u/IndependentSysadmin

We're having a weird issue where a couple of our AVD servers are reporting zero actionable updates, despite not having this month's update yet. I was comparing logs and come across a weird difference in the WAHandler search parameters.

The broken ones seem to be getting extra parameters whereas the working ones are just searching for any software/drive update. My bet is that these parameters are filtering out all updates.

I haven't been able to find any documentation on where clients get their search parameters. Has anyone else seen this before?

Broken:

https://preview.redd.it/d24ev0nlg51h1.png?width=1426&format=png&auto=webp&s=4b25477be52ae900c40c68a3b69daa3c421c2735

Working:

https://preview.redd.it/q6k6q85tg51h1.png?width=853&format=png&auto=webp&s=a4dde7e9e118ffde01edd0d984f8a5adeb89983b

We are having a very strange issue. We have two groups managed in PIM, the support team group and the engineering team group. Both groups are assigned the Azure AD Joined Device Local Administrator role. We use PIM to put ourselves in the group when we need additional permissions.

This works for me on our entra-joined devices, but the support team informed me it is not working for them. When they try to run something that needs local admin permissions, they get "the requested process requires elevation", as if they are not local admins. I can see the SID of the Azure AD Joined Device Local Administrator in the local admins group.

I can't for the life of me figure out why this would work for me but not for them. I also tried adding one of our support guys directly in PIM instead of through the support group. No change.

Has anyone else encountered this?