I use N-able N-sight (formerly Hounddog, GFI, LogicNow, and Solarwinds) to monitor and patch Windows computers. One server was repeatedly failing to scan for patches. The solution is supposed to be to uninstall and re-install Patch Management.
N-able Support even supplied a temporary PowerShell script to completely remove the feature, but when trying to re-install, the dashboard displays the message, “Installation Failed – Device requires Windows update. After update please reinstall.”
At first, I though that meant I needed to install pending Windows updates, but that didn’t help. As I dug further into this, I was reminded that a Patch Management installation leaves Windows in a non-patching state, i.e. with Windows Updates disabled. I reported this as a bug several years ago but N-able decided not to fix it.
After disabling Patch Management and even running the special PowerShell script provided by Support, the Windows Update service (wuauserv) is set to Manual (Trigger Start):
This is in fact the normal setting when Windows Update is controlled by group policy (as it is on some machines I have that do not use N-Able Patch Management).
Sure enough, sc qtriggerinfo
confirms that the service is controlled by group policy:
Here’s the problem, though. Group Policy for Windows Update is stored in the registry under HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU. (See this Microsoft article.)
After a complete Patch Management uninstallation, that registry key looks like this:
AUOptions is set to 1 – this value is missing from the Microsoft article, but it used to mean “Disable Automatic Updates”
NoAutoUpdate is set to 1 – “Disable Automatic Updates.”
N-able Patch Management sets these values so that it can take complete control of patch management. That’s fine, but it should unset (remove) them when Patch Management is uninstalled. Because it doesn’t do that, the machine will never receive automatic updates again.
To set the machine back to automatic updating (and perhaps allow the re-installation of Patch Management), I deleted the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate key and the AU subkey from the registry. Then I removed the service trigger:
Finally I set the service to start automatically, and started it:
I’m not sure if “Automatic” is the correct setting for an unmanaged Windows Update service—Automatic (Delayed Start) might be better—but it should at least be detected as enabled.