Since last week we experiencing a lot of problems with Windows updates (mostly Windows 11, but there was one Windows 10 among them as well), specifically KB5040442. On about 10% of our Windows clients the update would start and go until 96% and stay there for 10-60 minutes, and then after a restart Windows would tell us that something did go wrong and it would reverse the update. This would require multiple restarts and anything in the order of 2-10h. The usual information sources did not reveal anything unusual with this update round, so it had to be some uncommon conditions here.
When Windows was back online, it would sometimes (!) show an error code 0x800f0922, oftenly nothing, and on next restart it would try to install it again (and our employees losing again 4-10h with a working computer). First remedy, as described in the error code was to increase the size of the recovery partition to at least 250MB, but that helped only on one computer. No other things related to the code did apply to us or help. DISM and SFC sometimes would find something, but did not help in fixing the issues with the update. Over time some of the computers randomly succeeded in installing the update.
Last straw I had was to disable and uninstall Forticlient. And with that so far all of the clients went through the update without a hitch. Now I am anxious that it will return with the next update when I reinstall Forticlient. In retrospective, two computers had some troubles with some previous updates, but we re-installed Windows on them. Both were also affected this time.
What should be do and how can we prevent that from happening again? Is there anything to further debug and diagnose this issue?
For your reference we use Forticlient 7.2.4.0972 with EMS, and a Fortigate 200F as main firewalls. We have the web filter, AV and real-time protection enabled, as well as Anti-malware, Anti-Exploit and Cloud-base malware protection.
Thank you in advance for your help.
Regards,
Markus
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello, I would suggest checking EMS profile for affected end users
Did you ever get an answer to this? I'm using a very similar set up to you and we experienced similar issues with the July updates.
Hi Vince.
No, we didn't get this fully resolved. Our solution is still to put the computers with update troubles temporarily in a group with disabled malware protection, do the update, then re-enable.Just this morning one of the computers in the previous update failure round just did it again. We couldn't find any useful logs that would give us any insight in what's going on and how to prevent it in the future.
This is so frustrating, but it's a little relief, that we're not the only ones suffering there, as it drove me crazy that there was no general news on anything like that whatsoever.
This is frustrating, but I'm kind of relieved that we don't seem to be the only ones affected by this.
Created on 08-15-2024 04:45 AM Edited on 08-15-2024 04:48 AM
Yes it's great to see someone else suffering if you know what I mean!
We are also experiencing it with the August updates too. When you say you disabled malware protection, do you mean on Forticlient using EMS? Our "Malware Protection" profile has Antivirus Protection, Anti-Ransomware, Anti Exploit, Cloud based Malware Protection and Removeable Media Access all set to off (and always have been). Under Advanced, under Other we have scan for rootkits, adware, riskware, email and notify logged in users and on and other settings off. Are you using ZTNA at all?
Hi Vince.
Debugging the issue was quite a pain, because everything we tried, meant either wait for 6h for the computer to get back to when the solution wouldn't work, or it would work and then this computer was basically burnt for debugging.And most of the people were eager to get their computer back up and running fast, so the ones we had for debugging were seriously limited.
So, in order to circle out the area where to look for, I first went for uninstalling Forticlient entirely on one computer, which solved the issue. Then I just removed it from EMS, but left Forticlient installed, to make sure it wasn't a general thing with the file filter drivers, but only when the module was actually active. This worked as well. Then I created a policy for those PCs, where all the options in Malware protection you mentioned are off. Also in this profile we disabled the Firewall and Sandbox protection. After that, we basically ran out of PCs to test it with, so I couldn't fine tune it any further.
> Are you using ZTNA at all?
No, it's disabled for us.
Regards,
Markus
Our firewall isn't enabled but the sandbox is. I'll try similar tactics and see where we get to. Do you use the web filter? I've raised a ticket with forti too.
Are you using sophos or any other security products?
Created on 10-03-2024 11:33 AM Edited on 10-03-2024 11:34 AM
hey guys, any news on your tickets or the issue as a whole?
this windows 11 update 24h2 is causing some issues around here. we are not actually getting failed updates, but they're taking way too long (around 5hs). Without forticlient it finishes in about 10 minutes.
Created on 10-08-2024 12:52 PM Edited on 10-08-2024 12:53 PM
Not made much progress other than creating and moving devices to another profile in EMS that has much fewer options going on (no vuln scan etc). Can't find a rhyme or reason for it other than forticlient seems to be at the heart of it.
Moving the devices to this new profile seems to fix the issue but next month we face the same issue with different devices.
Hi, I could not find any know issues with the forticlient but I found another community forum which had the same issue and making changes to the windows 11 PC helped the users, please check this forum if this helps you.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.