My bad I missed it when reading through, but I have run into one issue:
We use symantec endpoint encryption, 11.3. We install with the WinSetupAutomation=1 and have been able to push 1809 and 1903 to devices encrypted with SEE 11.3 using patch managment and it works fine as long as you send the disable pre-boot
With 1909 feature release seeing the below, worked with SEE support to confirm its not an issue on their end:
On a device running 1803 and no SEE installed: 1909 applies without issue using patch managment
On a device running 1803 with SEE installed: 1909 fails to apply, the patch runs, device reboots to the "select keyboard country, followed by contuine to windows" and remains 1803 once into windows
On a device running 1803 with SEE installed: Don't use patch managment but instead run the command:
setup.exe /Auto Upgrade /DynamicUpdate disable /reflectdrivers "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files" /Postoobe "C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\OS Upgrade Files\setupcomplete.cmd
The device updates to 1909 without issue
So any ideas on why it fails with in patch managment?