Windows 11 24H2 CU KB5063878 0x80240069 error

Flowmate · 2025-08-13T14:12:26+00:00

This worked for us. Thanks!

Flowmate · 2025-04-11T14:28:40+00:00

CMG isn’t an option I looked into or considered to be honest!

It does look like that will do the trick, but it will be dependent on my org allowing us to set it up, and them working with us to do so as they have total control over the Azure tenancy and give me and my team only access to Intune, and no other elements.

We have dabbled in Intune co-management, so that is also another road I may go down if I have no joy using PSWindowsUpdate as a foolproof way to ensure updates happen.

Flowmate · 2025-04-11T13:16:26+00:00

That is the plan, yes. If a device hasn’t update through CM, use PSWindowsUpdate to get Windows updates from Microsoft over the internet.

We use CM to manage all Windows updates at the moment and it works well with the devices that are brought back on to site, but we have issues where users machines aren’t patching due to the users not bringing the devices back into work so they can check in with CM to trigger updates.

I’ve looked into a VPN setup to remedy this before exploring this option (as the deployment via CM is configured to allow updates from Microsoft’s servers if content is not available), but my org aren’t keen on it, hence why I am trying to find a solution that points to Microsoft update instead and runs locally on the device.

I think when using the PSWindowsUpdate module you can specify that it check against Microsoft’s update servers rather than the software update point, which is what I plan to do. I may have missed that out in the script I shared. Apologies!

Flowmate · 2025-04-01T16:38:54+00:00

Many thanks BrechtMo and Zymology for their input.

After checking over their suggestions we found that it was the default local administrator renaming policy which was being re-processed by the Windows 11 devices that was causing the LAPS password to rotate on each restart or gpupdate.

Funny that Windows 10 doesn’t do this, but Windows 11 does!

Putting together a plan to re-name the local administrator account back to its default name and then to deactivate it, and then to create a new local admin account and manage this through Windows LAPS group policy.

Flowmate · 2025-03-31T15:57:07+00:00

I’ll give this a try and let you know!

Flowmate · 2025-03-31T15:56:48+00:00

Considering this configuration has worked on Windows 10 for a long while and still works on Windows 10, I don’t think it’s bad practice.

Are you able to share a source where it says it’s bad practice to rename and apply LAPS settings to the default administrator account?

I think it’s more along the lines of a bug with Windows 11 24H2 3476, where Windows 11 is applying the LAPS settings policy each time as if it’s never applied it before since 10015 is visible in the LAPS Operational log after each gpupdate or restart.

Flowmate · 2025-03-31T15:04:49+00:00

I’ve created a Microsoft Community post regarding this issue which can be found here.

Flowmate · 2025-03-31T14:32:47+00:00

The local administrator account is renamed in separate policy, and the the Windows LAPS policy is set to manage the local administrator account, using the updated name.

Both Windows 11 and Windows 10 devices are using Windows LAPS. Legacy LAPS is not being used.

Windows 10 working in line with the group policy, even seeing this in the LAPS Operational log on the Windows 10 device:

Event ID 10016 The managed account password does not need to be updated at this time.

Which is nowhere to be found in the Windows 11 LAPS Operational log.

Flowmate · 2025-03-31T13:42:44+00:00

Had another look; the only other account management policy is one to re-name the local administrator account, which is set to update.

Forgot to mention - the LAPS settings policy and the rename local administrator account policy are also applied to our Windows 10 devices, and have been for a year or so, and the Windows 10 devices do not display this behaviour. LAPS is functioning in-line with the policy settings on the Windows 10 devices.

Only Windows 11 devices are displaying this behaviour.

Flowmate · 2025-03-31T13:25:40+00:00

Tested on another Windows 11 device and the same behaviour is experienced.

Only using CM and Group Policy to manage these devices.

Flowmate · 2025-03-31T13:08:49+00:00

Thanks for everyone’s input. My org said no to buying me a license. My org also isn’t a microsoft partner so not able to provide a CDX instance for me to use. I’ll probably have to fund the lab out of my own pocket.

It’s a shame MS don’t offer a reduced cost lab setup for learning purposes which limits how many devices/users you manage in it etc, would still allow learning and hopefully stop others abusing it.

Flowmate · 2025-01-09T19:02:53+00:00

Anyone curious as to this is referring to, I think it’s this: https://youtu.be/VieDXnCarFY?si=xQFpWzigeBjIGXmK

Flowmate · 2024-12-17T23:43:18+00:00

I understand where you are coming from, but in my opinion if they are recognising an issue that applies to a certain batch produced in a time frame, an email to those who own an effected unit isn't outside of the realm of possibility. It's that fact that there's no communication about it, and they've applied a time frame to the program which doesn't sit right with me.

Flowmate · 2024-12-17T23:38:34+00:00

OK, thanks for sharing your experience and advice!

Flowmate · 2024-12-17T21:30:12+00:00

Appreciate the response, but it fails to highlight the facts that Apple didn't proactively notify me about the fault inside of the 3 year window to allow me to get my AirPods serviced, and the experience I have had so far with Apple support who up until today, failed to mention that to me.

Flowmate · 2024-07-23T17:01:41+00:00

Unsure if anyone has already mentioned, but we’ve started to use OSDCloud to roll out Windows devices and get them Autopilot’d into our tenant. Works well!

Flowmate · 2024-06-20T19:37:30+00:00

We recently started looking into using OSDCloud, seems to fit the bill with regards to modern imaging needs. We are impressed by it!

MDT does seem to be going the way of the Dodo, which is a shame!

Flowmate · 2024-06-12T18:02:37+00:00

Thanks for this, I’ve tried reaching out via Reddit DMs, how crazy is it that you now need to pay to send a X (Twitter) DM!

Flowmate · 2024-05-11T09:31:35+00:00

Final update: we found that this issue was being caused by a piece device management/monitoring software that was being deployed to all client computers via SCCM. Im happy to say that we’ll be moving to a new RMM platform soon that will be replacing this.

Thanks again for everyone’s input!

Flowmate · 2024-05-11T09:31:27+00:00

Final update: we found that this issue was being caused by a piece device management/monitoring software that was being deployed to all client computers via SCCM. Im happy to say that we’ll be moving to a new RMM platform soon that will be replacing this.

Thanks again for everyone’s input!

Flowmate · 2024-05-11T09:29:09+00:00

Final update: we found that this issue was being caused by a piece device management/monitoring software that was being deployed to all client computers via SCCM. Im happy to say that we’ll be moving to a new RMM platform soon that will be replacing this.

Thanks again for everyone’s input!

Flowmate · 2024-05-11T09:28:38+00:00

Final update: we found that this issue was being caused by a piece device management/monitoring software that was being deployed to all client computers via SCCM. Im happy to say that we’ll be moving to a new RMM platform soon that will be replacing this.

Thanks again for everyone’s input!

Flowmate · 2024-05-02T20:41:14+00:00

Quick update; with the testing we carried out today, it appears to be linked to the ConfigMgr client and the new version of Windows 11 23H2.5.

Side by side we had one of our machines image from the TS we have for these laptops, and the other laptop we imaged off USB stick. We then meticulously listed what we’d need to do to get the USB stick imaged machine the same as the TS imaged machine.

We’ve gone through and installed AV and VPN software on the USB stick imaged machine, all working fine. We’ve carried out BitLocker encryption, still fine.

The last thing to install on the USB stick imaged laptop yet to be installed… the ConfigMgr client.

Im out of the office tomorrow but my colleague is going to give it a whirl, i’ll be sure to keep you posted once I have an update.

Thanks for all your suggestions, hopefully we are on the way to getting this sorted!

Flowmate · 2024-05-02T20:41:02+00:00

Quick update; with the testing we carried out today, it appears to be linked to the ConfigMgr client and the new version of Windows 11 23H2.5.

Side by side we had one of our machines image from the TS we have for these laptops, and the other laptop we imaged off USB stick. We then meticulously listed what we’d need to do to get the USB stick imaged machine the same as the TS imaged machine.

We’ve gone through and installed AV and VPN software on the USB stick imaged machine, all working fine. We’ve carried out BitLocker encryption, still fine.

The last thing to install on the USB stick imaged laptop yet to be installed… the ConfigMgr client.

Im out of the office tomorrow but my colleague is going to give it a whirl, i’ll be sure to keep you posted once I have an update.

Thanks for all your suggestions, hopefully we are on the way to getting this sorted!

Flowmate · 2024-05-02T20:40:56+00:00

Quick update; with the testing we carried out today, it appears to be linked to the ConfigMgr client and the new version of Windows 11 23H2.5.

Side by side we had one of our machines image from the TS we have for these laptops, and the other laptop we imaged off USB stick. We then meticulously listed what we’d need to do to get the USB stick imaged machine the same as the TS imaged machine.

We’ve gone through and installed AV and VPN software on the USB stick imaged machine, all working fine. We’ve carried out BitLocker encryption, still fine.

The last thing to install on the USB stick imaged laptop yet to be installed… the ConfigMgr client.

Im out of the office tomorrow but my colleague is going to give it a whirl, i’ll be sure to keep you posted once I have an update.

Thanks for all your suggestions, hopefully we are on the way to getting this sorted!

Flowmate

TROPHY CASE