Windows 10 forgets certificates during upgrade

[German]After installing cumulative October 2020 updates, various Windows 10 versions forget their certificates when upgrading to a higher Build. A blog-reader has pointed out the topic to me and I will summarize the information in this separate post.


Advertising

Note from a blog reader

German Blog-reader CL has posted a comment (thanks for that) and points out a nasty error in Windows 10 that occurs during an upgrade (i.e. also repair installation via in-place upgrade). He wrote:

Here again some fun with updates/upgrades… Maybe this is worth a post…

Windows “forgets” its own certificates during the upgrade since the October update… Of course it’s fun when everyone is in the home office. And upgrades are done in the home office and you knock away the Windows certificates, and VPN is no longer possible…

It’is not an isolated case, but is discussed at various places on the Internet. Preferably concerns the upgrade to Windows 10 version 1909, but higher versions are also affected.

Confirmation on the Internet

The blog reader then linked (among other places) to this Microsoft Q&A forum thread where this issue is discussed and confirmed.

Windows 10, Feature Update to 1909, Certificates missing after

Any one seen this issue ,only occurring in about the last week. It maybe a wider issues globally. Not sure what triggered it.
Basically in the last few days some updates from 1809 to 1909, after completed, the local laptop certs are missing. Which is a problem for all our home users on VPN! (i.e. with covid still around).

In another post the thread creator writes that it is Windows 10 Enterprise, which has been updated from version 1809 to 1909. On reddit.com there is this post where a user describes the same thing during the in-place upgrade. Another user confirms this also for version 2004 and writes that only a patched WIM image file helps with the function update. On Twitter the case is discussed here.

Blame the cumulative October 2020-Updates

The bug has only been occurring for a few days – and the thread suspects some cumulative October 2020 update as causing this issue. Other users confirm this certificate loss during a feature update to Windows 10 version 1909 – but also with Windows 10 20H2. One user writes then:


Advertising

Rolled back and removed the October cu. Then went forward again. Certificates all in place. I’ve repeated this to prove. So looks like the October cu changes the is before update in some way that causes the certificates to be removed during the feature upgrade.

A rollback with removal of the October 2020 cumulative updates has brought back the certificates. As a workaround, it is suggested to uninstall the October 2020 cumulative updates, then perform the feature update and have the appropriate October 2020 cumulative updates installed there.

Error is investigated and a workaround

In a Microsoft Q&A forum thread, JoyQiao-MSFT has confirmed that they are investigating the case internally. As a workaround, he suggests a certificate export from the registry including an import. The details can be found in the thread. Another user has posted a PowerShell-Script which automates this export. Maybe this is very helpful for those affected.

Addendum: The problem also affects Office 365 downloads in conjunction with SCCM ConfigMgr (see Office 365: Download fails (in ConfigMgr) after Oct. 2020 Updates). In addition, Microsoft has acknowledged this problem and knows the cause, as this tweet confirms.

We now have clarity on an issue where an IPU from win10 1809 to any later version removes ceros from the cert store. Working to get more information and will post more details. #configmgr #memcm


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in issue, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *