Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: Windows Server, all supported versions
This article is designed to help you troubleshoot missing device data from Windows Update for Business reports. If data is missing from your reports, there are three primary questions that you have to answer:
- Did Windows Update for Business reports receive the data but not include it in reports?
- Are the devices correctly configured to send diagnostic data, and have they tried to send it?
- Are network connections and permissions correctly configured, including any proxy servers?
Verify that Windows Update for Business reports is receiving data
After you enroll a device and configure it to share data, wait for 48 hours for data to start appearing in reports. In some cases, data from devices that aren't active much might take up to 14 days to appear in reports.
To verify that the reports service is receiving data from the device, run a query the UCClient table. For example, the following query shows the total enrolled device count per time-generated:
UCClient | summarize count() by TimeGenerated
If the table contains data from the device but the data is missing from reports, a problem might exist in the report configuration. For more information, see the following articles:
If sufficient time has passed since the device was configured and enrolled, and the table still contains no device data, go to the next section to start troubleshooting the device.
Check the data transmission prerequisites for devices
Note
This section summarizes the data transmission prerequisites. For a full discussion of these requirements and an up-to-date list of endpoints, see Enable Windows diagnostic data processor configuration.
Requirements for devices
- Use a supported version of Windows 11 or Windows 10
- The following editions are supported:
- Enterprise
- Professional
- Education
- The device must be Microsoft Entra joined (it can be a hybrid Microsoft Entra join).
- The diagnostic data setting on the device should be set to Required diagnostic data or a higher value.
Requirements for internet access
Devices have to be able to connect to the following endpoints. (This list was current at the time of publication.)
us-v10c.events.data.microsoft.com
(eu-v10c.events.data.microsoft.com
for tenants that have billing addresses in the EU Data Boundary).watsonc.events.data.microsoft.com
(eu-watsonc.events.data.microsoft.com
for tenants that have billing addresses in the EU Data Boundary).settings-win.data.microsoft.com
*.blob.core.windows.net
Note
Tenants that have billing addresses in countries or regions in the Middle East or Africa, and European countries or regions that aren't in the EU, also use the
eu-v10c.events.data.microsoft.com
andeu-watsonc.events.data.microsoft.com
endpoints. Their diagnostic data is processed initially in Europe. However, those tenants aren't considered part of the EU Data Boundary.
Devices can connect directly or by using a proxy server. If a device has to use a proxy server, the device configuration must meet the requirements that are described in the next section.
Configure devices to use a proxy connection
If your devices have to use a proxy connection, you can use one of two types:
- A user proxy (WinINET-based)
- A system proxy (WinHTTP-based)
Microsoft recommends that you configure the proxy servers to allow traffic to the diagnostic data endpoints without requiring proxy authentication. This approach is the most comprehensive solution, and it's compatible with all versions of Windows 10 and Windows 11.
On the device, the Windows Universal Telemetry Client (UTC) service is responsible for transmitting diagnostic data. When the UTC service starts to transmit, it first tries to connect directly to the endpoint. If the UTC service can't connect in that manner, it checks the device for a proxy configuration. The UTC service uses either type of proxy configuration, unless Group Policy dictates a specific proxy configuration. For more information about how to use Group Policy to configure the proxy server, see Configure device proxy and Internet connectivity.
The following table lists the two types of proxy connections and which scenarios each is suitable for.
Type | Scenarios |
---|---|
User proxy | At least one user account has permissions to access the device console, the proxy server, and the endpoint. |
System proxy | The device is headless (users don't sign in). Device users don't have internet permissions. The proxy servers require authentication, but they don't support Integrated Windows Authentication. Your infrastructure is integrated with Microsoft Defender for Endpoint. |
Important
Before you configure devices to use a proxy server, make sure that the devices have the latest quality updates for a supported version of Windows.
Configuring a user proxy
When you use the user proxy approach, the UTC service uses the context of the signed-in user to connect to the proxy server and the diagnostic data endpoints. Therefore, make sure that the designated user account has the appropriate permissions.
On the device, in Network and internet settings, use the Proxy tab to configure the user-level (WinINET) proxy.
Note
You can also use the legacy Internet Options control panel to configure the proxy settings.
Configuring a system proxy
Configuring the local system account
When you use the system proxy approach, the UTC service uses the local system context to connect to the proxy server (through WinHTTP) and the diagnostic data endpoints. Therefore, make sure that the local system account has the appropriate permissions. To do this, use one of the following methods:
- In a Command Prompt window on the device, run
netsh winhttp set proxy
. - Use the Web Proxy Auto-Discovery (WPAD) protocol.
- Use a transparent proxy.
- In Group Policy, configure a device-wide WinINET proxy by enabling Make proxy settings per-machine (rather than per-user).
- Establish a routed connection.
- Use Network Address Translation (NAT).
Configuring the proxy servers
Make sure that the proxy servers use the following configuration: The proxy servers use Integrated Windows Authentication. The proxy servers allow Active Directory Domain Services (AD DS) computer accounts to access the diagnostic data endpoints.