Re: Windows Update not working (automatic or manual) Error number:

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


Sorry for not posting the solution, after all it was your idea that set me on the right track.
But we have a lot of installs this week and I must've gotten side tracked.

On the DC where my CA is I went into the properties for "Trusted Root Certification Authorities"
in the Default Domain Policy, and checked off "allow users to select new Certification Authorities to trust"

Below that the is a setting for "Client Computers can trust the following certificate stores"
I changed that to "third party root certificate authorities and Enterprise certificate authorities"

Saved and closed that and ran a GPUdate.exe on the DC and wolla when the clients booted up all was fixed.

Again it was your suggestion that got me there. I had spent weeks searching but was searching for the wrong thing.
It wasn't until I checked the default settings for the Domain policy on my Win2k3 box that it all made sense.

In essence, the clients were using the Domain's CA instead of the Microsoft one's when checking certificates for Windows Update
and Messenger. Even though the right MS certificates were on all the client PC's they could not be validated against the Domain CA.

I read your other post and I'm glad to see your as quick on the ball as I am.

It's nice to share information with others to solve probelms.

Greg











On Tue, 26 Apr 2005 17:39:06 -0700, "ServHi-Tech" <ServHiTech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

>Wich setting did you change?
>
>You should have wrote it in your last message...
>
>"MoRbID ReAlity" wrote:
>
>> After trying what you said I was able to change in setting in the Default Domain Policy that let me re-enable the Computer Configuration
>> portion.
>>
>> So now I have my Auto enrollment running for my Wireless clients and the Windows Update/Messenger problems are gone,
>>
>> Thanks Again
>>
>> Greg
>>
>>
>> On Sun, 24 Apr 2005 23:14:02 -0700, "ServHi-Tech" <ServHi-Tech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>
>> >I get the same error but I am able to access Windows Update only if I disable
>> >Computer Configuration Settings under Default Domain Policy. I tried to
>> >change A LOT of settings to find the one that create this error. Got no
>> >luck yet...
>> >
>> >When you disable the policy, don't forget to do a "gpupdate" to refresh the
>> >policy. With Group Policy Management Console, you can import, backup &
>> >restore your GPO... Much more easier...
>> >
>>
>>

.

Relevant Pages

  • Re: How to enforce password protected screen saver globally?
    ... I changed our Default Domain Policy at 4:00pm yesterday and find this morning ... that all the XP clients are operating with the screen savers policy as ... The Win2K clients are not, ... to make changes to the screen saver time out and the password protection (not ...
    (microsoft.public.win2000.security)
  • Domain users can not change there password
    ... Hiya all, ... Windows2003 domain; XP/Windows2000 clients ... Domain Users are not able to change there password anymore when there ... We also remove the policy (from Domain Policy) but then the same error ...
    (microsoft.public.win2000.active_directory)
  • Re: Group policy defaults if the server is down
    ... latest cached domain policy. ... >> the clients from being able to access the SCO unix server. ...
    (microsoft.public.windowsxp.network_web)
  • Re: DHCP server RAS problems
    ... You have a domain policy on that 2003 server that has RRAS ... Just disable it in the domain policy and all 1000 clients will ... >> get an IP from your LAN DHCP server, or you have created a pool of ...
    (microsoft.public.windows.server.general)