Error when deploying third party updates through SCUP
As customers starting to experiment with Windows 10, I got a phone call about third party updates not installing on Windows 10 devices. The customer is using SCUP with the Adobe- and “patchmypc” catalog (https://patchmypc.net/third-party-patch-management-scup-catalog) integrated in SCCM.
First, I checked if it’s a common problem with all SCUP updates or if it’s only limited to Adobe updates. It turned out that only Adobe updates and on only Windows 10 devices are effected. This is the error the customers get:
Well, my first thought was it could be related to certificates, which are distributed via Group Policy, but “unfortunately”, the Windows 10 devices applied the Group Policy correct and the certificates are present on the devices.
Next, I took a look into the log files for more information and there the following errors are listed:
windowsupdate.log: “Copy update to cache failed with exit code = 0x80246003”
“ISusInternal:: CopyUpdateToCache2 failed, hr=80246003”
WUAHandler.log: “Failed to initiate install of WSUS updates, error = 0x80246003”
“WSUS update (e67852fc-d316-4549-8188-a4704584d823) installation result = 0x80240017”
After some research, it still looked like a certificate issue. Perhaps Microsoft changed something in Windows 10 or Windows 8. (The customer is not using Windows 8). I applied the KB2734608 mentioned in this article https://support.microsoft.com/en-us/kb/2734608 including all currently available windows updates but the error still occurred.
Then, I did contact patchmypc (although it’s not their issue) and created a post in the Adobe forum. (https://forums.adobe.com/thread/2095046). The support at patchmypc tried to support me (I did really appreciate it) but unfortunately no solution could be provided. Also, I didn’t get any answer from the Adobe forum.
So, I looked again at SCUP and then I noticed it: A checkbox to sign the updates with a new certificate! (See image below)
So, I gave it a try and signed it with a new certificate, run a synchronization and deployed it again to a Windows 10 device. Luckily, it worked and all updates were installed successfully.
I’m not 100% sure this check box is the only part of the solution, but I think it’s the combination of the hotfix (KB2734608) and the check box to sign the updates again.
Nevertheless, at the end of the day my customers were happy again :)