Hi everyone! I recently became the systems administrator at a startup and I'm facing a bit of a challenge with our fleet of HP Elitebook 840s and Dell Pro Max 15s. After setting up the machines with a clean Windows image and switching the storage controller to NVME/AHCI, I started using Windows Autopatch through Intune for updates.
However, I've run into a significant issue - about 30% of our devices are having trouble installing updates, with one recurring error code being 0x800f0991. I've tried a bunch of standard troubleshooting methods, like using DISM, SFC, clearing out Windows Update caches, and even removing and re-enabling devices from Autopatch policies. The Windows Update troubleshooter hasn't been effective either.
I've had some success with in-place upgrades, but lately that approach has failed more often than not, leaving us with the frustrating option of swapping out machines instead of fixing the underlying issue.
I'm wondering: should I keep digging into this problem for a lasting fix, or is it just easier to keep reimaging after an upgrade fails? Any advice for a new sys admin in this situation would be greatly appreciated!
2 Answers
While you don't want to completely abandon patching, it's definitely wise to have some control over how you roll out updates. Consider implementing a 4-ring system for managing patches. Just be aware that sometimes, you might not get feedback from all rings unless you specifically check in with them. Communication is key!
I totally feel your pain. Automatic updates can create a massive headache, especially when they go wrong. One strategy could be to manually control the update rollout across different groups of computers. This way, if an update fails, you only handle a handful of devices instead of the entire fleet. Also, watch out for updates ending in 4109; they can cause issues, especially if you use Remote Desktop. Just my two cents, but this approach has worked better for me over the past year.

Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures