WSUS Certificate Trust Issue Causes Package Deployment Failure

Version 3

    Symptoms


    Package fails to deploy because the WSUS server does not trust the signature of the patch it is trying to copy to its content folder.

     

    Cause


    The certificate created by Shavlik Patch was not added to the Trusted Root and Trusted Publishers on the WSUS server.

     

    Resolution


    You should immediately add the certificate to Trusted Root and Trusted Publishers on the WSUS server.  The correct certificate will be in the WSUS Certificates store on the WSUS server.  You can simply copy it to Trusted Root Certification Authorities and to Trusted Publishers.

     

    To repair the updates that were not copied to the Content folder, follow these steps.

     

    1. In either of the Shavlik Patch grids, find the Update ID of the patch.
    2. After syncing updates, find the patch in the "All Software Updates" node.  Right-click on the update and select Properties.  Click on the 'Content Information' tab and copy the 'Source Path' value. (You may have to write this down by hand, so be sure to double-check it.)
    3. On the WSUS server, open a command prompt, type 'net share' and press enter. In the list of shares, find the location of the UpdateServicesPackages share.  (Probably the same base path as the source path from Step 2.)
    4. Open Windows explorer and navigate to the UpdateServicesPackages folder located in Step 3.  Open the folder that is named with the Update Id from Step 1.  Copy the .cab file to the clipboard.
    5. Navigate to the folder in the WsusContent folder that was found in Step 2.  There is probably an empty folder there.  Paste the file that you copied in the previous step.  Rename the file to the file name you found in Step 2.

     

    You should now be able to deploy this update.

     

    Affected Product(s)


    Shavlik Patch for Microsoft System Center (SCUPdates)