Question

Critical patch policies keep failing

  • 9 February 2024
  • 6 replies
  • 438 views

Badge

Hi Everyone, im trying to figure out why critical patch policies is keep failing with below error code(ignore OpenVPN). its happening to almost 70 percent of device.. i tried restarting windows update services to find out if that resolve the issue but so far no luck. any suggestion this would be highly appreciated.

Thanks

 

 

 

 

Failed to apply patches ("OpenVPN Connect" "Remote Desktop" "2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441)" "FileZilla Client" "AWS Command Line Interface v2"): Error: OpenVPN Connect is unable to patch because it is currently running
InstallMSUpdates : Install failed with ResultCode 4 and HResult -2145124318
At C:\Program Files (x86)\Automox\execDir177495117\execcmd237205320.ps1:1727 char:17
+                 InstallMSUpdates $lst
+                 ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,InstallMSUpdates
 
InstallMSUpdates : Install failed with ResultCode 4 and HResult -2145124318
At C:\Program Files (x86)\Automox\execDir177495117\execcmd237205320.ps1:1727 char:17
+                 InstallMSUpdates $lst
+                 ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,InstallMSUpdates
 
InstallMSUpdates : Install failed with ResultCode 4 and HResult -2145124318
At C:\Program Files (x86)\Automox\execDir177495117\execcmd237205320.ps1:1727 char:17
+                 InstallMSUpdates $lst
+                 ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,InstallMSUpdates
 
InstallMSUpdates : Install failed with ResultCode 4 and HResult -2145124318
At C:\Program Files (x86)\Automox\execDir177495117\execcmd237205320.ps1:1727 char:17
+                 InstallMSUpdates $lst
+                 ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,InstallMSUpdates
 

COMMAND TIMED OUT.
Error: 0x80240022, -2145124318
Error Source: FACILITY_WINDOWSUPDATE
Error Message: Operation failed for all the updates.


6 replies

Badge

I’ve been getting this same issue on newer patches. Started around the beginning of January. Older patches seem to work fine, but the newest ones are giving me that same problem. Have tried countless troubleshooting steps, but a large amount of clients still fail the KB5034441 or KB5034123 updates

Userlevel 5
Badge

@Maulik_Busa @AOkanovic Could you submit a support ticket with our support team? They will want to take a closer look! Thank you! 

Badge

While in the process of creating a ticket, i noticed a knowledge base page regarding this KB update had come up. The link to it is https://help.automox.com/hc/en-us/articles/22922009646612-KB5034441-Windows-Update-Failure?input_string=kb5034441

I guess it is possible there are other updates from this month that are falling into the same error code. I’ll hold off on making a ticket now since it is a known issue and it is recommended to block the patch. Just wanted to link the above in case anyone else had the same issue in their environment

Do you happen to use SentinelOne? SentinelOne update from January broke this. We do and we had this same issue. Any worklet that has a file attached and any policy that patches 3rd party apps errors out.

The fix is added in an exclusion in SentinelOne.

 

Add the following path exclusion below:
==================================

\Device\HarddiskVolume*\Program Files (x86)\Automox\amagent.exe

Exclusion Mode: Interoperability - extended

==================================

Save the configuration, wait about 5 minutes, then reboot computer.

Badge

We dont use SentinelOne but i agree with your 3rd party apps part. its not just those Microsoft KB updates that failing it also 3rd party apps to. im still actively investigating what's causing it..

We have several clients that are failing on the monthly 2024-02 (KB5034765).  It looks like there is a bug for this one.  There is a workaround that works for some.  DELETE THE FOLDER CALLED $WinREAgent IN YOUR C:\ . It's a hidden folder so be sure you have Hidden Folders turned on. Once you delete the file fully, reboot, and then your computer will update

Reply