Merge pull request #110378 from BethWilke/branch8

Fixing documentation task 1696159

Author: PRMerger15

articles/automation/troubleshoot/update-management.md

@@ -11,19 +11,19 @@ manager: carmonm
 ---
 # Troubleshooting issues with Update Management
 
-This article discusses solutions to issues that you might encounter when you use Update Management.
+This article discusses solutions to issues that you might come across when using Update Management.
 
 There's an agent troubleshooter for the Hybrid Worker agent to determine the underlying problem. To learn more about the troubleshooter, see [Troubleshoot update agent issues](update-agent-issues.md). For all other issues, use the following troubleshooting guidance.
 
-If you encounter issues while you're trying to onboard the solution on a virtual machine (VM), check the **Operations Manager** log under **Application and Services Logs** on the local machine for events with event ID 4502 and event details that contain `Microsoft.EnterpriseManagement.HealthService.AzureAutomation.HybridAgent`.
+If you encounter issues when onboarding the solution on a virtual machine (VM), check the **Operations Manager** log under **Application and Services Logs** on the local machine. Look for events with event ID 4502 and event details that contain `Microsoft.EnterpriseManagement.HealthService.AzureAutomation.HybridAgent`.
 
-The following section highlights specific error messages and possible resolutions for each. For other onboarding issues see [Troubleshoot solution onboarding](onboarding.md).
+The following section highlights specific error messages and possible resolutions for each. For other onboarding issues, see [Troubleshoot solution onboarding](onboarding.md).
 
 ## Scenario: You receive the error "Failed to enable the Update solution"
 
 ### Issue
 
-When you attempt to enable the Update Management solution in your Automation account, you encounter the following error:
+When you try to enable the Update Management solution in your Automation account, you get the following error:
 
 ```error
 Error details: Failed to enable the Update solution
@@ -33,11 +33,11 @@ Error details: Failed to enable the Update solution
 
 This error can occur for the following reasons:
 
-* The network firewall requirements for the Log Analytics agent might not be configured correctly, causing the agent to fail when resolving the DNS URLs.
+* The network firewall requirements for the Log Analytics agent might not be configured correctly. This can cause the agent to fail when resolving the DNS URLs.
 
-* Solution targeting is misconfigured and the machine is not receiving updates as expected.
+* Solution targeting is misconfigured and the machine isn't receiving updates as expected.
 
-* You might also notice that the machine shows a status of `Non-compliant` under **Compliance**. At the same time, **Agent update readiness** reports the agent as `Disconnected`.
+* You might also notice that the machine shows a status of `Non-compliant` under **Compliance**. At the same time, **Agent Desktop Analytics** reports the agent as `Disconnected`.
 
 ### Resolution
 
@@ -47,23 +47,23 @@ This error can occur for the following reasons:
 
 * Go to [Network planning](../../azure-monitor/platform/log-analytics-agent.md#network-requirements) to learn about which addresses and ports must be allowed for the Log Analytics agent to work.
 
-* Check for scope configuration problems. [Scope configuration](../automation-onboard-solutions-from-automation-account.md#scope-configuration) determines which machines get configured for the solution. If your machine is showing up in your workspace but not in the **Update Management** portal, you'll need to set the scope configuration to target the machines. To learn about the scope configuration, see [Onboard machines in the workspace](../automation-onboard-solutions-from-automation-account.md#onboard-machines-in-the-workspace).
+* Check for scope configuration problems. [Scope configuration](../automation-onboard-solutions-from-automation-account.md#scope-configuration) determines which machines get configured for the solution. If your machine is showing up in your workspace but not in the **Update Management Portal, you'll need to set the scope configuration to target the machines. To learn about the scope configuration, see [Onboard machines in the workspace](../automation-onboard-solutions-from-automation-account.md#onboard-machines-in-the-workspace).
 
 * Remove the worker configuration by following the steps in [Deleting the hybrid runbook worker](../automation-hybrid-runbook-worker.md#remove-a-hybrid-runbook-worker). 
 
 ## Scenario: Superseded update indicated as missing in Update Management
 
 ### Issue
 
-Old updates are appearing in Update Management in the Automation account as missing even though they have been superseded. A superseded update is one that doesn't have to be installed because a later update that corrects the same vulnerability is available. Update Management ignores the superseded update and makes it not applicable in favor of the superseding update. For information about a related issue, see [Update is superseded](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#the-update-is-not-applicable-to-your-computer).
+Old updates are appearing in Update Management in the Automation account as missing even though they have been superseded. A superseded update is one that you don't have to install because a later update that corrects the same vulnerability is available. Update Management ignores the superseded update and makes it not applicable in favor of the superseding update. For information about a related issue, see [Update is superseded](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#the-update-is-not-applicable-to-your-computer).
 
 ### Cause
 
 Superseded updates are not being correctly indicated as declined so that they can be considered not applicable.
 
 ### Resolution
 
-When a superseded update becomes 100 percent not applicable, you should change the approval state of that update to `Declined`. To do this for all your updates:
+When a superseded update becomes 100 percent not applicable, you should change the approval state of that update to `Declined`. To change approval state for all your updates:
 
 1. In the Automation account, select **Update Management** to view machine status. See [View update assessments](../manage-update-multi.md#view-an-update-assessment).
 
@@ -77,7 +77,7 @@ When a superseded update becomes 100 percent not applicable, you should change t
 
 6. Run the cleanup wizard to delete files from the declined updates. 
 
-7. For WSUS, manually clean all superseded updates to refresh the infrastructure.
+7. For Windows Server Update Services (WSUS), manually clean all superseded updates to refresh the infrastructure.
 
 8. Repeat this procedure regularly to correct the display issue and minimize the amount of disk space used for update management.
 
@@ -103,57 +103,95 @@ You might have defined a quota in your workspace that's been reached and that's
 
 ### Resolution
 
-* Run the troubleshooter for [Windows](update-agent-issues.md#troubleshoot-offline) or [Linux](update-agent-issues-linux.md#troubleshoot-offline), depending on the OS.
+1. Run the troubleshooter for [Windows](update-agent-issues.md#troubleshoot-offline) or [Linux](update-agent-issues-linux.md#troubleshoot-offline), depending on the OS.
 
-* Make sure that your machine is reporting to the correct workspace. For guidance on how to verify this aspect, see [Verify agent connectivity to Log Analytics](../../azure-monitor/platform/agent-windows.md#verify-agent-connectivity-to-log-analytics). Also make sure that this workspace is linked to your Azure Automation account. To confirm, go to your Automation account and select **Linked workspace** under **Related Resources**.
+2. Make sure that your machine is reporting to the correct workspace. For guidance on how to verify this aspect, see [Verify agent connectivity to Log Analytics](../../azure-monitor/platform/agent-windows.md#verify-agent-connectivity-to-log-analytics). Also make sure that this workspace is linked to your Azure Automation account. To confirm, go to your Automation account and select **Linked workspace** under **Related Resources**.
 
-* Make sure that the machines show up in your Log Analytics workspace. Run the following query in the Log Analytics workspace that's linked to your Automation account:
+3. Make sure that the machines show up in your Log Analytics workspace. Run the following query in the Log Analytics workspace that's linked to your Automation account:
 
   ```loganalytics
   Heartbeat
   | summarize by Computer, Solutions
   ```
- 
-  If you don't see your machine in the query results, it hasn't recently checked in, which means there's probably a local configuration issue and you should [reinstall the agent](../../azure-monitor/learn/quick-collect-windows-computer.md#install-the-agent-for-windows). If your machine shows up in the query results, you need to verify the scope configuration specified in the next bulleted item in this list.
 
-* Check for scope configuration problems. [Scope configuration](../automation-onboard-solutions-from-automation-account.md#scope-configuration) determines which machines get configured for the solution. If your machine is showing up in your workspace but not in the **Update Management** portal, you'll need to configure the scope configuration to target the machines. To learn how to do this, see [Onboard machines in the workspace](../automation-onboard-solutions-from-automation-account.md#onboard-machines-in-the-workspace).
+4. If you don't see your machine in the query results, it hasn't recently checked in. There's probably a local configuration issue and you should [reinstall the agent](../../azure-monitor/learn/quick-collect-windows-computer.md#install-the-agent-for-windows). 
+
+5. If your machine shows up in the query results, check for scope configuration problems. [Scope configuration](../automation-onboard-solutions-from-automation-account.md#scope-configuration) determines which machines are configured for the solution. If your machine is showing up in your workspace but not in the **Update Management Portal, you  must configure the scope configuration to target the machines. To learn how to do this, see [Onboard machines in the workspace](../automation-onboard-solutions-from-automation-account.md#onboard-machines-in-the-workspace).
 
-* In your workspace, run the following query:
+6. In your workspace, run the following query:
 
   ```loganalytics
   Operation
   | where OperationCategory == 'Data Collection Status'
   | sort by TimeGenerated desc
   ```
 
-  If you get a `Data collection stopped due to daily limit of free data reached. Ingestion status = OverQuota` result, there's a quota defined on your workspace that's been reached and that has stopped data from being saved. In your workspace, go to **Usage and estimated costs** > **data volume management** and check your quota or remove it.
+7. If you get a `Data collection stopped due to daily limit of free data reached. Ingestion status = OverQuota` result, there's a quota defined on your workspace that's been reached and that has stopped data from being saved. In your workspace, go to **data volume management** under **Usage and estimated costs** and check your quota or remove it.
 
-* If these steps don't resolve your problem, follow the steps in [Deploy a Windows Hybrid Runbook Worker](../automation-windows-hrw-install.md) to reinstall the Hybrid Worker for Windows. For Linux, follow the steps in [Deploy a Linux Hybrid Runbook Worker](../automation-linux-hrw-install.md).
+8. If your issue is still unresolved, follow the steps in [Deploy a Windows Hybrid Runbook Worker](../automation-windows-hrw-install.md) to reinstall the Hybrid Worker for Windows. For Linux, follow the steps in [Deploy a Linux Hybrid Runbook Worker](../automation-linux-hrw-install.md).
 
-## <a name="rp-register"></a>Scenario: Unable to register Automation Resource Provider for subscriptions
+## <a name="rp-register"></a>Scenario: Unable to register Automation resource provider for subscriptions
 
 ### Issue
 
-When you work with solutions in your Automation account, you encounter the following error:
+When you work with solutions in your Automation account, the following error occurs:
 
 ```error
-Error details: Unable to register Automation Resource Provider for subscriptions:
+Error details: Unable to register Automation Resource Provider for subscriptions
 ```
 
 ### Cause
 
-The Automation Resource Provider isn't registered in the subscription.
+The Automation resource provider isn't registered in the subscription.
 
 ### Resolution
 
-To register the Automation Resource Provider, follow these steps in the Azure portal:
+To register the Automation resource provider, follow these steps in the Azure portal:
 
 1. In the Azure service list at the bottom of the portal, select **All services**, and then select **Subscriptions** in the General service group.
 2. Select your subscription.
 3. Under **Settings**, select **Resource Providers**.
 4. From the list of resource providers, verify that the `Microsoft.Automation` resource provider is registered.
 5. If it's not listed, register the `Microsoft.Automation` provider by following the steps at [Resolve errors for resource provider registration](/azure/azure-resource-manager/resource-manager-register-provider-errors).
 
+## <a name="update-missed-machines"></a>Scenario: Scheduled update with a dynamic schedule missed some machines
+
+### Issue
+
+Previewed machines included in an update do not all appear in the list of machines patched during a scheduled run.
+
+### Cause
+
+This issue can have one of the following causes:
+
+* The subscriptions defined in the scope in a dynamic query aren't configured for the registered Automation resource provider. 
+* The machines weren't available or didn't have the appropriate tags when the schedule was executed.
+
+### Resolution
+
+#### Subscriptions not configured for registered Automation resource provider
+
+If your subscription is not configured for the Automation resource provider, you can't query or fetch information on machines in that subscription. Use the following steps to ensure the registration for the subscription.
+
+1. In the [Azure Portal](https://docs.microsoft.com/azure/azure-resource-manager/management/resource-providers-and-types#azure-portal), access the Azure service list.
+2. Select **All services**, and then select **Subscriptions** in the General service group. 
+3. Find the subscription defined in the scope for your deployment.
+4. Under **Settings**, choose **Resource Providers**.
+5. Verify that the `Microsoft.Automation` resource provider is registered.
+6. If it's not listed, register the `Microsoft.Automation` provider by following the steps at [Resolve errors for resource provider registration](/azure/azure-resource-manager/resource-manager-register-provider-errors).
+
+#### Machines not available or not tagged correctly when schedule executed
+
+Use the following procedure if your subscription is configured for the Automation resource provider, but running the update schedule with the specified [dynamic groups](../automation-update-management-groups.md) missed some machines.
+
+1. In the Azure portal, open the Automation account and select **Update Management**.
+2. Check [Update Management history](https://docs.microsoft.com/azure/automation/manage-update-multi#view-results-of-an-update-deployment) to determine the exact time when the update deployment was run. 
+3. For machines that you suspect to have been missed by Update Management, use Azure Resource Graph to [locate machine changes](https://docs.microsoft.com/azure/governance/resource-graph/how-to/get-resource-changes#find-detected-change-events-and-view-change-details). 
+4. Search for changes over a considerable period, such as one day, before the update deployment was run.
+5. Check the search results for any systemic changes, such as delete or update changes, to the machines in this period. These changes can alter machine status or tags so that machines aren't selected in the machine list when updates are deployed.
+6. Adjust the machines and resource settings as necessary to correct for machine status or tag issues.
+7. Rerun the update schedule to ensure that deployment with the specified dynamic groups includes all machines.
+
 ## <a name="components-enabled-not-working"></a>Scenario: Components for Update Management solution enabled, while VM continues to show as being configured
 
 ### Issue
@@ -285,7 +323,7 @@ When applicable, use [dynamic groups](../automation-update-management-groups.md)
    Heartbeat | where TimeGenerated > ago(30d) | distinct SourceComputerId, Computer, ComputerIP
    ```
 
-* After you find affected machines, edit the update deployments that target those machines, and then remove and re-add them so that `SourceComputerId` reflects the correct value.
+* After you find affected machines, edit the update deployments that target those machines, and then remove and readd them so that `SourceComputerId` reflects the correct value.
 
 ## <a name="updates-nodeployment"></a>Scenario: Updates are installed without a deployment
 
@@ -397,12 +435,14 @@ The Update Agent (Windows Update Agent on Windows; the package manager for a Lin
 
 ### Resolution
 
-Try to perform updates locally on the machine. If this fails, it typically means there's a configuration error with the update agent.
+Try to perform updates locally on the machine. If this operation fails, it typically means that there's an update agent configuration error.
 
-This problem is frequently caused by network configuration and firewall issues. Try the following:
+This problem is frequently caused by network configuration and firewall issues. Use the following checks to correct the issue.
 
 * For Linux, check the appropriate documentation to make sure you can reach the network endpoint of your package repository.
+
 * For Windows, check your agent configuration as listed in [Updates aren't downloading from the intranet endpoint (WSUS/SCCM)](/windows/deployment/update/windows-update-troubleshooting#updates-arent-downloading-from-the-intranet-endpoint-wsussccm).
+
   * If the machines are configured for Windows Update, make sure you can reach the endpoints described in [Issues related to HTTP/proxy](/windows/deployment/update/windows-update-troubleshooting#issues-related-to-httpproxy).
   * If the machines are configured for Windows Server Update Services (WSUS), make sure you can reach the WSUS server configured by the [WUServer registry key](/windows/deployment/update/waas-wu-settings).
 
@@ -447,9 +487,9 @@ Possible causes:
 
 If failures occur during an update run after it starts successfully, [check the job output](../manage-update-multi.md#view-results-of-an-update-deployment) from the affected machine in the run. You might find specific error messages from your machines that you can research and take action on. Update Management requires the package manager to be healthy for successful update deployments.
 
-If specific patches, packages, or updates are seen immediately before the job fails, you can try [excluding](../automation-tutorial-update-management.md#schedule-an-update-deployment) those from the next update deployment. To gather log info from Windows Update, see [Windows Update log files](/windows/deployment/update/windows-update-logs).
+If specific patches, packages, or updates are seen immediately before the job fails, you can try [excluding](../automation-tutorial-update-management.md#schedule-an-update-deployment) these items from the next update deployment. To gather log information from Windows Update, see [Windows Update log files](/windows/deployment/update/windows-update-logs).
 
-If you can't resolve a patching issue, make a copy of the following log file and preserve it for troubleshooting purposes before the next update deployment starts:
+If you can't resolve a patching issue, make a copy of the following log file and preserve it for troubleshooting purposes before the next update deployment starts.
 
 ```bash
 /var/opt/microsoft/omsagent/run/automationworker/omsupdatemgmt.log