Update Is Not Installing With a Patch Policy
Are you trying to install a Microsoft KB on a Windows device using a Patch Policy, but it's not working despite various configurations? This guide will help you understand why certain KBs might not install and provide steps to address the issue.
Symptoms
- A Microsoft KB is missed during a patch run.
- The update does not appear on the Software or Device Details page in Automox.
Troubleshooting Steps
1. Verify Update Availability
- Identify the KB in question. Example: KB5008602.
- Check if the update appears under the Software or Device Details pages in Automox.
- If it’s missing, it may not be available via the OS repository.
- Search for the KB in the Microsoft Support Center.
- Scroll to the Install this update section to confirm the available distribution methods.
2. Assess Installation Requirements
- If the KB is only available through the Microsoft Update Catalog, Automox cannot apply it directly.
- Updates exclusively available through the Microsoft Update Catalog must be manually installed or deployed using a Worklet.
Root Cause Analysis
Automox relies on the Device Operating System Repository to identify updates. If the update isn’t visible to the OS repository:
- It cannot be patched using Automox.
- A manual or Worklet-based installation is required.
Solution: Use the Windows - Configuration - Install Out-of-Band Patch (MSU) Worklet
This Worklet provides the ability to install an out-of-band KB on a device.
- Replace the $kb variable with the update you wish to install.
- Replace the $UpdateURL variable with the full URL for the KB from the Microsoft Update Catalog. This should point to the .MSU file.
- The .MSU file is then downloaded and installed silently via the Windows Update Standalone installer tool (WUSA.exe).
- Depending on the KB, a restart may be required to finalize the installation. If required, you may use the worklet's native automatic restart feature to achieve this.The default behavior in the script is no restart.