WUfB enabled with Update Baseline, No Notifications

Occasional Contributor

We are piloting a group in our environment to switch to WUfB for servicing and previously deployed updates from WSUS. All our endpoints are currently on Windows version 1803 and joined to a local AD DS domain managed by ConfigMgr. We have deployed Update Baseline in its default configuration via group policy setup a WUfB policy deployed from ConfigMgr.

 

Devices now appear to be updating as expected and are automatically downloading and installing 20H2 directly via WUfB. However, we have yet to see any notifications, toasts, or engaged restart banners for users that have made it past the initial automatic installation and are awaiting a restart. Windows update shows the following:

 

Screenshot 2021-04-07 142746.png

Users are able to initiate the restart themselves, however none of our desktops that have been left online overnight appear to be restarting automatically. These devices all appear to be set to the default active hours of 8:00 AM to 5:00 PM and have no logged in users. 

 

I see that the registry key HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings\EngageReminderLastShownTime appears to be set to a time earlier today, however this computer has no toast notifications to be seen. Are there any additional settings we should ensure are enabled in order to ensure devices are restarting when possible and notifications are being shown for users? Any advice here would be greatly appreciated!

 
 
 
 
 
9 Replies

Witam Brak wyskakujących okienków - może wynikać z zaawansowanych ustawień = powiadomienia zostały wyłączone! Jeśli istnieją potwierdzenia prawidłowych instalacji w rejestrze aktualizacji, wszystko to działa poprawnie! Problem będzie, gdy rejestr mówi, że są one nieskuteczne - próby zainstalowania > wymaga analizy! Automatyczna aktualizacja działa dość niezawodnie, jeśli nie ma bardziej złożonych konfliktów i wymaga indywidualnego sprawdzenia na takim komputerze! Dodam zrzut ekranu w miejscu - Zaawansowane ustawienia na urządzeniu końcowym Ponadto czas migracji aktualizacji jest często dość długi, a poprzednie wersje muszą zostać usunięte - następnie trzeba przeanalizować

@Andrzej1Interesting, I wonder if there is something misconfigured here then. We have the policy "Turn off auto-restart notifications for update installations" set to "Disabled" which is the default for Update Baseline. This causes the notification slider to be grayed out, but off. This appears to be the same when the policy is set to "Not Configured" as well. I do not appear to see any policy that would enable this, is this intended default behavior or is there an extra GPO we should look into?

So surely it is necessary to verify - the configuration of previously saved policies is active, the previous administrator saved a persistent policy = disabled the notification and probably other settings that individually need to be checked, I just turn on additional updates of other Microsoft products = I update not at the same time! The administrator decides = updates take time each sets according to their experience. Thank you Andrew
Hi @JackEller, you can reference our email thread going through this, but for those with a similar issue, if you have deployed the Update Baseline, Intelligent Active Hours are not active. The Update Baseline is to configure policies to get you to as close as the default experience as possible (this is for IT admins that are concerned about not clearing out reg keys out all the way). However, for Intelligent Active Hours to take place, the following policies specifically need to be set to "Not Configured" which means there must be *no* reg key for these policies. To enable your Intelligent Active Hours, you will need to clean out the reg keys for the below policies.
- Specify active hours range for auto-restarts
- Turn off auto-restart for updates during active hours

For your notifications issue, since you have deadlines enabled your devices should be getting notifications to alert about an upcoming deadline. Do you get notifications when your devices are approaching their deadline?

Best,
Kay

Hi @Kay_Toma,

 

Since our devices are on 1803 we actually cannot use intelligent active hours just yet, but we are excited to once our upgrade fully completes. For our pilot deployment, we went ahead and actually removed any GPO setting that was marked as "Not configured" from the Update Baseline template as our environment had never declared them. After doing so, we began to receive toast notifications immediately following the installation of the 20H2 feature update, as we were hoping. We created a separate OU with the default settings for Update Baseline, and it still has the same behavior as previous shown, no toast notifications (granted these machines are on 1803, this may not be the case for all versions). We are now expanding this deployment to further our testing. I have not been able to verify that the Engaged Restart notifications are working or displaying for users, however will let you know as we near the deadline in the coming days. I am at least able to verify that machines did reboot deadline was reached, and that they were being scheduled after taking a look at the logs present in NotificationUxBroker.etl.

 

Thanks for reaching out, so far WUfB has been working great, even without notifications!

That's awesome! Glad to hear, @JackEller! Always gotta watch out for forgotten/remaining reg keys :) (which is why we build the Update Baseline to begin with! But looks like we can give more warning about the Not Configured policies in the Update Baseline)

Let us know if you have any other questions or issues.

Thanks @Kay_Toma. Our biggest question is around the behavior as computers near our deadline. We want to communicate to our end-users what the notifications they will be seeing are going to look like before broad deployment, and I see a few examples in the compliance deadline documentation. For feature updates are users to expect a notification like the one below, or does this only occur for pending quality updates or for feature updates as well?

 

wufb-update-deadline-warning.png

We have yet to catch one of these in-action, but want to make sure that our polices are configured to display notifications like these in addition to the toast notifications that we have been seeing post-install and after login. Are there registry keys we can check or scheduled tasks for these pop-ups to make sure they are being utilized?

 

Thanks again for your help!

 

Yes, those notifications are for Quality Updates as well as Feature Updates! As long as you have the compliance deadline configured you don't need to check other reg keys/scheduled tasks to make sure the notifications are showing. :)
- Specify deadlines for automatic updates and restarts (Enabled)
- Display options for update notifications (Enabled - set to 0 AKA default)

Fantastic @Kay_Toma! I also wanted to run a scenario by you in case I am misunderstanding deadlines. By configuring deadlines and not "Restart outside of active hours" as we had traditionally, are devices that do not have any users signed in going to restart after hours as they previously had? From what I am grasping now, it seems like those devices will wait until the deadline then restart during active hours, is that correct or does the previous behavior still apply? This is assuming we are not setting active hours, we will let the default values apply (8 - 5 and intelligent active hours when possible).