Update for Root Certificates for Windows 7 [March 2014] (KB931125) - Expired on SCCM 2012 March 2014 SUG

Similar Messages

• Update for Root Certificates for Windows 7 [March 2014] (KB931125) Expired

  Hi All
  Today i wanted to deploy the security updates of the month march 2014 to my production environment.
  I noticed that the update "Update for Root Certificates for Windows 7 [March 2014] (KB931125)" is Expired
  Strange last week I added this update in our Acceptation environment with no problems.
  Someone knows what happend to this update , i cannot find it on the microsoft site
  regards
  Johan

  Hi Yan Li,
  I don't understand what you're trying to say.
  Why do you quote that old information from the KB article? It's not really relevant to the update Johan asked about because the December 2012 version of KB931125 is not the same update that was released on March 11, 2014 which then immediately expired.
  It's not only the server updates that have been expired this time. It's the Windows 7 update and the Windows XP updates as well. I don't have any other OS versions in my managed environment so I don't know which other OS versions it affects but my guess is
  it's expired on all of them.
  It would be nice with some real information about why this particular version (March 2014) was recalled.
  If there is a problem with it I would like to know what kind of problems I'll be facing on the clients that did install it before it expired.
  And if there is a problem with it, will there be an interim fix available? Will a new update be released and if so- when?
  Can you please see if you can provide us with some relevant information?

• Supersedence problem causing update loop for Root Certificates

  Specs: Server 2008 R2, WSUS 3.0, SCCM 2012 R2, Windows 7 Clients/Updates
  The issue is with the Root Certificate update from December 2012.  The update is not marked as superseded by the November 2013 Root Certificate update.  Is this an issue with Microsoft, or with my WSUS server? Is there any way I can remove or decline
  the Dec2012 update so that the March 2014 update can take over as the most current update?
  I have tried the KB931125 article and all the other resources with these updates, but my problem doesn't seem to be noted in these articles. From what I can find, the update from Dec2012 has not been installed on my WSUS Server.
  Thank you for the help,
  Phill

  AFAIK the current situation is this:
  "March 2014" was expired by Microsoft on March 17:
  The only KB931125 update that still is applicable is the "November 2013" update.
  ALL other KB931125 updates should be "Declined".
  Rolf Lidvall, Swedish Radio (Ltd)

• Update Windows Root Certificates in Windows 2008 R2 Disconnected Environment using WSUS

  Hi all, I need to update the root certs on all my WIndows 2008 R2 servers. They have no internet connectvity. I am aware of the issue described by
  KB931125 but I am not affected by it. My issue is that I would like the 2008R2 servers to update the roots certs form my WSUS servers. Is this possible?

  I would suggest that you identify the few individual root certificates that you need, and import them individually to those servers where they are needed.
  It is NOT possible to update root certificates from a WSUS server, except in the case of workstations that are being configured to install KB931125.
  Do NOT install KB931125 to a server operating system.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Problem updating CA root certificates in cacerts file

  I've searched all over for this problem, and none of the posting seems to apply
  to my situation. Hope this is not a repeat post.
  I'm running WLS7 SP2 on W2K AS. I had SSL configured and working properly, until
  1/7/2004 came along, of course. I followed the directions in http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57436
  to update the Verisign Class2 and 3 root certificates in the cacerts file without
  any problem. I also verified from the WL log that the server is reading the "cacerts"
  file located in <bea_home>\server\lib. However, when I pulled up my website using
  https://, I still get the "...security certificate has expired ..." message.
  Why is my browser not getting the updated CA certificates from WLS?
  Any help you can provide is much appreciated.
  Michael An

  Is the server's identity certificate issued by Verisign? Have you updated it? Does
  the identity certificate chain include the root CA certificate? It might be that
  the browser contains the expired certs among its trusted ca certificates, uses
  them to complete the chain and then complains about it.
  Pavel.
  "Michael An" <[email protected]> wrote:
  >
  I've searched all over for this problem, and none of the posting seems
  to apply
  to my situation. Hope this is not a repeat post.
  I'm running WLS7 SP2 on W2K AS. I had SSL configured and working properly,
  until
  1/7/2004 came along, of course. I followed the directions in http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57436
  to update the Verisign Class2 and 3 root certificates in the cacerts
  file without
  any problem. I also verified from the WL log that the server is reading
  the "cacerts"
  file located in <bea_home>\server\lib. However, when I pulled up my
  website using
  https://, I still get the "...security certificate has expired ..." message.
  Why is my browser not getting the updated CA certificates from WLS?
  Any help you can provide is much appreciated.
  Michael An

• Silent Install for SQL 2008 admin tools, to be pushed out via SCCM 2012

  Hi I would like to know if you have any information on Silent App installs for MS SOL fetchers only? I really need to know what MSI to use in my Application and any switched i can incorporate for deployment though SCCM 2012.
  Thanks,
  Manny

  Hi,
  do you want to install SQL 2008 admin tools? and what tools do you want to install? and what is your application?  And do you want to deploy the installation script via SSCM? Please be more clear.

• Windows 8.1 OSD supported with SCCM 2012 ?

  Windows 8.1 OSD supported with SCCM 2012

  CU3 only supports the following for 8.1
  ‘This update adds support for Windows 8.1-based client computers in Microsoft System Center 2012 Configuration Manager Service Pack 1. Windows 8.1 is added to the supported platform list for the following features:
  Software distribution
  Software update management
  Compliance Settings’
  For complete OSD support you must be running R2. Here's a great starter guide.
  http://www.scconfigmgr.com/2013/10/19/deploy-windows-8-1-with-configmgr-2012-r2/
  Cheers
  Paul | sccmentor.wordpress.com
  OSD of Windows 8.1 is fully supported on SCCM 2012 SP1 CU3.
  More info: http://blogs.technet.com/b/configmgrteam/archive/2013/10/21/how-to-enable-windows-8.1-deployment-in-sc-2012-configmgr-sp1-cu3.aspx
  Ronni Pedersen | Microsoft MVP - ConfigMgr | Blogs:
  www.ronnipedersen.com/ and www.SCUG.dk/ | Twitter
  @ronnipedersen

• Deployed Windows 7 Image failing to start -SCCM 2012 SP1

  Hello, I am deploying windows 7 image using SCCM 2012 SP1, the installation goes thru fine but when it is in the process of restart, a blue screen is displayed for a split second and then it tries to reboot again with same results. Are there any logs on
  the SCCM server I can check to see where the problem may be?

  This generally means inaccessible boot device. How are you partitioning the drive and applying the image?
  This is one way to do it
  http://www.gerryhampsoncm.blogspot.ie/2013/02/sccm-2012-sp1-step-by-step-guide-part_18.html
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Pacman asks for root passwork for -w option (download only)

  I find this behavior odd.
  It would make sense if the package would be downloaded in the cache dir (/var/cache/pacman/pkg) where root permission is required but I ran the command like this:
  $ pacman -Sw gnuchess --cachedir $HOME
  error: you cannot perform this operation unless you are root.
  Maybe because I dual boot mint with arch and I'm used to aptitude / apt-get, which does not requires to be root for just downloading packages:
  $ apt-get download gnuchess
  Get:1 Downloading gnuchess 5.07-7 [93.6 kB]
  Fetched 93.6 kB in 0s (290 kB/s)
  $ aptitude download gnuchess-book
  Get: 1 http://archive.ubuntu.com/ubuntu/ precise/universe gnuchess-book all 1.01-2 [2,591 kB]
  Fetched 2,591 kB in 1s (1,419 kB/s)
  Is this pacman behavior normal, for security reasons or something?... Because I simply don't get it.

  Hmm...  we could probably check if the download folder is writable if doing only -Sw.  File a bug report.

• Windows XP extended support patches through SCCM 2012

  My question is how do customers that  have signed up for extended support agreement with Microsoft for Windows XP get any NEW Windows XP security updates through SCCM/WSUS?
  1. How are these NEW security updates released to the customer?
  2. How can they deploy these through SCCM 2007/2012?
  3., If updates are released through another mechanism , I presume the customer woyuld need to manually deploy these through SCCM?
  Appreciate if anyone has had experience recently around this?

  There is another channel that these updates are released that has nothing to do with WSUS to my knowledge. I have no idea exactly how it works or if these updates can be integrated into ConfigMgr. You should talk to your TAM.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• How can we update the last synchronization date and time..on SUP in sccm 2012 R2

  Hi,
      Can you any one please guide me how can i update the last  synchronization date & time in SUP on SCCM2012 r2 , some how its updated as future date and when ever i try to synch the SUP with disconnected WSUS its shows in the wsyncmgr.log 
  "Wakeup for a polling cycle " and  " Wakeupby inbox drop" and "Wakeup by SCF change"  
  Thanks 
  Balaji K

  You'll probably have to call CSS on this one as this not normal by any means. The messages you noted above are completely normal but if that's all you are seeing then there's an issue.
  Have you reviewed wcm.log and wsusctrl.log?
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Windows 8.1 Custom Tiles - Deploying SCCM 2012 R2

  Confused.
  In Hyper V, I created a Windows 8.1 Enterprise image while in sysprep audit mode.
  I configured the tiles exactly how I wanted them.
  Captured the image and deployed.  When I login, the tiles are all set to default.
  Found a Microsoft site that said I could copy the AppsFolderLayout.bin file from the default image and then copy it to the default directory.   Tried that manually and through a task sequence and it still shows the default screen.
  I tried exporting the bin file through powershell and then importing through SCCM task sequence and same thing.
  http://stealthpuppy.com/customizing-the-windows-8-1-start-screen-dont-follow-microsofts-guidance/
  What is the best way to accomplish this?
  Thanks
  Rick

  Make sure you follow the steps exactly.
  http://blogs.technet.com/b/deploymentguys/archive/2012/10/26/start-screen-customization-with-mdt.aspx
  When the AppsFolderLayout.bin is copied to default profile, it will be copied to any new user profiles upon initializing first user logon. You could also manually copy the file to a user's profile to verify AppsFolderLayout.bin layout file.
  Juke Chou
  TechNet Community Support

• MacBookpro Receiving pop up warnings: Error: Unable to establish a secure connection to pop.mail....etc. because the correct root certificate is not installed. Help needed please.

  My Entourage is very slow and 2 Error pop ups (above) are showing. Additionaly, a warning about the start up disc being full. I decided to back up to an external HD.When backing up I was surprised to see 9.4GB in the catagory named 'Other'. Ive probably got too much junk stored here (unless it could be imovie files?). If I could see what was in 'Other', and delete what I dont need, this may be the answer to freeing up more space. The next big file I have is under 'Pictures' which is 1.7GB. I have never downloaded any video or Youtube stuff.
  This is my first experience on this forum.

  Apple in their glorious wisdom did not update the root certificates for users of 10.5, only for 10.6 and later.
  You'll need to make some changes, open your Keychain Access in your Applicaitons or Utilitties folder.
  Delete the compromised DigiNotar root certificates, also change the KeyChain Access preferences > Certificates to
  Best Attempt
  Best Attempt
  Require Both
  Because the Certificate Autorities themselves are being attacked, you need the most recent and varied source of valid certificates so your comptuer does the best it can to verify the site your visiting is legitiment.
  Also make sure the time and date on your computer is accurate and updated with Apple's time severs, allow any such time requests out your outgoing firewall (aka LittleSnitch)
  You might decide to upgrade to 10.6, it's the best OS version for users of Intel Mac's, strips out the PowerPC code your not using and improved video drivers for better graphics performance. It should run most of your 10.5 software with just minor updates at most.
  Please backup your data off the machine (not TimeMachine) before doing anything as you might need to wipe the drive if the upgrade doesn't go correctly.
  http://store.apple.com/us/product/MC573Z/A
  However OS X Lion 10.7 is a radical change, won't run your older software or drivers and likely be slow on most older hardware. I'd advise against installing it, buy it with a new machine instead.

• Updating Root Certificates

  I have been unable to fully update the root certificates on my Windows 2008 Server machine. I have tried doing a manual install using https://www.verisign.com/support/roots.html and there are still certificates that are not updated, but used to be trusted
  before certification expiration. Is there a way to update these roots automatically by Windows without messing with Group Policy settings? Or a way to update individual roots via Windows?
  Thanks.

  I'm curious about the intent to do a wholesale update of the root certificates in a server operating system. I would think you should consider yourself lucky, because there are practical limits to the size of the Trusted Root Certificate Store (64kb of certificates,
  which is 175-200 of them, depending on their data size).
  A more surgical approach is to only install a new root certificate when it is needed for a specific purpose. Otherwise, certificates that are expired can generally just be deleted.
  However, for an alternative approach to this process, I would suggest installation of KB931125 to a **WORKSTATION** operating system (a reference VM not actually used by anybody would be even better), and then EXPORT those certificates that you actually
  need from that reference system and import them to where they are needed.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• SSL Certificate for Software LifeCycle Management

  Dear Friends,
  We have Solution Manger 70 with EhancementPack 1 (Java 7.01 SP4). Trying to configure the Software LifeCycle Management and I am stuck at the first stage i.e. generating SSL SSL Certificate.
  Here is what I have done and please let me know on how to proceed...
  - Installed SAP Cryptographic libraries, all the necessary Profile parameters and activated HTTPS...
  - STRUSTSSO2 --> Created SSL Server PSE
  - Generated the Certificate Requests for the SSL Server PSE
  - Copied the Certificate Request.
  - Opened the https://service.sap.com/tcs site
  - Requested for SSL Test Server Certificate by pasting the Copied the Certificate Request and generated the certificate response in a "PKCS # 7 Certificate Chain" format.
  - Copied the Generated Imported Certficate from SAP Trust center Site, and Imported the Certificate response for SSL Server using STRUSTSSO2.
  What else I am missing here?????????
  How to generate the Import Certifcate in a crt file format for SSL client (Anonymous or Standard) PSE's?????????
  Kindly help me with these issue ASAP.
  Thank you,
  Nikee

  Users are prompted to accept the certificate from the WLC because the clients do not have a trusted root certificate for the certificate that is installed on the WLC. The SSL certificate on the WLC is not in the list of certificates that the client system trusts. There are two ways to stop the generation of this web-browser security alert popup window:
  a) Use the self-signed SSL certificate on the WLC and configure the client stations to accept the certificate
  b) Generate a CSR and install a certificate that is signed by a source (a third-party CA) for which the clients already have the trusted root certificates installed. For more information on this read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml