Over 600 Domain computers won't get windows updates


certutil also has a -syncWithWU switch that, well, syncs with WU. :)
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2 [rev. 4652]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC12WSHi7
    CPU
    12th Gen Intel Core i7-1260P, 2100 MHz
    Motherboard
    NUC12WSBi7
    Memory
    64 GB
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    built-in Realtek HD audio
    Monitor(s) Displays
    Dell U3219Q
    Screen Resolution
    3840x2160 @ 60Hz
    Hard Drives
    Samsung SSD 990 PRO 1TB
    Keyboard
    CODE 104-Key Mechanical with Cherry MX Clears
    Antivirus
    Microsoft Defender
pjudkins said:
That key doesn't exist on this machine
Click to expand...
That's very strange. A clean install (just did one) creates an empty sub-tree hierarchy for AuthRoot.

Wonder if a domain-wide "extinction event" clobbered this key (or another setting) at the same time. And it doesn't show up for machines created since then.
 

Attachments

  • Windows 11 x64-2025-07-08-21-22-30.webp
    Windows 11 x64-2025-07-08-21-22-30.webp
    43.7 KB · Views: 1

My Computer

System One

  • OS
    Windows 7
pjudkins said:
The only common denominator I can find is it looks like all of these were upgraded from windows 10 to windows 11.
Click to expand...
Windows does not handle upgrades well, usually a second upgrade or a repair upgrade fixes that.
I would reset Catroot2 to see, what happens, eventually SoftwareDistribution's Download folder.
 

My Computer

System One

  • OS
    Windows 11 Home Insider Canary
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.25 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NextDNS blocking 95% TLDs
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    Notifier: Xiaomi Mi Band 9 Milanese (10/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
No need to reset any folders. OP has already found that it’s a certificate issue. The only remaining item is figuring out what caused the cert issue.
 

My Computer

System One

  • OS
    Windows 11 Pro 24H2 [rev. 4652]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel NUC12WSHi7
    CPU
    12th Gen Intel Core i7-1260P, 2100 MHz
    Motherboard
    NUC12WSBi7
    Memory
    64 GB
    Graphics Card(s)
    Intel Iris Xe
    Sound Card
    built-in Realtek HD audio
    Monitor(s) Displays
    Dell U3219Q
    Screen Resolution
    3840x2160 @ 60Hz
    Hard Drives
    Samsung SSD 990 PRO 1TB
    Keyboard
    CODE 104-Key Mechanical with Cherry MX Clears
    Antivirus
    Microsoft Defender
Tester said:
Can you try to manual trigger the cert update to see if that works?
terminal with adminrights.
certutil -pulse

afterwards check with (can take a few seconds after pulse before output shows:
certutil -verifyctl AuthRoot | findstr /i "lastsynctime"
Click to expand...
The pulse completed successfully, The last sync time still shows a date of 3/21/2024, I waited about 10 minutes to give it a chance to and did the sync time again and it still didn't change.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo
pseymour said:
certutil also has a -syncWithWU switch that, well, syncs with WU. :)
Click to expand...
I still haven't found the cause, but the fix appears to be working, I'm going to have cybersecurity push a GPO to all 652 remaining computers with the issue, then I will spot check 50 or so to make sure they are doing updates.

Can you tell me the full syncwithWU command?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo
garlin said:
That's very strange. A clean install (just did one) creates an empty sub-tree hierarchy for AuthRoot.

Wonder if a domain-wide "extinction event" clobbered this key (or another setting) at the same time. And it doesn't show up for machines created since then.
Click to expand...
we use lansweeper to monitor all of our network devices, I cant find a single computer on our domain with that key
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Lenovo
You must log in or register to reply here.

Similar threads

'Get Windows updates as soon as they are available' is greyed out
Replies
9
Views
4K
FreeBooter
FreeBooter
Get Windows updates as soon as they're available for your device
Replies
6
Views
2K
Murray Sobol
M

Latest Support Threads

Latest Tutorials

Back
Top Bottom