I am trying to resolve a weird problem with the Automatic Updates on Windows Server 2003 (with SP1) using Windows Server Update Services. I have been wracking my brains for a month, but the provided solution is unfortunately not permanent. I know where the problem is, but I can't make it go away forever.
It's all about the so called 'Safer' Key in the registry. This has been documented on the Microsoft Website. When the AuthenticodeFlags attribute in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer is set to '1' Windows is unable to receive updates and the Event ID 16 is logged in the Event Viewer:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
If I delete the key and rerun updating with wuauclt /detectnow Windows reports successfully to WSUS and updates itself if there are available updates. The problem is that this value reappears in the registry after a couple of days and the updates stop again. I only have this problem with Windows Server 2003, not with the domain members with Windows XP Professional.
Does anyone have a permanent solution? I really don't think it normal to delete this key on a regular basis... Thank you in advance for any help.
---
Jordan Jordanov
Network administrator
Faculty of German Engineering Education and Industrial Management
Technical University of Sofia, Bulgaria
It's all about the so called 'Safer' Key in the registry. This has been documented on the Microsoft Website. When the AuthenticodeFlags attribute in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer is set to '1' Windows is unable to receive updates and the Event ID 16 is logged in the Event Viewer:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
If I delete the key and rerun updating with wuauclt /detectnow Windows reports successfully to WSUS and updates itself if there are available updates. The problem is that this value reappears in the registry after a couple of days and the updates stop again. I only have this problem with Windows Server 2003, not with the domain members with Windows XP Professional.
Does anyone have a permanent solution? I really don't think it normal to delete this key on a regular basis... Thank you in advance for any help.
---
Jordan Jordanov
Network administrator
Faculty of German Engineering Education and Industrial Management
Technical University of Sofia, Bulgaria
