Messages

My WSUS self-signed certificate is expiring later this year. In preparation for this I have gone through the procedure again and now have a certificate valid until sometime in 2022.

I have pushed out the new certificate alongside the old one in my Group Policy, and have successfully published and deployed updates using this new certificate.

In a few months, when the old certificate has expired, I expect that if I were to build a new machine from my standard image and attempt to update it, I would have updates fail to install which were signed with the old certificate. If this is indeed the case, what would be the proper method for re-publishing those old but still valid updates when the time comes? Or, is the certificate still considered valid based on it's being valid on the date it was used to sign the update package?

If they setup your account the same way they did mine, the expiration month is embedded in the URL for the catalog.

Example my URL contains the text "/December/" thus I know when it is going to expire.

WSUS no longer issues self-signed certificates in Server 2012R2 or 2016.

To workaround this you need to implement a registry entry as documented here: https://blogs.technet.microsoft.com/wsus/2013/08/15/wsus-no-longer-issues-self-signed-certificates/

This will allow you to use the existing self-signed method again, at least until Microsoft decides to change the feature from "deprecated" to "removed."

Both x86 and x64 failed due to incorrect file digest.

Code Select Expand

PublishItem: Publishing update 'UltraVNC 1.2.0.9 (x86) (UpdateId:'effc6f35-019d-4a0a-b9eb-beee8b38d701' Vendor:'Uvnc Bvba' Product:'UltraVNC')'.$$<Updates Publisher><Thu Dec 17 15:23:20.386 2015.5><thread=5>
PublishItem: --- Evaluating software update 'UltraVNC 1.2.0.9 (x86) (UpdateId:'effc6f35-019d-4a0a-b9eb-beee8b38d701' Vendor:'Uvnc Bvba' Product:'UltraVNC')' for publishing as FullContent.$$<Updates Publisher><Thu Dec 17 15:23:20.386 2015.5><thread=5>
PublishItem: --- Software update 'UltraVNC 1.2.0.9 (x86) (UpdateId:'effc6f35-019d-4a0a-b9eb-beee8b38d701' Vendor:'Uvnc Bvba' Product:'UltraVNC')' needs to be published with full content.$$<Updates Publisher><Thu Dec 17 15:23:20.393 2015.5><thread=5>
PublishItem: Retrieving content for update 'UltraVNC 1.2.0.9 (x86) (UpdateId:'effc6f35-019d-4a0a-b9eb-beee8b38d701' Vendor:'Uvnc Bvba' Product:'UltraVNC')'.$$<Updates Publisher><Thu Dec 17 15:23:20.484 2015.5><thread=5>
PublishItem: --- Content will be saved to C:\Users\Jerry\AppData\Local\Temp\\xmsk423z.fs5\UltraVNC_1_2_09_X86_Setup.exe.$$<Updates Publisher><Thu Dec 17 15:23:20.484 2015.5><thread=5>
PublishItem: --- Checking for local content prior to downloading...$$<Updates Publisher><Thu Dec 17 15:23:20.485 2015.5><thread=5>
PublishItem: --- No local content with matching hash value was found, will attempt to download.$$<Updates Publisher><Thu Dec 17 15:23:20.485 2015.5><thread=5>
PublishItem: Download Content: file was downloaded successfully.$$<Updates Publisher><Thu Dec 17 15:23:29.873 2015.5><thread=5>
PublishItem: Successfully retrieved content for software update 'UltraVNC 1.2.0.9 (x86) (UpdateId:'effc6f35-019d-4a0a-b9eb-beee8b38d701' Vendor:'Uvnc Bvba' Product:'UltraVNC')' to local file: C:\Users\Jerry\AppData\Local\Temp\\xmsk423z.fs5\UltraVNC_1_2_09_X86_Setup.exe$$<Updates Publisher><Thu Dec 17 15:23:29.876 2015.5><thread=5>
PublishItem: --- Digest verification failed on content for software update 'UltraVNC 1.2.0.9 (x86) (UpdateId:'effc6f35-019d-4a0a-b9eb-beee8b38d701' Vendor:'Uvnc Bvba' Product:'UltraVNC')'.$$<Updates Publisher><Thu Dec 17 15:23:29.894 2015.5><thread=5>
PublishItem: --- Publish of software update 'UltraVNC 1.2.0.9 (x86) (UpdateId:'effc6f35-019d-4a0a-b9eb-beee8b38d701' Vendor:'Uvnc Bvba' Product:'UltraVNC')' has FAILED.$$<Updates Publisher><Thu Dec 17 15:23:29.895 2015.5><thread=5>
Building dependency graph for update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')'$$<Updates Publisher><Thu Dec 17 15:23:29.948 2015.5><thread=5>
    Update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')' has direct dependency on 1 other items.$$<Updates Publisher><Thu Dec 17 15:23:29.983 2015.5><thread=5>
            Evaluating dependency on item '59653007-e2e9-4f71-8525-2ff588527978'...$$<Updates Publisher><Thu Dec 17 15:23:29.983 2015.5><thread=5>
            Update with id '59653007-e2e9-4f71-8525-2ff588527978' was not found in the database, unable to fully evaluate it and it's dependencies.$$<Updates Publisher><Thu Dec 17 15:23:29.997 2015.5><thread=5>
Found total of 1 dependencies (may include duplicates).$$<Updates Publisher><Thu Dec 17 15:23:29.997 2015.5><thread=5>
1 dependencies were not found in scup database during dependency evaluation for update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')'$$<Updates Publisher><Thu Dec 17 15:23:29.997 2015.5><thread=5>


Code Select Expand

PublishItem: Publishing update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')'.$$<Updates Publisher><Thu Dec 17 15:23:30.11 2015.5><thread=5>
PublishItem: --- Evaluating software update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')' for publishing as FullContent.$$<Updates Publisher><Thu Dec 17 15:23:30.11 2015.5><thread=5>
PublishItem: --- Software update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')' needs to be published with full content.$$<Updates Publisher><Thu Dec 17 15:23:30.22 2015.5><thread=5>
PublishItem: Retrieving content for update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')'.$$<Updates Publisher><Thu Dec 17 15:23:30.110 2015.5><thread=5>
PublishItem: --- Content will be saved to C:\Users\Jerry\AppData\Local\Temp\\og1qccnj.ixf\UltraVNC_1_2_09_X64_Setup.exe.$$<Updates Publisher><Thu Dec 17 15:23:30.110 2015.5><thread=5>
PublishItem: --- Checking for local content prior to downloading...$$<Updates Publisher><Thu Dec 17 15:23:30.111 2015.5><thread=5>
PublishItem: --- No local content with matching hash value was found, will attempt to download.$$<Updates Publisher><Thu Dec 17 15:23:30.111 2015.5><thread=5>
PublishItem: Download Content: file was downloaded successfully.$$<Updates Publisher><Thu Dec 17 15:23:39.158 2015.5><thread=5>
PublishItem: Successfully retrieved content for software update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')' to local file: C:\Users\Jerry\AppData\Local\Temp\\og1qccnj.ixf\UltraVNC_1_2_09_X64_Setup.exe$$<Updates Publisher><Thu Dec 17 15:23:39.158 2015.5><thread=5>
PublishItem: --- Digest verification failed on content for software update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')'.$$<Updates Publisher><Thu Dec 17 15:23:39.175 2015.5><thread=5>
PublishItem: --- Publish of software update 'UltraVNC 1.2.0.9 (x64) (UpdateId:'e85c1448-4726-4594-ab7f-83b990eef74a' Vendor:'Uvnc Bvba' Product:'UltraVNC')' has FAILED.$$<Updates Publisher><Thu Dec 17 15:23:39.176 2015.5><thread=5>


yes to both questions.

Quicktime Player installed on station is 7.7.6 (1680.95.31) - no updates found after publishing and approving latest.

The download host changed since the last version.

I edited it back to the previous host (replaced https://2.na.dl.wireshark.org with http://wiresharkdownloads.riverbed.com/wireshark) and now it works.

No idea about that, but from the reading I did about it, it looks like a lot of people were affected and that would include people who downloaded and installed manually, or used Apple's updater as well.

You mentioned permissions for SCCM, what about clients who are just using normal Windows Update pointed at the WSUS, without SCCM being involved?

Just to follow up, I "finally" solved this issue.

Turns out that for some reason the fact that my pfSense has a caching proxy enabled had eluded me until yesterday, when I got the bright idea to add "patchmypc.net" to its "don't cache" list. To that, I can only say, "well - duh!"

The latest updates from Apple seem to have some issues.

After approving everything and trying to launch iTunes a couple days later I discovered that the Application Support update was failing. Research led me here: http://support.apple.com/kb/TS5376 which states that you need to uninstall everything in a specific order, reboot, and then reinstall iTunes with Admin privilege.

Going thru the uninstall steps, it kept failing on Application Support saying stuff was still running until I found and killed all the offending processes. At that point I was able to reinstall the newest Application Support, Mobile Device Support and iTunes (in that order; I don't want Bonjour or the updater) and it is working again.

Just a heads-up for anybody who sees their iTunes break after approving the latest updates. I'm not sure if there's anything you can do in your catalog to "make it update correctly" but there it is.

Just using the import function in SCUP.

The program updates correctly, however there is no way to start it anymore, until the user navigates to the program file and creates a new shortcut.

This happened on the previous version too, one of my users told me, though I didn't notice it at the time.

I've noticed sometimes after I get the email or RSS notification that the catalog has been updated, importing the catalog into SCUP does nothing. No new updates.

I have a test system and a live system. When the notice went out today, I immediately imported the catalog on my test system. It saw all the changes. A little while later I did the same on the other system and it sees no changes since the last time. Both think they are up to date, but one has (as an example) WireShark 1.10.1 as the latest while the other one has 1.9.2.

Unless you reverted back to the previous version of the catalog shortly after release without telling anybody. Or you have a redundant webserver and it takes a while to replicate changes.

Edit: I waited another hour, it worked this time. I'm betting on caching or replication latency.

New iTunes has been out for a while. 

OK, a new version of iTunes is out. It contains:

• Bonjour 3.0.0.10 (not changed in quite a while but not yet in your catalog)
• AppleMobileDeviceSupport 6.1.0.13
• AppleApplicationSupport 2.3.3
• iTunes 11.0.2.25

In this "enterprise" we have several users with iPhones who connect them to their desktop computers, as iT Admin and also local iDevice guru, it falls to me to keep all those machines up to date.

I agree the Apple Software Update piece is useless, as is any other built-in update mechanism for a product already being maintained by WSUS/SCUP.