see changes in registry automatically pointing to CMG. Something is wrong here again.