[German]Administrators who are customizing Windows 10 operating system images and distribute them using SCCM should be careful. There is probably a pitfall can cause trouble, when integrating 2020 updates into an image.
I’m going to pull out an information that German blog reader Hauke Buder had briefly linked in the discussion area of my German blog – since the comments will be deleted within my discussion section after a while (the discussion section is provided for comments not related to topics I covered already with articles). And English reader won’t catch, what Hauke wrote within his comment. So I’ve compiled and translated, what Hauke wrote:
Since I haven’t read about it here yet and had pain, a link to my 5-6 reader blog about 2020 Win 10 updates and Windows installation, since there are a few more people reading it here who might find it helpful.
Hauke has linked to his German blog post. German blog reader HessischerBub has added:
I mean to have read forum posts about Windows 10 1909, WSUS and not installed updates.
After switching from Windows 10 1809 to 1909 I have now computers where you first have to click on the Download and install link in the Windows Update page, before the updates are installed. This does not happen with the other clients with 1809 and 1903, there download and installation of updates is applied automatically.
To to spread the words broader about the topic, which Hauke raised in his blog post, here are some details I prepared. Maybe it’s helpful for affected people.
Some Background details
The blog reader currently uses the System Center Configuration Manager SCCM version 1910 to manage updates and system images. The also tries to integrate cumulative updates released by Microsoft for Windows 10 into the images.
However, with the Windows 10 November 2019 update (version 1909), he went into serious issues. He tried to integrate the updates released in 2020 into the system image. Afterwards, however, in SCCM (1910), according to his experiences (documented in this blog post) the task sequences hung in the section “Setting up Windows and ConfigMgr”.
Because he had done some work on CAs (certificates) and group policies at the same time – troubleshooting became a bit difficult. Hauke suspects that the problem is related to certificate requests and does not occur with pure HTTP installations of SCCM.
What worked for him
In his blog post, Hauke Buder then writes that creating a new operating system image with all integrated updates up to and including December 2019 will result in the task sequence working properly again.
He mentions that there was already a similar issues with Windows 10 version 1803. At that time, his Windows 10 clients still communicated via HTTP instead of HTTPS in test environments – and were probably not affected by the bug. But in production mode they will use communication over HTTPS, so there are the problems mentioned above.
This bug in Windows 10 version 1803 was, according to Buder, only fixed in Windows 10 October 2019 Update (version 1809). Hauke Buder’s prognosis is therefore: For a solution, it will probably be “Wait for 2003” – by which he means the release of Windows 10 Version 2004 this spring.
LDAP Channel Binding: Change is coming 2nd half of 2020
Sophos SafeGuard Enterprise and LDAP Channel Binding
Patchday: Issues with SCCM, McAfee & Crypt32.dll (Jan 2020)?
Windows 10: SSU issue addressed in SCCM UserVoice
Microsoft Desktop Analytics for SCCM available
June Update KB4503276 blocks PXE boot on SCCM DPs
Windows 7 upgrade to Windows 10 with SCCM fails on OEM
Cookies helps to fund this blog: Cookie settings