The last couple months, when I went to run updates for Windows 10 machines, about half of them are failing with exit code -2145124329. This month, for example, they fail installing the fixlets relating to KB3140768 and KB3144756.
I’m able to successfully install the updates by using remote desktop. However the KB still shows as relevant in the IEM console.
Any ideas?
Take a look at this page:
The exit code you experienced was due to:
0x80240017 -2145124329 WU_E_NOT_APPLICABLE Operation was not performed because there are no applicable updates.
There may be a problem with the relevance of the fixlet (maybe it should not be relevant), run an MBSA scan to determine if the update is indeed needed.
Or there may be an issue with the installation of the package on that endpoint which might require looking for a Microsoft solution on their site or contacting their support department.
I installed MBSA on my server and attempted to scan one of the affected computers. I got the message “Windows Update Agent is not supported on this operating system.” From what I read online, the MBSA tool does not work with Windows 10.
It appears to be a relevance issue (since Windows Update doesn’t show that an update is needed), but I don’t know where to start looking. Is there some sort of relevance checking tool that I can use to check sections of the logic at a time?
Hi Nathan,
May I know for a Windows 10 machine, are you running a single Fixlet, or multiple Fixlets in a baseline?
Most (not all) of Windows 10 updates are cumulative, meaning if you happen to place the latest patch at the top of the baseline, the rest of the patches are no longer applicable after it has been installed.
However if this is not the case, or you can confirm it’s a false positive relevance, kindly open a PMR so that the content team is able to help you.
Thank you!
It’s a single Fixlet. I will open a PMR for this problem.
If I get an answer worth mentioning, I will post an update here for others to reference.
With the release of Windows 10 version 1511, Microsoft changed the way that some group policy settings are applied. In Group policy editor, under Computer Configuration, Administrative Templates, Windows Components, Windows Update, there is a setting that used to be called “Defer Upgrades”. It is now called “Defer Upgrades and Updates”, and it has some settings specifying how many months to defer upgrades and how many weeks to defer updates. Because I had enabled that option in Group Policy, Microsoft was not allowing the update to install.
To fix the problem, I:
The fixlet successfully installed.
Thanks Nathan for posting the resolution!
Yes we do have a relevance checking tool called the Fixlet Debugger tool.
You can download the tool here:
Note: download the version of the tool for the version of the client you have installed on your Windows endpoint.
Here is a video demonstrating the usage of the tool:
And for non-Windows endpoints see the following: