Nope, but I guess this is more important than expected. Scup.log: This WSUS server cannot issue a self-signed certificate
Looks it is after all WS2012R2. Didn’t get it working yet. Anyone created a certificate. è “Many tools exist to generate a self-signed certificate” ? http://blogs.technet.com/b/wsus/archive/2013/08/15/wsus-no-longer-issues-self-signed-certificates.aspx WSUS no longer issues self-signed certificates Rate This http://blogs.technet.com/Utility/images/star-left-on.pnghttp://blogs.technet.com/Utility/images/star-right-on.pnghttp://blogs.technet.com/Utility/images/star-left-on.pnghttp://blogs.technet.com/Utility/images/star-right-on.pnghttp://blogs.technet.com/Utility/images/star-left-on.pnghttp://blogs.technet.com/Utility/images/star-right-on.pnghttp://blogs.technet.com/Utility/images/star-left-on.pnghttp://blogs.technet.com/Utility/images/star-right-on.pnghttp://blogs.technet.com/Utility/images/star-left-on.pnghttp://blogs.technet.com/Utility/images/star-right-on.png <http://blogs.technet.com/234205/ProfileUrlRedirect.ashx> http://i1.social.s-msft.com/profile/u/avatar.jpg?displayname=ben+herila+%5bmsft%5d&size=largeBen Herila [MSFT] <http://blogs.technet.com/234205/ProfileUrlRedirect.ashx> Ben Herila [MSFT] Microsoft MSFT 2,337 Points 15 2 1 Recent Achievements Forums Curator I Blog Conversation Starter First Marked Answer <http://social.technet.microsoft.com/profile/ben%20herila%20%5Bmsft%5D/?ws=usercard-hover> View Profile 15 Aug 2013 1:46 PM · Comments 1 <http://blogs.technet.com/b/wsus/archive/2013/08/15/wsus-no-longer-issues-self-signed-certificates.aspx#comments> We've had some questions recently about why WSUS in Windows Server 2012 R2 no longer supports generating self-signed certificates for signing update packages. We disabled this feature because it was causing a significant management burden for those using the feature, and it duplicated functionality that already exists in Windows Server Certificate Services (and other products). · Distribution. After WSUS generates a certificate suitable for self-signing of packages, significant effort was required to export and install this self-signed certificate into all of the clients that needed to verify packages signed by it. · Expiration. When the self-signed certificate expires, WSUS offered no functionality to notify you that the signatures were no longer valid. This resulted in failed updates, and other hard to diagnose failures. · Certificate Updates/Revocation. If you wanted to update or revoke a certificate (i.e. after discovering that it expired), WSUS offered no functionality to enable this. Accomplishing this turned into a manual task that was very hard to either do by hand or automate successfully. If you still want to distribute signed updates, you have several options: · Install Windows Server Certificate Services. This is an in-box feature of Windows Server 2003 and beyond, and is designed to address exactly these issues. · Create and Install your own certificate. Many tools exist to generate a self-signed certificate. After generating one, you can install it in your WSUS server and distribute it as you did before, using the SetSigningCertificate API. You’ll still need to take care of distribution and revocation yourself, but WSUS will monitor your custom certificate and let you know when it’s nearing expiration. WSUS will still be able to sign packages using any registered signing certificates. If you already are using a self-signed certificate that WSUS generated, you can continue to use that certificate for as long as it meets your needs. Please continue to read the "What's new in R2 <http://blogs.technet.com/b/in_the_cloud/archive/tags/what_2700_s+new+in+2012+r2/> " blog series for more updates and discussions of new features in Windows Server 2012 R2! Thanks, The WSUS Team Update: Workaround Details While WSUS will not generate self-signed certificates by default, it is possible to restore the legacy behavior by setting the following registry key: · HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup\ · Create Key Value: EnableSelfSignedCertificates = 1 Please note that the CreateSelfSignedCertificate API is still considered deprecated and may be removed in a future version of Windows. From: [email protected] [mailto:[email protected]] On Behalf Of Sherry Kissinger Sent: Donnerstag, 24. Oktober 2013 02:06 To: [email protected] Subject: RE: [mssms] Scup issue Other thought... your config file. http://myitforum.com/cs2/blogs/rzander/archive/2011/05/30/scup-2011-with-shared-database.aspx The db maybe was pointing somewhere else the first times you ran it, or your profile was wiped? So the db was lost too? Roland Janus <[email protected]> wrote: Tried that already. From: [email protected] [mailto:[email protected]] On Behalf Of Sherry Kissinger Sent: Mittwoch, 23. Oktober 2013 23:55 To: [email protected] Subject: Re: [mssms] Scup issue UAC Right-click Run as administrator I've just made a shortcut on my desktop with the run-as-admin set up on the shortcut. I've been burned too many times by the SCUP console when I forget to run as admin. Sherry Kissinger Microsoft MVP - ConfigMgr [email protected] _____ From: Roland Janus <[email protected]> To: [email protected] Sent: Wednesday, October 23, 2013 4:17 PM Subject: [mssms] Scup issue New install of CM12SP1R2 and SCUP on Server 2012R2. I never had this combination, but somehow I doubt that is the reason for this: The screen looks like that, always, This is the message I get when clicking either Test or Create, any combination on how to connect the WSUS makes no difference and it never changes or even creates a cert. The SCUP log in %temp% says: The system cannot find the file specified That’s all, no other error us other indication. Any ideas? The system cannot find the file specified Roland Janus IMS Informatics AG Providing Services to Novartis Pharma AG Lead Architect SCCM 2012 Project Phone number : + 41 61 32 43902 e-mail: [email protected]
<<image001.png>>
<<image002.png>>
<<image003.jpg>>
