Exclude the relevant files in your Bitdefender https://forums.mydigitallife.net/th...dates-eligibility.80606/page-363#post-1782089
Interesting idea. I checked the "Computer" certificate store and the "Windows update" "Service" certificate store. All Microsoft certificates are up-to-date/same. Only differences are in Verisign certificates - doesn't sound like MS would use those for WUAU. The file "wsus3setup.cab" is signed; root CA is Microsoft, certificate expired 2021 but is in the certificate stores. Signing CA "Microsoft Update Signing CA 1.1" certificate expired 2021 and couldn't be found on certificate stores on either a working Server 2008 R2 or this problem Server 2008 SP2. Countersignature signing CA is "Microsoft Time-Stamp PCA" ("Microsoft Time-Stamp PCA 2010" for SHA-2, expires 2025) which also expired 2021 and couldn't be found on either working or not working Windows certificate stores. Lastly, the file signature itself expired 2013. I suspect that validity times are simply ignored. Viewing the certificates involved displays "This certificate is OK." for all. So I guess the certificates are OK. The dependency updates were installed before running installer, like SHA-2 support which I assume could cause issues with signatures. Inspecting "wsus3setup.cab" on a working 2008 R2, the signatures are different. Root CA is MS 2011 and not 2010; issuing CA is MS Signing CA 2.2 and not 1.1. I actually installed manually all the updates, including .NET, successfully. But I would really prefer this to work with WSUS server A common theme in this very long thread seems to be of user error. The same things repeat again and again, such as not disabling antivirus. And it is frustrating to try to find useful information in the sea of... let's just say not useful (to me) posts. Several of my 2008 R2 machines are working excellent with v11/v12 of the bypass so again a big thank you to everyone involved! It is just this 2008 SP2 machine that is giving me trouble.
I agree 100%. I used the proxy to update my Acer Aspire Win7 Premium 32/64 laptop for Jan & Feb 2023 updates. Closed unneeded programs & any security monitoring software FIRST. Then updated following instructions. Included several restarts & WU turned OFF. Flawless. Then I followed instructions to remove proxy & installed v12 bypass & wsus update. I chose option 3. Restarted. Then fired up WU & it gave me 2 more security related updates before the Mar 2023 full updates arrived. WU gave me the Win7 embedded & 2008 R2 versions. Following advice I hid the 2008 R2 updates & then updated, restarted & with all security software OFF. Flawless again. Restarted & checked WU. The 2008 R2 versions disappeared. Now I have received a couple of security updates since then with 2 weeks left before Apr 2023 monthly updates. Thanks to all who worked hard to give us this extended security for Win7. Do Not Forget to turn your security software back on when updates are done.
If I understand correctly if you start mmc.exe, add the certificates snap-in and look under Trusted Root Certification Authorities you will not have: Microsoft Root Certificate Authority 2011 If so you should install the attached certificate, the included certmgr.exe comes from the Win7 SDK. (It would probably be best not to trust a random guy on the internet when installing a root certificate). But this is the way I do it on embedded machines with no internet access... The file needs to be run with full admin access (launch cmd.exe by rightclicking and selecting run as administrator). The correct command with both the EXE and certificate in the same folder would be: certmgr.exe -add MicRooCerAut2011_2011_03_22.crt -s -r localMachine root
Talking about a new install of the latest Windows 7 Client MSDN ISO of 2011 (en_windows_7_enterprise_with_sp1_x64_dvd_u_677651.iso), Instead of going through the hours to install all updates via Windows update since then, can I install Simplix pack first, then do everything after "after full update to january 2023 stop windows update service" to get post 2023-01 updates via Windows Update as Windows Server 2008 R2? After that install ".NET 4 ESU Bypass" from "BypassESU-v12_u" to also get .NET updates from Windows update?
I think this is a misunderstanding. I specifically said "All Microsoft certificates are up-to-date/same". That means 2011 CA cert is there in the store. When I said "signatures are different" I am talking about signatures on "wsus3setup.cab" on problem 2008 SP2 machine vs "wsus3setup.cab" on a working 2008 R2 machine. I did not mean that the CA certificates are somehow different between the machines - only the signatures of the file that gives the error. But thank you for your time & attention on my insignificant issue!
Sorry for being a nonsesnse but I feel a little rusty...So I ran v12 without uninstalling v11 and I only have choices 2,4,7,9 and what about the wim integration ? Any help is welcome.
@abbodi1406 I found an issue where immediately after installing WU ESU Patcher and setting option [1] Embedded 7 (and rebooting) it won't find Embedded 7 updates. But then changing category to option [2] 2008 R2 it does find those 2008 R2 updates, and then changing back to option [1] Embedded 7 it will then finally find Embedded 7 updates. Seen it a few times now in testing. Note: on W7 clients that find Embedded 7 updates right after installing WU ESU Patcher, the "Check for updates" always fails a few times with error, then eventually completes the check after repeated attempts and finds all Embedded updates. On W7 clients that do not find the updates, "Check for updates" always completes the first time very quickly, does not fail, but doesn't find updates, so maybe Windows Update is not re-scanning correctly after installing WU ESU Patcher and setting category option for the first time?
Clean/Reset DataStore.edb will probably solve the conflict Code: net stop wuauserv 2>nul net stop TrustedInstaller 2>nul del /f /q %SystemRoot%\SoftwareDistribution\DataStore\DataStore.edb 1>nul 2>nul pushd %SystemRoot%\SoftwareDistribution\DataStore\Logs rmdir /s /q . 1>nul 2>nul popd
If you clean/reset DataStore.edb, will it also remove the installed updates info in "View Update History"?
@nicolaasjan see the reply by @abbodi1406 to this post: https://forums.mydigitallife.net/th...dates-eligibility.80606/page-359#post-1779913 And also my reply further down: https://forums.mydigitallife.net/th...dates-eligibility.80606/page-360#post-1780274
Thanks. I don't have this Convenience rollup update KB3125574 installed here. So I can install all Server 2008 R2 updates, including the optional ones (without the "Best Practises Analyser" updates)?