Thomas Capacci

replying to myself, I think I managed to fix the issue by rerunning that command on my CA: certutil -f -dspublish "E:\xxxx Root CA.crl" RootCA01 Now pkiview reports no errors

Hi there, Unfortunately for me I didn't snapshot the environment and I have the exact same issue as Seigoa reported, I have made it through part 8 and all the check s are OK except for the CDP location on the Root CA. Please note the error is not on the Issuing ca but on the root ca The only difference in my lab is that I have used the name RootCA01 (instead of RootCA) The command to set the CDP location in chapter 4 is: certutil -setreg CA\CRLPublicationURLs "1:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl\n10:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10\n2:http://pki.windows-noob.com/CertEnroll/%3%8%9.crl" I am trying to figure out how to fix the issue for that string: ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10 I was assuming the part CN=%2 will resolve automatically to my RootCA01 name but for som ereason it doesnt. As you can see below in ADSIEdit, the CN is RootCA while my RootCA CN should be RootCA01, when I click the error in pkiview the URL it is trying to reach is: ldap:///CN=xxxxx%20Root%20CA,CN=ROOTCA01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=xxxxxxx,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint I am really tempted to edit manually adisedit and change RootCA with RootCA01

Thanks for the heads up I had Access Denied error too and a reboot fixed it

Hi Niall, Thank you! No more excuses to not get started!

Hi Niall, when can we expect part 5?

Have you checked: https://blogs.technet.microsoft.com/configurationmgr/2015/03/23/configmgr-2012-support-tip-wsus-sync-fails-with-http-503-errors/

I have Automatic Deployment rules for Patch Tuesday, SUG are created and deployed to a test (collection my laptop is member of it). I have set a maintenance window on the collection and even disabled business hours from the Software Center. UpdatesDeployment logs: The deadline is already reached but nothing happens Message received: '<?xml version='1.0' ?> <CIAssignmentMessage MessageType='EnforcementDeadline'> <AssignmentID>{a3beb978-eacf-4b44-a237-db63be768fcc}</AssignmentID> </CIAssignmentMessage>' UpdatesDeploymentAgent 23-Jul-18 1:51:42 PM 10304 (0x2840) Assignment {a3beb978-eacf-4b44-a237-db63be768fcc} has total CI = 46 UpdatesDeploymentAgent 23-Jul-18 1:51:42 PM 10304 (0x2840) Deadline received for assignment ({a3beb978-eacf-4b44-a237-db63be768fcc}) UpdatesDeploymentAgent 23-Jul-18 1:51:42 PM 10304 (0x2840) Detection job ({62AABFB5-569A-4CFF-AE80-42184AAFF072}) started for assignment ({a3beb978-eacf-4b44-a237-db63be768fcc}) UpdatesDeploymentAgent 23-Jul-18 1:51:42 PM 10304 (0x2840) OnPolicyModify for assignment ({a3beb978-eacf-4b44-a237-db63be768fcc})... UpdatesDeploymentAgent 23-Jul-18 1:51:42 PM 30144 (0x75C0) DetectJob completion received for assignment ({a3beb978-eacf-4b44-a237-db63be768fcc}) UpdatesDeploymentAgent 23-Jul-18 1:51:42 PM 19484 (0x4C1C) Update (Site_9AF1E361-B7E7-4EBC-A34A-D39075D479DF/SUM_687d018a-1caa-4f00-8838-994e152c3cdf) added to the targeted list of deployment ({a3beb978-eacf-4b44-a237-db63be768fcc}) UpdatesDeploymentAgent 23-Jul-18 1:51:42 PM 19484 (0x4C1C) ... CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 26112 (0x6600) Suspend activity in presentation mode is selected UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 26112 (0x6600) At least one user has elected to suspend non-business hours activity when in presentation mode. Checking for presentation mode. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 26112 (0x6600) Proceeding to non-business hours activites as presentation mode is off. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 26112 (0x6600) Automatic required software installation during non-business hours is selected UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 26112 (0x6600) Auto install during non-business hours is enabled, selecting all required updates. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 26112 (0x6600) No actionable updates for install task. No attempt required. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 26112 (0x6600) No updates needed to be installed during non-business hours. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 26112 (0x6600) CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 39856 (0x9BB0) Suspend activity in presentation mode is selected UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 39856 (0x9BB0) At least one user has elected to suspend non-business hours activity when in presentation mode. Checking for presentation mode. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 39856 (0x9BB0) Proceeding to non-business hours activites as presentation mode is off. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 39856 (0x9BB0) Automatic required software installation during non-business hours is selected UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 39856 (0x9BB0) Auto install during non-business hours is enabled, selecting all required updates. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 39856 (0x9BB0) No actionable updates for install task. No attempt required. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 39856 (0x9BB0) No updates needed to be installed during non-business hours. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 39856 (0x9BB0) CUpdateAssignmentsManager received a SERVICEWINDOWEVENT START Event UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 42692 (0xA6C4) Suspend activity in presentation mode is selected UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 42692 (0xA6C4) At least one user has elected to suspend non-business hours activity when in presentation mode. Checking for presentation mode. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 42692 (0xA6C4) Proceeding to non-business hours activites as presentation mode is off. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 42692 (0xA6C4) Automatic required software installation during non-business hours is selected UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 42692 (0xA6C4) Auto install during non-business hours is enabled, selecting all required updates. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 42692 (0xA6C4) No actionable updates for install task. No attempt required. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 42692 (0xA6C4) No updates needed to be installed during non-business hours. UpdatesDeploymentAgent 23-Jul-18 7:40:55 PM 42692 (0xA6C4) There are updates to install though: PS C:\WINDOWS\system32> get-wmiobject -computername (Read-Host "Computer") -query "SELECT * FROM CCM_UpdateStatus where Status = 'missing' and not Title like '%definition%'" -namespace "root\ccm\SoftwareUpdates\UpdatesStore" | sort-object - property article | Format-Table -Property Bulletin,Article,Title -Autosize Computer: localhost Bulletin Article Title -------- ------- ----- 2546951 Microsoft SQL Server 2008 Service Pack 3 (KB2546951) 2546951 Microsoft SQL Server 2008 Service Pack 3 (KB2546951) 2979596 Microsoft SQL Server 2008 Service Pack 4 (KB2979596) 2979596 Microsoft SQL Server 2008 Service Pack 4 (KB2979596) 3104046 Office 365 Client Update - Monthly Channel (Targeted) Version 1807 for x86 based Edition (Build 10... 3104046 Office 365 Client Update - Monthly Channel (Targeted) Version 1807 for x86 based Edition (Build 10... 4345421 2018-07 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4345421) 4345421 2018-07 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4345421) 890830 Windows Malicious Software Removal Tool x64 - July 2018 (KB890830) 890830 Windows Malicious Software Removal Tool x64 - July 2018 (KB890830) I have checked all the logs, the WSUS server is contacted succesfully, updates are downloaded it just never installs. Windows UPdate log 2018/07/23 22:05:22.1324703 6640 10792 Agent WU client version 10.0.17134.137 2018/07/23 22:05:22.1330344 6640 10792 Agent SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled. 2018/07/23 22:05:22.1335198 6640 10792 Agent Base directory: C:\WINDOWS\SoftwareDistribution 2018/07/23 22:05:22.1345644 6640 10792 Agent Datastore directory: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb 2018/07/23 22:05:22.1368219 6640 10792 DataStore JetEnableMultiInstance succeeded - applicable param count: 5, applied param count: 5 2018/07/23 22:05:22.1878230 6640 10792 Shared UpdateNetworkState Ipv6, cNetworkInterfaces = 6. 2018/07/23 22:05:22.1880603 6640 10792 Shared UpdateNetworkState Ipv4, cNetworkInterfaces = 4. 2018/07/23 22:05:22.1892186 6640 10792 Shared Network state: Connected 2018/07/23 22:05:22.3256872 6640 10792 Misc *FAILED* [8024000C] LoadHistoryEventFromRegistry completed 2018/07/23 22:05:22.3258718 6640 10792 Shared UpdateNetworkState Ipv6, cNetworkInterfaces = 6. 2018/07/23 22:05:22.3258809 6640 10792 Shared UpdateNetworkState Ipv4, cNetworkInterfaces = 4. 2018/07/23 22:05:22.3258890 6640 10792 Shared Power status changed 2018/07/23 22:05:22.3277189 6640 10792 Agent Initializing global settings cache 2018/07/23 22:05:22.3277212 6640 10792 Agent WSUS server: http://remcorpsccm01.corp.group.local:8530 2018/07/23 22:05:22.3277229 6640 10792 Agent WSUS status server: http://remcorpsccm01.corp.group.local:8530 2018/07/23 22:05:22.3277282 6640 10792 Agent Alternate Download Server: (null) 2018/07/23 22:05:22.3277299 6640 10792 Agent Fill Empty Content Urls: No 2018/07/23 22:05:22.3277315 6640 10792 Agent Target group: (Unassigned Computers) 2018/07/23 22:05:22.3277328 6640 10792 Agent Windows Update access disabled: No 2018/07/23 22:05:22.3277342 6640 10792 Agent Do not connect to Windows Update Internet locations: No 2018/07/23 22:05:22.3281240 6640 18732 Agent *FAILED* [80240013] m_services.Add() 2018/07/23 22:05:22.3281276 6640 18732 Agent *FAILED* [80240013] Method failed [CAgentServiceManager::CreateServiceObjectAndAddIntoMap:2099] 2018/07/23 22:05:22.3281301 6640 18732 Agent *FAILED* [80240013] Method failed [CAgentServiceManager::DelayedInit:2743] 2018/07/23 22:05:22.3286447 6640 18732 Agent Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2018-07-24 07:45:11, not idle-only, not network-only 2018/07/23 22:05:22.3317952 6640 18732 Agent Initializing Windows Update Agent 2018/07/23 22:05:22.3319052 6640 18732 Agent CPersistentTimeoutScheduler | GetTimer, returned hr = 0x00000000 2018/07/23 22:05:22.3331029 6640 18732 IdleTimer WU operation (SR.CcmExec ID 1) started; operation # 3; does use network; is not at background priority 2018/07/23 22:05:22.3332889 6640 11028 Agent *FAILED* [80240007] Method failed [CAgentServiceManager::GetTargetedServiceMapping:3010] 2018/07/23 22:05:22.3333057 6640 11028 IdleTimer WU operation (SR.CcmExec ID 1, operation # 3) stopped; does use network; is not at background priority 2018/07/23 22:05:22.3344331 19604 20112 ComApi Federated Search: Starting search against 1 service(s) (cV = vAwTnfehwk++FBTK.3.0) 2018/07/23 22:05:22.3345633 19604 20112 ComApi * START * Search ClientId = CcmExec, ServiceId = 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7, Flags: 0X10040 (cV = vAwTnfehwk++FBTK.3.0.0) 2018/07/23 22:05:22.3357862 6640 18732 IdleTimer WU operation (CSearchCall::Init ID 2) started; operation # 6; does not use network; is not at background priority 2018/07/23 22:05:22.3358093 6640 18732 Reporter OS Product Type = 0x00000004 2018/07/23 22:05:22.3366396 6640 14096 DownloadManager Received power state change notification: Old: <unknown>; New: AC. 2018/07/23 22:05:22.3366418 6640 14096 DownloadManager Power state changed from <unknown> to AC. 2018/07/23 22:05:22.3807594 6640 18732 Agent * START * Queueing Finding updates [CallerId = CcmExec Id = 2] 2018/07/23 22:05:22.3807667 6640 18732 Agent Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 is not in sequential scan list 2018/07/23 22:05:22.3807711 6640 18732 Agent Added service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 to sequential scan list 2018/07/23 22:05:22.3811667 6640 17312 Agent Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 is in sequential scan list 2018/07/23 22:05:22.4080347 6640 21128 Agent * END * Queueing Finding updates [CallerId = CcmExec Id = 2] 2018/07/23 22:05:22.4357981 6640 21128 Agent * START * Finding updates CallerId = CcmExec Id = 2 (cV = vAwTnfehwk++FBTK.3.0.0.1) 2018/07/23 22:05:22.4358007 6640 21128 Agent Online = No; Interactive = Yes; AllowCachedResults = No; Ignore download priority = Yes 2018/07/23 22:05:22.4358105 6640 21128 Agent Criteria = ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'A3C2375D-0C8A-42F9-BCE0-28333E198407') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '84F5F325-30D7-41C4-81D1-87A0E6535B66') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '704A0A4A-518F-4D69-9E03-10BA44198BD5') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'E6CF1350-C01B-414D-A61F-263D14D133B4') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'D2085B71-5F1F-43A9-880D-ED159016D5C6') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441'))"" 2018/07/23 22:05:22.4358142 6640 21128 Agent ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed 2018/07/23 22:05:22.4358153 6640 21128 Agent Search Scope = {Machine} 2018/07/23 22:05:22.4358192 6640 21128 Agent Caller SID for Applicability: S-1-5-18 2018/07/23 22:05:22.4358229 6640 21128 Agent Include potentially superseded updates is set

The collections are empty for me. I have changed the script to reflect my languages (see below) but they do not become members. If I query SMS_G_System_OPERATING_SYSTEM.OSLanguage i get : "English - United States" or "Japanese" but not the LocaleID Am I missing something? $Collection_1 = "SUM - Windows 10 x64 ($Windows10Version) French LP" $Collection_2 = "SUM - Windows 10 x64 ($Windows10Version) Japanese LP" $Collection_3 = "SUM - Windows 10 x64 ($Windows10Version) Chinese LP" $Collection_4 = "SUM - Windows 10 x64 ($Windows10Version) Spanish LP" $Collection_5 = "SUM - Windows 10 x64 ($Windows10Version) Mexican LP" $LimitingCollectionName = "All Workstations" write-host "Starting script..." -ForegroundColor Yellow # connect to ConfigMgr # thanks Skatterbrainz - https://www.windows-noob.com/forums/topic/13613-how-can-i-configure-client-settings-and-install-the-configmgr-client-agent-in-system-center-configuration-manager-current-branch/?p=53923 # Get-CmAdminConsolePath # Create collections based on the list of collections Create-Collections # add some queries to our collections $TargetCollection = $Collection_1 $RuleName = "French Language Pack Installed" $RuleNameQuery = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion = 'Microsoft Windows NT Workstation 10.0' and SMS_G_System_OPERATING_SYSTEM.BuildNumber = '$BuildNumber' and SMS_G_System_OPERATING_SYSTEM.OSLanguage = '1036'" Add-Membership-Query($TargetCollection) $TargetCollection = $Collection_2 $RuleName = "Japanese Language Pack Installed" $RuleNameQuery = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion = 'Microsoft Windows NT Workstation 10.0' and SMS_G_System_OPERATING_SYSTEM.BuildNumber = '$BuildNumber' and SMS_G_System_OPERATING_SYSTEM.OSLanguage = '1041'" Add-Membership-Query($TargetCollection) $TargetCollection = $Collection_3 $RuleName = "Chinese Language Pack Installed" $RuleNameQuery = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion = 'Microsoft Windows NT Workstation 10.0' and SMS_G_System_OPERATING_SYSTEM.BuildNumber = '$BuildNumber' and SMS_G_System_OPERATING_SYSTEM.OSLanguage = '2052'" Add-Membership-Query($TargetCollection) $TargetCollection = $Collection_4 $RuleName = "Spanish Language Pack Installed" $RuleNameQuery = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion = 'Microsoft Windows NT Workstation 10.0' and SMS_G_System_OPERATING_SYSTEM.BuildNumber = '$BuildNumber' and SMS_G_System_OPERATING_SYSTEM.OSLanguage = '3082'" Add-Membership-Query($TargetCollection) $TargetCollection = $Collection_5 $RuleName = "Mexican Language Pack Installed" $RuleNameQuery = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion = 'Microsoft Windows NT Workstation 10.0' and SMS_G_System_OPERATING_SYSTEM.BuildNumber = '$BuildNumber' and SMS_G_System_OPERATING_SYSTEM.OSLanguage = '2058'" Add-Membership-Query($TargetCollection)

Hi, Any recommendation for OSes that have Language Packs? When we push feature update through WSUS, we have to reinstall the LP manually. Is servicing helping in any ways with this?

Hi Niall, Nowhere in your scripts or instructions can I find when you change the SQL files location to point to the separate disks you created for temp and transaction logs. Can I just use the management studio when the install is completed to move the file location?