Huge shoutout to our own Darrin DiNapoli! Who dug deep into this problem & found the solution!
Scope
Automox customers need not worry! As your devices are scanned, the agent will update and upon next reboot will restore functionally. No action needed beyond your regular maintenance windows.
For our non Automox readers, we are unsure the total scope of impacted Windows 11 versions. Whether or not this is dependent on external settings or preferences, or if this issue will arise simply by deploying the KB5037771 update.
We of course recommend the update as it includes improvements to critical service in Windows 11 and preps your machine for future security and feature updates.
But - let's not get ahead of ourselves, here’s what happened.
Unbeknownst to many, a Preview build of the Windows Update API was activated on a subset of Windows 11 devices.
This was not part of the well-known Windows Insider Preview program but an obscure and undocumented feature. Users had no control over opting in or out, leading to unexpected failures in the Windows Update process.
This anomaly posed a serious challenge: automated updates were disrupted, causing potential security risks and operational inefficiencies. Other automated Windows update tools, Powershell Modules, VC++ code, etc. all depend on this API and remained ineffective unless administrators manually intervened to address the issue.
Symptoms:
This problem is difficult to identify, in our case, it appeared as failing Windows OS updates with blank/null outputs in activity logs. If you’re impacted, you should be experiencing consistent failure of automated Windows updates. Whether your method is with tooling similar to Automox, or custom maintenance scripts in your environment that depend on the IUpdateSearcher component of Windows. Our customers discovered the odd behavior and after lengthy & detailed analysis by our engineering team, we found the root cause.
Root Cause Analysis
The issue is caused by a Preview version of the Windows Update API, which is installed as part of the Servicing Stack Update in KB5037771. The DLL’s (including wuapicore.dll) are located in C:\Windows\UUS\<architecture> and C:\Windows\UUS\Packages\Preview\<architecture>:
If your update automation relies on IUpdateSearcher - spoiler alert, it likely does - the incomplete results from the .Search methods occur when the Preview version of UUS is version 1301.2403.14011.0, AND when the Preview version of UUS is active.
Some important notes, before you dig in to see if you’re affected & need to fix anything.
- The key here is determining the ACTIVE version of the Windows Update API:
# Get and report Windows Update Agent build for troubleshooting issues with UUS Preview
#
$wuAgentVer = (New-Object -ComObject Microsoft.Update.AgentInfo).GetInfo('ProductVersionString')
How to Fix
To fix the root cause, ensure you have the latest updates, and we recommend running the following powershell script:
This is an experimental tactic to disable one of dozens of unlabeled, experimental features, and we can only assume it exclusively resolves these issues with no other side effects - all based on our limited sandbox testing.
$uusKey = "HKLM:\SYSTEM\CurrentControlSet\Control\FeatureManagement\Overrides\4\1931709068"
if (Test-Path $uusKey) {
if ((Get-ItemProperty -Path $uusKey -Name 'EnabledState').EnabledState -ne 1) {
Set-ItemProperty -Path $uusKey -Name 'EnabledState' -Value 1 -Force
$host.UI.WriteErrorLine("UUS Feature override (1931709068) EnabledState changed to 1")
}
}
Again! Automox customers don’t have to worry, our amazing engineering team has got you covered! And for those affected by this, we’re happy to provide you with this solution and hope to chat with you!