Microsoft Fixes Issue Causing Windows 10 Certificates To Disappear
Microsoft has resolved a known issue leading to missing system and user certificates after updating managed Windows 10 systems using outdated installation media.
The lost Windows 10 certificates issue impacts client (Windows 10 1903 or later) and server (Windows Server 1903 or later) platforms in managed environments.
It occurs on devices upgraded using outdated bundles via update management tools (e.g., Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager), physical media, or ISO images.
Computers updated via Windows Update or Windows Update for Business are not affected as they always receive the latest feature updates.
The certificates related to this issue include:
- Certificates in user, personal, machine, and Root CA stores
- Azure Active Directory Domain Join (AADJ) state and scenarios that rely on AADJ
- Access to EFS encrypted files
Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service
Issue resolved, 20H2 refreshed media coming soon
The lost Windows 10 certificates issue is now resolved “when using the latest feature update bundles that were released November 9, 2020, for Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager” according to Microsoft.
“For information on verifying you’re using the latest feature update bundles, see How to address feature update refreshes in your environment.
“If you are using or creating custom media, you will need to include an update released October 13, 2020 or later.”
Refreshed media to address this issue is not yet available for Windows 10 20H2 on Volume Licensing Service Center (VLSC) and Visual Studio Subscriptions (VSS, formerly MSDN Subscriptions), Microsoft says it will be made available during the following weeks.
Workaround available
Microsoft also provides a workaround for environments where the feature update bundles released earlier this month cannot be immediately deployed.
To do that you will have to go to a previous Windows 10 version using instructions available on the Recovery options support document.
“The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to,” Redmond says.
“You will then need to update to the later version of Windows 10 after the issue is resolved in your environment.”
You can also increase the number of days you can go back to choose a previous system version using the following DISM command (make sure you do this before the default uninstall window lapses):
DISM /Online /Set-OSUninstallWindow /Value:[days]You can choose any time interval between 2 or 60 days. If it’s lower or above this range, the number of days will be automatically set to 10 days.
Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?
0 Comments