Microsoft EDGE fails to Update from WSUS, from MSI-file or repair APPS because of GPO, 0x80070643, 1722
Cause: GPO / EdgeUpdate Policies
In this case, we have a GPO (Group Policy) created by or for a customer who uses Firefox as the default browser because a Citrix engineer advised them that this was the best approach.
To address this, a policy was implemented to prevent updates to Microsoft Edge. However, it’s often overlooked that Internet Explorer (IE) and Edge are integral parts of Windows.
It is essential to update these components, even if they are not your primary browser. This is especially important given that, while Microsoft was legally required to separate certain functionalities, other APIs may still depend on these components.
Additionally, certain security software may verify core aspects of an operating system, such as patching status and browser version.
Sources why this GPO policy may exist
Maybe the GPO was installed due to the warning during the 126 > 127 update failure a few months ago.
In the past, there was an error in the update process from version 126 to 127 during the major release jump, where people encountered these pop-ups. Some people then decided to completely disable all Edge updates.
That was fine at the time, but afterward, they should have reverted or adjusted the GPO settings back to normal once the issue was resolved.
or
Firefox Evangelist wanted to keep EDGE as far away as possible 😉
This has happend:
We could not update Microsoft EDGE by:
- Windows Update client (Connected to WSUS Server which daily aproves certain EDGE channels)
- Manual: Download Enterprise MSI EDGE standalone Installer (Tried every channel and backward versions)
- Via Add/Remove/App repair of control panel > Finally we did see why and because of what
All of that failed with different erros.
Event error, this does not SAY it is because of a GPO blocking it |
Product: Microsoft Edge — Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action DoInstall, location: C:\Windows\Installer\MSI26E9.tmp, command: /silent /install “appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft Edge&needsAdmin=True&usagestats=0&ap=stable-arch_x64” /installsource enterprisemsi /appargs “appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&installerdata=B%22distribution%22%3A%7B%22msi%22%3Atrue%2C%22system_level%22%3Atrue%2C%22verbose_logging%22%3Atrue%2C%22msi_product_id%22%3A%2257A2E6D4-100B-30FC-A094-7C46B43D6D68%22%2C%22allow_downgrade%22%3Afalse%2C%22do_not_create_desktop_shortcut%22%3Afalse%2C%22do_not_create_taskbar_shortcut%22%3Afalse |
Installationfehler 0x80070643 |
Installationfehler 0x80070643
You download Edge Enterprise from MS website as MSI and try to install manual:
MicrosoftEdgeEnterpriseX64.msi
You try to repair or uninstall EGDE from Software/Apps
After Windows Update client install, manual install of MSI download and also Repair of EDGE trough ADD/Software/APP
Did not work you get a hint why it fails.
Solution: Change the GPO setting and UNBLOCK the Updates for Edge. You can fine granular change settings for each chanell if you want. But these are the part to watch out for if someone changed it.
Microsoft Edge Update Policy Documentation | Microsoft Learn
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-update-policies (English)
https://learn.microsoft.com/de-de/deployedge/microsoft-edge-update-policies (German)
The GPO which prevrented the EDGE update:
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-update-policies#installdefault (English)
https://learn.microsoft.com/de-de/DeployEdge/microsoft-edge-update-policies#installdefault (German)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EdgeUpdate |
Update policy override default Microsoft Edge Update 1.2.145.5 and later Description Lets you specify the default behavior for all channels concerning the way Microsoft Edge Update handles available updates for Microsoft Edge. Can be overridden for individual channels by specifying the ‘Update policy override’ policy for those specific channels. If you enable this policy, Microsoft Edge Update handles Microsoft Edge updates according to how you configure the following options: Updates disabled (0): Updates are never applied. Always allow updates (1) (recommended): Updates are always applied when found, either by periodic update check or by a manual update check. Manual updates only (2): Updates are applied only when the user runs a manual update check. Automatic silent updates only (3): Updates are applied only when they’re found by the periodic update check. If you select manual updates, make sure you periodically check for updates by using the app’s manual update mechanism, if available. If you disable updates, periodically check for updates, and distribute them to users. If you don’t enable and configure this policy, Microsoft Edge Update handles available updates as specified by the ‘Update policy override’ policy. This policy is available only on Windows instances that are joined to a Microsoft® Active Directory® domain. |
Check with Batch if affected |
for /f “tokens=3” %%A in (‘reg query “%keyPath%” /v “%valueName%” 2^>nul’) do (
if defined value (
|
Check with PS if affected |
# Define registry key path and value$keyPath = “HKLM:\SOFTWARE\Policies\Microsoft\EdgeUpdate” $valueName = “UpdateDefault”
|
After the change of the GPO all worked
Source of problem sample:
Here is one of the external blogs who show you how to disable the updates (Which in my opinion) is wrong to do.
Even if you have Google Chrome running we still recommend to update MS EDGE in paralell.
In the past there was ONCE an error in the Update process from 126 > 127 version where people did see these POPUPS. Some people then decided to complete disable any EDGE updates.
That was ok but after that they should have removed or changed the setting of the GPO back to normal after it was going on.
How to Disable Updates in Microsoft Edge
https://winaero.com/how-to-disable-updates-in-microsoft-edge/
Â