While trying to deploy Windows 10 1703 I started seeing an issue where the initial UE-V template catalog synchronization completes successfully but then it fails to synchronize ever again. I confirmed that the permissions on the share were correct (although since it synchronizes the first time I didn’t think permissions were the problem), I disabled anti-virus and the firewall on both the client and server sides, and I double checked that all my templates were valid. Interestingly enough, after checking, I found the same issue in another environment that was running Creators Update.
UE-V Event Logs:
Event ID 13000: An exception has occurred while synchronizing settings packages. Exception message: “External component has thrown and exception.”
Event ID 1503: An exception occurred while applying the settings template catalog: XML parse was unsuccessful but no failure was given.
Event ID 1509: An error occurred in the ApplySettingsTemplateCatalog utility.
Template Auto Update Scheduled Task:
Return code 2147942401
I enabled debug logging but that didn’t give any additional information. At this point I started to lean towards there being an issue with Creators Update itself and the next step was going to be to open a case with Microsoft. However, I came across the solution just before going down that route.
Originally, I was setting the ‘Enable UE-V’ GPO which will turn on the UE-V service in Windows 10 1607 and 1703. Enabling UE-V via this method requires a reboot to take effect, so I found that the machines needed a second reboot after SCCM OSD completed before UE-V would start working (since SCCM blocks GPO application during OSD). This is less than ideal so I added a PowerShell script in the task sequence to enable the service so when the machine reboots at the end, the UE-V service is ready to go. I left the GPO setting in place as well thinking that it wouldn’t hurt to enforce enabling UE-V via policy, but it turns out these conflict with one another. I took out the GPO setting, and after a re-image the template catalog sync worked great. I reached this conclusion by manually toggling the UE-V service via PowerShell (Disable-UEV and Enable-UEV) at which point the sync worked without issue. I couldn’t find anything posted online about this, but it looks like trying to enable the UE-V service in policy once it is already enabled ends up corrupting it.
In conclusion, don’t set the ‘Enable UE-V’ GPO setting and run the PS cmdlet ‘Enable-UEV’ during OSD. Use only one or the other method of enabling UE-V in Windows 10 1703.