Quantcast
Channel: Wsus Package Publisher
Viewing all 3825 articles
Browse latest View live

New Post: [Solved] Show Pending Updates Firewall problem

February 19, 2015, 5:00 am
$
0
0
Hello DCourtel,

thanks for Your quick reply.

We will test Your suggestion and post the results here.

Best regards
Petapico.
Search

New Post: [Solved] Show Pending Updates Firewall problem

February 19, 2015, 8:31 am
$
0
0
After testing we found this:

We used the GPO of 2008 R2 with the entry 
Windows Firewall with Advanced Security
which Windows XP does not accept.

We replaced that 2008 R2 GPO and added this GPO:
Computer - Admin. Templates - Network Connections - Windows Firewall: Define inbound program exceptions
%WinDir%\System32\dllhost.exe:NNN.NN.NNN.NNN:enabled:DLLHost
Thanks to all supporter!

Best regards
Petapico.

New Post: WSUS doesn't show my Updates but the client get them

February 24, 2015, 3:15 am
$
0
0
This is the default behavior. By default, Wsus doesn't show you, locally-published updates. With WPP, you can cheat, by telling Wsus that these updates are not Locally-published and therefore, to force him to display as normal updates.

New Post: WSUS doesn't show my Updates but the client get them

February 24, 2015, 3:21 am
$
0
0
Yes, i have the option selected, to make my updates visible in the WSUS-Console.

and i have imrotet the update from the catalog. but i didn't select the option to show the update in the WSUS from the context-menu.
That was the trick :-)
Thank you Winfried.

New Post: The update cannot be deleted as it is still referecend by other updates

February 25, 2015, 6:53 am
$
0
0
Hi,

is there a chance to delete these orphaned updates?

moe

New Post: Failed to load the certificate

February 26, 2015, 10:04 am
$
0
0
I had this problem a year ago and finally just told WSUS Package Publisher to ignore Certificate Errors but I would really prefer to get this corrected.

I have followed all the steps (multiple times) in the documentation (Installation Guide & Creating a Code Signing Certificate) and I continue to get errors loading certificates.
I know if I tell it to ignore certificate errors I can successfully create and deploy updates and client computers have no problems installing them so the certificate should be good.

When I try to import it in to WSUS Package Publisher, I get the error "Failed to load the certificate. Check the file." and the Debug Log has a line that says "2/26/2015 11:36:15 AM IsValideCertificate = False". This suggests that I either missed a step or somehow messed up in the certificate creation process.

I verified the certificate is replicated across my domain, it is a Code Signing Certificate, and at least 1024 bits (RSA (2048 Bits)).

I really don't want to use a self-signed certificate if I don't have to. Surely I am missing something somewhere.

New Post: Failed to load the certificate

February 26, 2015, 10:37 am
$
0
0
What is the build from your WSUS? If WSUS is installed on a W2008R2 or lower, pls check the Build.
http://www.wsus.de/images/wsus-version.png

WSUS 3.0 (SP2): Build 3.2.7600.226
WSUS 3.0 (SP2) + KB2720211: Build 3.2.7600.251
WSUS 3.0 (SP2) + KB2734608: Build 3.2.7600.256
WSUS 3.0 (SP2) + KB2828185: Build 3.2.7600.262
WSUS 3.0 (SP2) + KB2938066: Build 3.2.7600.274

The latest Build is .274. If your WSUS Build is lower then install posted updates.

New Post: Failed to load the certificate

February 26, 2015, 12:08 pm
$
0
0
It is a '08R2 server with WSUS Version 3.2.7600.226

Looking through my update history I see it installed KB2720211 but I don't see any of those others and Windows Update does not show them as available.

I am looking in to the mentioned updates now and will install them in order. It seems somewhat odd to me that these would not be pushed down through Windows Update...
Search

New Post: Failed to load the certificate

February 26, 2015, 12:13 pm

New Post: Failed to load the certificate

February 26, 2015, 12:46 pm
$
0
0
the Debug Log has a line that says "2/26/2015 11:36:15 AM IsValideCertificate = False".
WPP use the Verify() Method of the.Net class System.Security.Cryptography.X509Certificates.X509Certificate2
Unfortunately, this method is not 100% accurate, and may return false negative results. This's why there is an option to ignore Code-Signing certificate errors.
If your certificate is successfully used by your Wsus server to sign packages, it's certainly a good certificate.

New Post: Failed to load the certificate

February 26, 2015, 12:47 pm
$
0
0
Yes, I was looking in the right location. I just finished installing KB2734608 and it now says Server version: 3.2.7600.256

Do you think maybe there was a problem with KB2720211? Should I try installing it again?

New Post: Failed to load the certificate

February 26, 2015, 1:06 pm
$
0
0
No, you can install all other updates for build .274.

New Post: Adobe Reader 11.0.10 wrong version shows up after deploy

February 27, 2015, 6:58 am
$
0
0
I've used the latest build from Adobe FTP Site which is 11.0.10 (german) setup.exe...then i extracted it with 7zip and did all same like in the tutorial "deploying Adobe Reader 11 with custom settings"... and yes i used the new Product string and added it. After i finished the custom settings i deployed it like in the tutorial over the WPP.

New Post: Failed to load the certificate

February 27, 2015, 7:15 am
$
0
0
WWWolf wrote:
Okay, I got my WSUS server completely updated to build .274 which should help fix a lot of issues. Thank you WinfriedSonntag. However, I am still having the same > certificate issue in Package Publisher.
Now i think you can create a new certificate with WPP. Publish the new certificate with Group Policies to all Clients/Servers.

New Post: Adobe Reader 11.0.10 wrong version shows up after deploy

February 27, 2015, 7:17 am
$
0
0
Try the MSI from the FTP-Server. Is this working?
Search

New Post: Adobe Reader 11.0.10 wrong version shows up after deploy

February 27, 2015, 7:26 am
$
0
0
I've used the latest build from Adobe FTP Site which is 11.0.10 (german) setup.exe...then i extracted it with 7zip
This is why it doesn't work.
Adobe release two versions for Adobe Reader :
  • The base version (.MSI file)
  • The latest version (.exe file) which contains the base version + an upgrade file
When you extract the setup.exe with 7z, you have get the base version file (11.0.0.0).

Note that the documentation provided with WPP, only apply to the base version.

New Post: Please decrease the height of dialog boxes

February 27, 2015, 9:07 am

New Post: Ruleset Editor

February 27, 2015, 9:18 am
$
0
0
I second this request, it is very difficult to get an at a glance view of the rules you are inputting. It needs to be easier to 1.) input rules inside "AND" and "OR" sections; and 2.) have a larger working space so you can see complex nested groups. Currently, as soon as you go one or two levels deep, you lose the ability to see beyond 1 or 2 rules at a time. You have to constantly scroll to find where you are at.

Lastly, I believe the workflow for many of us, is that we create the rules outside of WPP (in a text editor) and then proceed to import them. If there was a way to import the XML code directly, similar to what LUP offers, that would be huge!! I hate to compare this project to LUP, since I've used both and I see the benefits in this one, but rule creation was one thing LUP did right.

Thanks for you hard work on this project and keep up the good work!! Looking forward to v2. =]

New Post: Failed to load the certificate

February 27, 2015, 9:40 am
$
0
0
WinfriedSonntag wrote:
Now i think you can create a new certificate with WPP. Publish the new certificate with Group Policies to all Clients/Servers.
You are thinking about self-signed certificates. I am creating a code-signing certificate on my domain Certificate Authority.

DCourtel wrote:
Unfortunately, I never find a list of all conditions that this method check. So, it is very hard to know what's goes wrong.
How do you have made this certificate ? Have you a chain of certificate servers ?
I have 1 CA Server on my domain and that's all it does (Server '08 R2). On this Root CA, I have added 2 Code Signing Templates (the default "Code Signing" one referenced in your documentation & one I titled "Windows Updates" for purposes of signing 3rd party updates). I have tried with both and both give the same results.
I am currently looking through the "Windows Updates" template to see what changes I can make that might help.
I decided to change it from the default of 1 year up to 5 and am considering have it publish to Active Directory.
Purpose: Signature
Allow private key to be exported is checked
Algorithm: RSA
Minimum Key size: 2048
Request hash: SHA1
There are other properties I can check as well for the template but none appear like they would cause any problems.

On the WSUS server ('08 R2) I open the MMC and load the Certificates snap-in as user (Administrator) and Request New Personal Certificate.
AD Enrollment Policy > Select "Windows Updates (Code Signing) & Click Properties
On private Key tab, expand Key Options and check Make private key exportable & strong protection (leave archive option unchecked) & enroll the key
I then right-click the new key & select All Tasks > Export...
yes, export the private key
Leave defaults on file format window (.PFX - all 3 boxes unchecked)
Give it Password
give it a name & export it to an appropriate location.

Normally at this point I would import it to trusted publishers and add it to group policy to be trusted across the domain but as I am just testing Package Publisher's verification algorithm as I am typing this reply, I am skipping ahead to adding this newly exported cert to PP just to see if it will accept it...

Open WSUS Package Publisher.
Check Settings to verify ignore certificate errors is unchecked.
Click Connect/Reload
Click Ok on the error message that says "The certificate is invalid. You will not be able to publish updates."
Tools > Certificate...
Enter Password
Load certificate
Browse to the .pfx file & click open
Get error "Failed to load the certificate. Check the file."

Logically, it seems to me like there is some issue with the certificate templates that it does not like.

I plan to do some more testing with this but if you have any ideas, I would love to hear them. I am thinking about generating a self-signed cert to compare against.

Thanks for your time,

~John

New Post: Failed to load the certificate

February 27, 2015, 1:00 pm
$
0
0
I tried a few things and still no luck.

The only real differences I am seeing with a PP Self-Signed Cert and a Generated Cert is the Extensions.
The Self-Signed cert only has the "Enhanced Key Usage" extension while the other has many more...
In addition to Enhanced key Usage (which has the same value) there are also these fields:
Certificate Template Information
Key Usage
Application Policies
Subject Key Identifier
Authority Key Identifier
CRL Distribution Points
Authority Information Access
Subject Alternative Name

Perhaps one of these fields is causing a problem but for now I am done. I will try to pick this back up on Monday.

Thanks again
Viewing all 3825 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>