Update Is Not Installing With a Patch Policy

Update Is Not Installing With a Patch Policy

Are you trying to install a Microsoft KB on a Windows device using a Patch Policy, but it's not working despite various configurations? This guide will help you understand why certain KBs might not install and provide steps to address the issue.

Symptoms

  • A Microsoft KB is missed during a patch run.
  • The update does not appear on the Software or Device Details page in Automox.

Troubleshooting Steps

1. Verify Update Availability

  1. Identify the KB in question. Example: KB5008602.
  2. Check if the update appears under the Software or Device Details pages in Automox.
    • If it’s missing, it may not be available via the OS repository.
  3. Search for the KB in the Microsoft Support Center.
    • Scroll to the Install this update section to confirm the available distribution methods.

2. Assess Installation Requirements

  • If the KB is only available through the Microsoft Update Catalog, Automox cannot apply it directly.
  • Updates exclusively available through the Microsoft Update Catalog must be manually installed or deployed using a Worklet.

Root Cause Analysis

Automox relies on the Device Operating System Repository to identify updates. If the update isn’t visible to the OS repository:

  1. It cannot be patched using Automox.
  2. A manual or Worklet-based installation is required.

Solution: Use the Windows - Configuration - Install Out-of-Band Patch (MSU) Worklet

This Worklet provides the ability to install an out-of-band KB on a device.

  1. Replace the $kb variable with the update you wish to install.
  2. Replace the $UpdateURL variable with the full URL for the KB from the Microsoft Update Catalog. This should point to the .MSU file.
  3. The .MSU file is then downloaded and installed silently via the Windows Update Standalone installer tool (WUSA.exe).
  4. Depending on the KB, a restart may be required to finalize the installation. If required, you may use the worklet's native automatic restart feature to achieve this.The default behavior in the script is no restart.

Additional Resources



Was this article helpful?
0 out of 0 found this helpful