Microsoft confirms certificate loss on Windows 10 upgrades

[German]Microsoft has now officially confirmed the certificate problem, which I already mentioned here in the blog, as of October 30, 2020 and has given details of when certificates will be lost during a Windows 10 function update.

Locking back …

A blog reader pointed out to me the issue, that several Windows 10 versions forget their certificates when upgrading if the October 2020 updates are installed. I covered the details in the blog post Windows 10 forgets certificates during upgrade. Microsoft Office 365 also has issues with the October 2020 updates. The download of updates probably fails because of missing certificates, as I explained in the blog post Office 365: Download fails (in ConfigMgr) after Oct. 2020 Updates. A Microsoft employee had confirmed this in tweets and Microsoft started an investigation.

Wiindows 10 October updates broke Office 365 downloads

Microsoft discloses details

As of October 30, 2020, Microsoft then published the supplement 'Certificates may not be present after updating to a newer version of Windows 10' in the status pages of  Windows 10 Version 1903, Windows 10 Version 1909, and Windows 10 Version 2004. Microsoft states that system and user certificates may be lost when a device is updated from Windows 10 version 1809 or later to a later version of Windows 10. Microsoft states that the problem can occur on the following systems if the constellations described below apply.

  • Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1903
  • Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1903

The systems with the above-mentioned Windows versions are only affected if a cumulative update (LCU) from September 16, 2020 (probably meaning September 15) or later has been installed and the Upgrade feature is running from media or an installation source that does not have cumulative updates from October 13, 2020 or later integrated.

Microsoft writes that this scenario occurs primarily when managed devices with obsolete bundles or media are updated using an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This can also happen when using obsolete physical media or ISO images that do not have the latest updates built in.

Therefore, it should not affect feature upgrades that are triggered by Windows Update by installing a feature update that is offered. Devices using Windows Update for Business should also not be affected, according to Microsoft.

A Workaround

If the problem has already occurred, Microsoft suggests rolling back the feature upgrade to the previous Windows 10 version as a workaround. This uninstallation period must be completed within 10 or 30 days, depending on the configuration of your environment and the version to which you have upgraded. After that, you must resolve the issue (either use updated upgrade media, or uninstall the cumulative updates until September 2020, upgrade, and then have the missing cumulative updates installed for the new version of Windows 10).

In my blog post Windows 10 forgets certificates during upgrade  I had mentioned a workaround that allows you to manually export and then import certificates. Maybe this will help.Microsoft says they are working on a solution and will provide it in the coming weeks as an updated bundle and via updated installation media..

Similar article:
Windows 10 forgets certificates during upgrade
Office 365: Download scheitert nach Oktober 2020 Updates

This entry was posted in issue, Windows and tagged , . Bookmark the permalink.

4 Responses to Microsoft confirms certificate loss on Windows 10 upgrades

  1. EP says:

    this is not a problem for MSDN/MVS subscribers who get the updated refreshed 1903, 1909 & 2004 ISO install media that already include the Oct. 2020 patches

    it would be great if MS would provide those updated ISOs to the general public instead of just making them available to MVS users.

  2. EP says:

    Microsoft has "resolved" this certificates problem as of Nov. 17 with the following message from here:
    https://docs.microsoft.com/en-us/windows/release-information/resolved-issues-windows-10-2004#1513msgdesc

    "Resolution: This issue is now resolved when using the latest feature update bundles and refreshed media. Feature update bundles were released November 9, 2020 for Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. Refreshed media was released November 3, 2020 on Volume Licensing Service Center (VLSC) and Visual Studio Subscriptions (VSS, formerly MSDN Subscriptions). For information on verifying you're using the refreshed media, see How to address feature update refreshes in your environment. If you are using or creating custom media, you will need to include an update released October 13, 2020 or later.

    Note If you are updating to Windows 10, version 20H2, this is only resolved with the feature update bundle released November 9, 2020. Refreshed media is not yet available on VLSC or VSS. Refreshed media for VLSC and VSS will be released in the coming weeks to address this issue and another known issue that requires a media refresh. Please check the known issue here for the status of the remaining Windows 10, version 20H2 known issue."

  3. Miguel Sanabia says:

    I can confirm that this has shown up while using Windows Update for Business. Currently working with MS Engineers to determine this further.

  4. EP says:

    this issue was also resolved by MS for Win10 20H2 in December 11, 2020 with updated 20H2 refreshed install media:
    https://docs.microsoft.com/en-us/windows/release-health/resolved-issues-windows-10-20h2#1513msgdesc

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).