Unable to deploy Office 2024 patch

wsd_administrator · January 23, 2026, 3:04am

I fail to use the following fixlet to deploy Office 2024 patch to the office computers. It is a volume license

Office 2024 Version 16.0.17932.20638 Available - Perpetual Channel - Office 2024 Volume Licensed

Below message is extracted from the log

Not Relevant - Office 2024 Version 16.0.17932.20638 Available - Perpetual Channel - Office 2024 Volume Licensed (fixlet:505843)
At 10:34:37 +0800 -
Report posted successfully
At 10:34:42 +0800 - Enterprise Security (http://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Fixed - 4053440: Security Advisory: Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Enable Workaround (Disable DDE feature) - Excel 2016 (fixlet:405344007)
Fixed - 4053440: Security Advisory: Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Enable Workaround (Disable DDE feature) - Outlook 2016 (fixlet:405344009)
Fixed - 4053440: Security Advisory: Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Enable Workaround (Disable DDE feature) - Word 2016 (fixlet:405344017)
At 10:35:49 +0800 -
Report posted successfully
At 10:40:16 +0800 -
Report posted successfully
At 10:46:50 +0800 -
Report posted successfully

JasonWalker · January 23, 2026, 3:05am

This log snippet starts after the problem, you would need to look a bit before this

wsd_administrator · January 27, 2026, 2:50am

Below is the full log with link and IP are removed, thanks

Current Date: January 23, 2026
Client version 11.0.3.82 built for WINVER 10.0 i386 running on WINVER 10.0.17763 x86_64
Current Balance Settings: Use CPU: True Entitlement: 0 WorkIdle: 10 SleepIdle: 480
Executable Location: C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
File Log Location: C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData__Global\Logs
ICU 73.2 init status: SUCCESS
Agent internal character set: UTF-8
ICU report character set: UTF-8 - Transcoding Disabled
ICU fxf character set: windows-1252 (Latin 1 / Western European) - Transcoding Enabled
ICU local character set: Big5 (Traditional Chinese, windows-950) - Transcoding Enabled

At 10:20:16 +0800 -
Starting client version 11.0.3.82
At 10:20:17 +0800 -
FIPS mode disabled by default.
Cryptographic module initialized successfully.
Using library OpenSSL 3.2.2 4 Jun 2024
Initializing Site: actionsite
Restricted mode
Initializing Site: Advanced Patching
Initializing Site: BES Asset Discovery
Initializing Site: BES Inventory and License
Initializing Site: BES Support
Initializing Site: BigFix Inventory
Initializing Site: BigFix Inventory Discovery
Initializing Site: BigFix Labs
Initializing Site: BigFix Reports
Initializing Site: BigFix Scanner
Initializing Site: Enterprise Security
Initializing Site: Patching Support
Initializing Site: SCM Reporting
Initializing Site: Software Distribution
Initializing Site: Updates for Windows Applications
Initializing Site: mailboxsite
Processing Download plugins
Setting BESClient_Download_FastHashVerify enabled: Off
Beginning Relay Select
At 10:20:29 +0800 -
RegisterOnce: Attempting secure registration with '//xxxxxxxxxxxxxxxx:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=11.0.3.82&Body=545676591&SequenceNumber=276&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=xxxx://Bigfix11.windm.wsd.gov%3a52311&AdapterInfo=c0-25-a5-9d-64-79_10.66.8.0%2f24_xxx.xxx.xxx.xx_0&AdapterIpv6=c0-25-a5-9d-64-79%5efe80%3a%3ad40f%3a1bc4%3a3039%3a2519%2f64_0'
Unrestricted mode
Configuring listener without wake-on-lan
Registered with url '//xxxxxxxxxxxxxxxxxxxxx:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=11.0.3.82&Body=545676591&SequenceNumber=276&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=://xxxxxxxxxxxxxxxx.%3a52311&AdapterInfo=c0-25-a5-9d-64-79_xxx.xxx.xx.0%2f24.xxx.xxx.xxx.xx_0&AdapterIpv6=c0-25-a5-9d-64-79%5efe80%3a%3ad40f%3a1bc4%3a3039%3a2519%2f64_0'
Registration Server version 11.0.4.60 , Relay version 11.0.4.60
Relay does not require authentication.
Client has an AuthenticationCertificate
Relay selected: xxxxxxxxxxxxxxxxxxxxxxx. at: xxxxxxxxxxx:52311 on: IPV4 (Using setting IPV4ThenIPV6)
At 10:20:33 +0800 -
PollForCommands: Requesting commands
PollForCommands: commands to process: 2
Entering Service Loop.
Starting Service Loop.
Successful Synchronization with site 'actionsite' (version 6465) - 'xxxx://xxxxxxxxxxxxxxxxx:52311/cgi-bin/bfgather.exe/actionsite'
At 10:20:34 +0800 - mailboxsite (xxxx://xxxxxxxxxxxxxxx:52311/cgi-bin/bfgather.exe/mailboxsite545676591)
Downloaded 'xxxx://xxxxxxxxxxxxxxxxxxxxx:52311/mailbox/files/6c/30/6c304b32468cff3f5dff8da3e39b4632f858bd3a' as 'Action 505843.fxf'
Gather::SyncSiteByFile adding files - count: 1
At 10:20:34 +0800 -
Successful Synchronization with site 'mailboxsite' (version 5) - 'xxxx://xxxxxxxxxxxxxx:52311/cgi-bin/bfgather.exe/mailboxsite545676591'
ActiveDirectory: Refreshed Computer Information - Domain: WINDM
[ThreadTime:10:20:33] SetupListener success: IPV4/6
GatherHashMV command received.
Already have this version of site.
At 10:20:34 +0800 - mailboxsite (xxxx://xxxxxxxxxxxxxxxxxxxxx:52311/cgi-bin/bfgather.exe/mailboxsite545676591)
Relevant - Office 2024 Version 16.0.17932.20638 Available - Perpetual Channel - Office 2024 Volume Licensed (fixlet:505843)
At 10:20:34 +0800 -
ActionLogMessage: (action:505843) Action signature verified for Execution
ActionLogMessage: (action:505843) starting action
At 10:20:34 +0800 - actionsite (xxxx://xxxxxxxxxxxxxxxxx:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded (evaluated true) continue if {not exists running application ("winword.exe"; "excel.exe"; "powerpnt.exe"; "onenote.exe"; "outlook.exe"; "mspub.exe"; "msaccess.exe"; "visio.exe"; "winproj.exe"; "lync.exe")} (action:505843)
Command started - waithidden "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /update user updatepromptuser=False displaylevel=False updatetoversion=16.0.17932.20638 (action:505843)
At 10:20:34 +0800 -
Encryption: optional encryption with no certificate; reports in cleartext
At 10:20:36 +0800 -
Report posted successfully
At 10:21:39 +0800 -
Report posted successfully
At 10:22:43 +0800 -
Report posted successfully
At 10:23:23 +0800 - actionsite (xxxx://xxxxxxxxxxxxxxxxx:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded (Exit Code=0) waithidden "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /update user updatepromptuser=False displaylevel=False updatetoversion=16.0.17932.20638 (action:505843)
Command succeeded parameter "timeout" = "Fri, 23 Jan 2026 10:23:23 +0800" (action:505843)
Paused pause while True (action:505843)
At 10:23:45 +0800 -
Report posted successfully
At 10:27:58 +0800 -
Report posted successfully
At 10:33:12 +0800 -
Report posted successfully
At 10:33:23 +0800 - actionsite (xxxx://xxxxxxxxxxxxxxxxxxx:52311/cgi-bin/bfgather.exe/actionsite)
Not paused pause while False (action:505843)
At 10:33:23 +0800 -
ActionLogMessage: (action:505843) ending action
At 10:33:23 +0800 - mailboxsite (xxxx://xxxxxxxxxxxxxxxxxxxxxx:52311/cgi-bin/bfgather.exe/mailboxsite545676591)
Not Relevant - Office 2024 Version 16.0.17932.20638 Available - Perpetual Channel - Office 2024 Volume Licensed (fixlet:505843)
At 10:34:37 +0800 -
Report posted successfully
At 10:34:42 +0800 - Enterprise Security (xxxx://sync.bigfix.com/cgi-bin/bfgather/bessecurity)
Fixed - 4053440: Security Advisory: Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Enable Workaround (Disable DDE feature) - Excel 2016 (fixlet:405344007)
Fixed - 4053440: Security Advisory: Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Enable Workaround (Disable DDE feature) - Outlook 2016 (fixlet:405344009)
Fixed - 4053440: Security Advisory: Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Enable Workaround (Disable DDE feature) - Word 2016 (fixlet:405344017)
At 10:35:49 +0800 -
Report posted successfully
At 10:40:16 +0800 -
Report posted successfully
At 10:46:50 +0800 -
Report posted successfully

JasonWalker · January 27, 2026, 1:43pm

This line indicates the command line that was executed...

Command started - waithidden "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /update user updatepromptuser=False displaylevel=False updatetoversion=16.0.17932.20638 (action:505843)

This line indicates the command claims to run successfully (the 'Exit Code=0' indicates the program return a 0 exit code, which should indicate Success)

At 10:23:23 +0800 - actionsite (xxxx://xxxxxxxxxxxxxxxxx:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded (Exit Code=0) waithidden "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /update user updatepromptuser=False displaylevel=False updatetoversion=16.0.17932.20638 (action:505843)
Command succeeded parameter "timeout" = "Fri, 23 Jan 2026 10:23:23 +0800" (action:505843)

One common issue I've seen is that Office Click2Run updates generally require a user account to be logged on at the time. You may need to either set a requirement to run only when user is logged on, or you may need to have the action 'Reapply while Relevant' until it runs with a logged-on user.

Try to verify that, though. I've not patched Office myself in several years. Try running the same action while logged on to the endpoint and see if the update applies successfully in that case.

wsd_administrator · January 29, 2026, 6:42am

It seems download the update from the Internet. How to change it to update from local drive ?

JasonWalker · January 29, 2026, 1:10pm

I think you'd have to write your own custom fixlet to do that? But I may not be clear on what you're asking.

wsd_administrator · January 30, 2026, 3:52am

Sorry that my question is not clear. I want to download the update from the internet to a PC and then distribute the update to the local drives of other PCs in the office. Then use a fixlet to update from the local drives of PCs.

gus · January 30, 2026, 3:42pm

Hi @wsd_administrator , BigFix users can use the task:

#565056 - Configure the Update Source of Office 365 - Office 2024
#365074 - Configure the Update Source of Office 365 - Office 2021
#365076 - Configure the Update Source of Office 365 - Office 365
#365056 - Configure the Update Source of Office 365 - Office 2019
#365055 - Configure the Update Source of Office 365 - Office 2016

To choose the update source of Office Click-to-Run product updates.

Through the web [from the Microsoft Content Delivery Network (CDN)]
From an on-premises location. This method requires setting up a network share location from which updates can be downloaded. Throughout this document, 'network share' or 'network share location' refers to this method.
Through the use of the BigFix architecture, wherein the entire binary is downloaded to the client cache folder.

Please review the following documentation for more details:

Jgregory · February 2, 2026, 3:01pm

You can use the Office deployment tool to download the files, save them to a network share, use the configure update source to point to that share.(Give machines access to that share) You would need to use ODT monthly to get the patches. But you run setup.exe /download and the xml config file.

wsd_administrator · February 5, 2026, 3:19am

Thank you …………………………

wsd_administrator · February 5, 2026, 3:20am

Thank you ………………………………..