Microsoft made its latest feature update rollup, Windows 11 22H2, available to “seekers” on September 20, two weeks ago today. Yet a number of customers who proactively have tried to download the update have found no joy. Based on its own telemetry data, Microsoft puts “safeguard holds” on certain PC configurations when new feature updates are released in order to try to prevent users from encountering known issues. Microsoft has disclosed a few of the possible Windows 11 22H2 blockers, but customers have been unearthing more on their own.
Microsoft has published on its Windows 11 22H2 Release Health Information page a handful of the known issues which may be preventing users from getting this update. Four are listed as of October 4:
- Some installed printers might only allow default settings
- Compatibility issues with Intel Smart Sound Technology drivers and Windows 11
- Copying files/shortcuts using Group Policy Preferences might not work as expected
- KB5012170 might fail to install and you might receive a 0x800f0922 error (Security update for Secure Boot DBX might fail to install)
Microsoft has posted a workaround on the printer issue and says it is working on a resolution which the company will provide via an update in an upcoming release. Officials note that they are recommending users affected by the printer hold “do not attempt to manually upgrade using the Update now button or the Media Creation Tool until this issue has been resolved and the safeguard removed.”
The company also has published a workaround for the Group Policy Preferences issue and has committed to providing an update for this in an upcoming release. It is investigating the Secure Boot DBX problem and is advising customers not to attempt to manually update if they are encountering the Intel Smart Sound driver issue in cases where there is no updated driver available from PC makers.
Adam Gross, a Microsoft Most Valuable Professional (MVP) and consultant known for publishing the FU.WhyAmIBLocked script, also discovered recently that DeviceGuard and certain processors in combination can result in a Windows 11 22H2 block. The hold reports that “Secure Launch data not migrated on IceLake (Client), TigerLake, AlderLake devices.”
Gary Blok, a workplace engineer with expertise in Endpoint management, ConfigMgr and Intune, posted on his blog about the Secure Launch data not migrated issue. He said he has found that users who want to get Windows 11 22H2 “need to disable System Guard, both set it to disabled and ensure it’s not running. I’ve heard people having issues having it disable, even if they set it to disable.”
I asked Microsoft about the DeviceGuard block and was told by a spokesperson that Microsoft is aware of the issue and working to address it. The spokesperson didn’t provide a timeframe for when this issue may be resolved.
Blok posted that he is working to build out a crowd-sourced safeguard hold database to help IT pros to more easily find and look up the holds that are placed on their systems when new Windows updates are available. The database is builds on Gross’s FU.WhyAmIBlocked Powershell module. He said he already has 100 safeguard hold IDs and information.
Safeguard holds aren’t the only worry for Windows users moving to a new update. On October 3, Microsoft officials acknowledged that Windows 11 22H2 users who are trying to copy large, multi-GB files may see a noticeable slowdown in terms of performance. Users may see as much as 40 percent less throughput over SMB when copying down (reading). There is a workaround for the issuebut no word yet on when a permanent solution may be available.