Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing winget and GPO/Intune Policy interrelations #3745

Open
byjrack opened this issue Oct 10, 2023 · 1 comment
Open

Missing winget and GPO/Intune Policy interrelations #3745

byjrack opened this issue Oct 10, 2023 · 1 comment
Labels
Issue-Docs It's a documentation issue that really should be on MicrosoftDocs

Comments

@byjrack
Copy link

byjrack commented Oct 10, 2023

Brief description of your issue

So we have been working with Microsoft Support on winget acting up both on the msstore and winget Sources in our environment.

Thus far it looks to be a conflict between winget, windows update, and our internal SUS. The recommendation from MS support has been to disable WU via Policy which might be ok, but feels strange. And given I know that winget and WU work fine on non-SUS machines it's not as clear cut as winget+store source+wua = failure.

One example where Policies seem to influence results. verbose logs just show the 403 so the policy I think is enforced in the wininet stack, but in a way that is very course grain so winget just gets the 403 and not the reason the specific cdn endpoint is blocked.

It would be great to have a list of GPOs that can influence source usage so that we can troubleshoot more effectively.

2023-10-10 07:45:45.001 [YAML] Detected UTF-8
2023-10-10 07:45:45.001 [REPO] Named source to be updated, found: winget
2023-10-10 07:45:45.268 [FAIL] WindowsPackageManager.dll!00007FFD63E7F002: ReturnHr(1) tid(3ac4) 80190193 Forbidden (403).
    Msg:[D:\a\_work\1\s\external\pkg\src\AppInstallerCommonCore\HttpStream\HttpClientWrapper.cpp(50)\WindowsPackageManager.dll!00007FFD63E62ECE: (caller: 00007FFD63D3FDB9) Exception(1) tid(3ac4) 80190193 Forbidden (403).
]

compared to a machine with GPOs tweaked

2023-10-10 07:55:32.893 [YAML] Detected UTF-8
2023-10-10 07:55:32.893 [REPO] Named source to be updated, found: winget
2023-10-10 07:55:32.919 [CORE] Examining extension: PFN = Microsoft.Winget.Source_8wekyb3d8bbwe, ID = IndexDB
2023-10-10 07:55:32.919 [CORE] Found matching extension.
2023-10-10 07:55:32.928 [CORE] Retrieving headers from url: https://cdn.winget.microsoft.com/cache/source.msix
@byjrack byjrack added the Issue-Docs It's a documentation issue that really should be on MicrosoftDocs label Oct 10, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs-Triage Issue need to be triaged label Oct 10, 2023
@denelon denelon removed the Needs-Triage Issue need to be triaged label Oct 10, 2023
@byjrack
Copy link
Author

byjrack commented Nov 9, 2023

I can't see in the black box of wininet, but based on some of the posts around #3652 I bumped my winget manually from 1.5.2201 to 1.6.2771 and the 403 on winget source update --name=winget went away. No other changes to GPOs on the machine, no reboots, etc.

We have some issues w MS Store due to GPOs and a known issue w SUS+Store+WUA that the MS team is working on so the auto-update of winget from the Store is not functioning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue-Docs It's a documentation issue that really should be on MicrosoftDocs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@byjrack @denelon