This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 12%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWL%3C/text%3E%3C/svg%3E)
Any one seen this issue ,only occurring in about the last week. It maybe a wider issues globally. Not sure what triggered it.
Basically in the last few days some updates from 1809 to 1909, after completed, the local laptop certs are missing. Which is a problem for all our home users on VPN! (i.e. with covid still around)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 3%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Yes, i also confirm this issue has impacted around 300+ machines in my environment, Certificates are missing post 1909 upgrade on top of Oct month patch. Additionally SAP app is broken and we have to reinstall it to fix the login issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 74%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
This has just happened to me. I applied the 20H2 feature update and after the reboot, the laptop showed the "no internet" symbol in system tray. At first, I thought the WLAN driver was incompatible with 20H2 but I checked Device Manager and it was still there. Then I noticed the wireless networks were still "available", but when I tried to connect to the usual one, I got an error about needing a certificate.
So finally I checked the local machine certs, and lo and behold, all the certs in the Personal store had disappeared!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 22%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Is there any news update? I also encountered the same problem; there is no solution at present, please help!!
Hi,
Please refer to my previous reply to roll back and upgrade again with target OS installed 2020 9B / 10B package or later.
Bests,
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for your reply.
Is there a solution for upgrading to 1909 under the status of 1809?
Because the computer has been upgraded to 1909, the client certificate will be removed. The IP cannot be obtained (My company has ISE wired authentication), and IT personnel need to deal with the computers one by one.
Is there a solution that does not require rollback? (Such as installing other PATCH or adjusting the machine code in advance)
Thank you for your assistance!
Hi,
In the existing status, It is strongly recommended to rollback. If there is no actions was performed in those 10 days, Windows.old file will be removed and will causing not able to roll back. So at least, change default roll back day with DISM command line.
We have not heard any patch about it. Also as I know it is not available to adjust the machine code.
Bests,
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 95%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGE%3C/text%3E%3C/svg%3E)
although apparently issue doesnt occur if you have dynamic updates enabled and the machine can access the internet during the feature upgrade.
Also if the device is connected to the office Lan the certs are, in the most part, restored quickly.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 27%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
I'm sorry, but a work around by rolling back isnt really a solution
I'm unable to carry on our rollout until this had a resolution as like many companies atm we cant afford to stop our people using their systems in the current climate when they are working from home.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 50%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER0%3C/text%3E%3C/svg%3E)
I can also can confirm the issue.
Windows 10 Enterprise x64 Edition, we are updating from 1809 to 1909 using the SCCM Upgrade Task Sequence.
Clients with the "2020-10 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4577668)" will fail if connected with VPN (wireless) during the update to 1909.
Computer Personal Certificates Store is empty, all certificates are missing, certificate chain broken.
you can fix this my updating the WIM used to upgrade with the October CU.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 24%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDY%3C/text%3E%3C/svg%3E)
Exactly, I got an answer from Microsoft, the product team is still working on it but they don't know what is the exact KB that fix this issue yet but it seems that if you upgrade your WIM solves the issue (or if you enable the dynamic updates)
Thanks,
we are injecting the 1909 October CU into the 1909 Upgrade package using SCCM scheduled updates feature, hope this will solve the problem
Update:
Could I ask you a question based on your experience?
If 1809 installs KB4577668 before upgrading to 1909, can the certificates loss problem be solved after upgrading to 1909?
Thank you for your assistance!
Hi,
in our environment, we had to connect the device inhouse with a network cable and wait
until all certificates were in place again. But I think this depends on the environment.
No, you might got a misunderstanding about it.
If you want to upgrade from 1809 to 1909 without any issue, make sure 1909 have installed KB4580386, also don't forget to install their SSU before install it.
Please do not install KB4570333; KB4577069; KB4577668; or KB4580390 on 1809 devices if you not install KB4580386 for 1909 target image.
Bests,
Hi,
Config Manager customers that currently use or can switch to Task Sequence workflow can use the following steps to add 2020 10B updates to target OS image:
Below are the solutions for certs not migrating during an in-place upgrade when using ConfigMgr:
1) Use Scheduled Updates in ConfigMgr to add in the required updates to the Operating System Upgrade Package. This is basically offline servicing and updates install.wim in the Operating System Upgrade Package with the updates. This currently is the most straightforward solution which should work in all environments.
2) Download the latest Windows 10 ISO dated October 2020 or newer. Use the files from this ISO to replace the files from the current Operating System Upgrade Package by deleting all content from the source directory of the Operating System Upgrade Package and then replacing with the contents from the ISO. After updating the content update DPs.
3) At the Upgrade Operating System task, select the option Dynamically update Windows Setup with Windows Update and the sub-option Override policy and use default Microsoft Update. This technically is the easiest solution but requires that clients have access to the public Microsoft Update site. If you block access to the public Microsoft Update site this may not be a viable option for you
4) If you do not have access to the public Microsoft Update site, at the Upgrade Operating System task, select the option Dynamically update Windows Setup with Windows Update but do not select the option sub-option Override policy and use default Microsoft Update.
This will attempt to grab the dynamic update from the local WSUS server. This gets a bit trickier since the update needs to be approved and downloaded on the WSUS server itself. Notice, it means the WSUS server and not the ConfigMgr SUP/DPs. Windows Setup has no concept of ConfigMgr so it will only try to go to the WSUS server. This means content is downloaded from the WSUS server and not from DPs. For environments that have only one or a few WSUS server, this means ALL clients will go to that WSUS server and download content from that WSUS server. This might possibly overload the WSUS server. Additionally the dynamic updates will need to be manually imported into WSUS from the Microsoft Update Catalog site.
5) You can manually apply the dynamic update directly to the Upgrade Operating System Package:
a) Download the dynamic update from the Microsoft Catalog site
b) Extract the contents of the cab
c) Copy the contents from the cab into the source directory for the Upgrade Operating System Package, overwriting any files
d) Update DPs for the Operating System Upgrade Package
For options 4 & 5 when searching for the applicable dynamic update at the Microsoft Update Catalog site, search for the term Dynamic Update for Windows 10 Version 2004 and select the update dated 2020-10 or newer.
Related links:
Apply Software updates to an image
Manage OS upgrade packages with Configuration Manager
Create a task sequence to upgrade an OS in Configuration Manager
Dynamically update Windows Setup with Windows Update
Override policy and use default Microsoft Update
Import updates from the Microsoft Update Catalog
Bests,
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 39%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Do we have a date for when an "October or later" Windows 10 1909 x64 Enterprise ISO will be available on the Microsoft Volume Licensing Service Center as I can't see one on there at the moment?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 87%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
What about the feature updates KB3012973 for Windows 10 2004, how do we get it updated or do you re release this update?
Hi,
As I know, Windows 10 1909 have already integrated 2020 10B updates on VLSC.
We could run command line below to check the details of offline system image version (replace with your path):
dism /Get-WimInfo /WimFile:F:\sources\install.wim /index:1
Or if you have esd format image file
dism /Get-WimInfo /WimFile:F:\sources\install.esd /index:1
Check the image version is bigger(new) than 18362.1110, or should be 18362.1171.
Hi,
May I know where did you created this capture? From VLSC or other website?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 69%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
thanks to your post i checked out my upgrades and figured out where my and maybe your the problem is. Since October the recommended version for semi-annal channel is no longer 2004 but 20H2.
https://learn.microsoft.com/de-de/windows/release-information/
So for the upgrade to work we need the latest build, so it is no longer 2004 but 20h2 that we need.
Hi, I'm not sure how that is possible as the 1909 ISO was updated in September i.e. before the October patches were released. ![36815-image.png][1] [1]: /answers/storage/temp/36815-image.png
The screenshot is from the Servicing TAB in SCCM / MEMCM. No Task Sequence or WIM involved here.....
https://learn.microsoft.com/en-us/mem/configmgr/osd/deploy-use/manage-windows-as-a-service
https://systemcenterdudes.com/sccm-windows-10-servicing-plans/
