Patch Lady – certificates lost

Topic

New Reply

In the Windows health release dashboard they list a new problem with lost certificates. System and user certificates might be lost when updating a dev
[See the full post at: Patch Lady – certificates lost]

Susan Bradley Patch Lady/Prudent patcher

7 users thanked author for this post.

Elly, lmacri, AngryJohnny75, abbodi86, woody, Microfix

Reply | Quote

Replies

[cptomes]

is M$ TRYING to make my life h***?  am I going to have to download and burn fresh isos for the latest feature updates every single month?  the fastest, least risky, and most reliable method for us to move machines to a newer feature update is to use dvd media.  not bootable usb sticks.  write-once dvd-dl that get used many times a week.

 

fix this c*** or I’m going to run away from m$ products faster than I did in 2007.

Hey look! Another Feature Update!

You mean I shouldn't click Check for Updates?

Where is the Any key?

• This reply was modified 4 years, 4 months ago by cptomes.

Reply | Quote

You and every other company will be pushing them to fix this.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

woody

Reply | Quote

Yes, Woody has been reminding us whenever a new version is imminent to make an iso file and squirrel it away. I made one for 1909 on May and one for 2004 mid-September — who knows if they would work, right now. I sure hope it gets fixed and soon!! With everything else that is going on, we don’t need this.

Reply | Quote

So what about RE-INSTALLING a version that one is one (and not moving to a newer version), using an iso file created in May (1909) or in mid-September (2004)? For example, if one is on 1909 and needs to re-install 1909? Or if one is on 2004 and needs to re-install 2004? Are lost certificates a problem in this case?

Reply | Quote

Per Woody’s and Susan’s advice I, too, created an ISO of 2004 on 9/17 and had already created an ISO for 1909 months earlier. I still am on 1903. I prefer updating from an ISO, but do not want to be a beta tester for 20H2. So updating via Windows Update is out the window for the moment, as that will only force one onto H2. ZDNet has an article by Ling Tung

https://www.zdnet.com/article/windows-10-bug-certificates-lost-after-feature-upgrade-were-working-on-fix-says-microsoft/?ftag=TREe331754&bhid=22904695043703025215242692660306&mid=13152271&cid=2094339401

that claims “Microsoft is working on a fix and will provide updated bundles and refreshed media in the coming weeks.” But does that mean they will release updated ISOs for 1909 and 2004? Or release replacements for the LCUs issued in September and October? Rather typical that the problem arises just prior to the end of support for 1809 and 1903, eh what?

Sort of funny (in perverse fashion) that jumping to H2 from an ISO created prior to Oct. 13 also will “getcha.”

1 user thanked author for this post.

Reply | Quote

If you have Pro, you can do the update through Windows Update to the version you want  by specifying either the correct number of Feature Deferral days OR using TargetReleaseVersion to specify the version.

If you have Home, you can use TargetReleaseVersion to specify the version you want. It is done by using two commands.

These methods are explained in AKB2000016.

Reply | Quote

MikeyD215 wrote:

So updating via Windows Update is out the window for the moment, as that will only force one onto H2

I have updated from 1909 to 2004 using Windows Update and 20H2 didn’t jump at me.
You can use the ‘TargetRelease..’ in GP (on Pro) or the registry (on Home) to lock into 1909/2004.

Reply | Quote

Yes, I know of this method of updating using the target release, and did use Power Shell to lock into 1903 until I elect to update. My question relates to whether release 1909 or 2004  or even H2 obtained through Windows Update will have both the Sept. and Oct. LCUs integrated into the releases, as opposed to updating after their installation. Read this information from Microsoft slowly; I read it twice just to be sure I understood what they are saying. The issue arises from updating from media or via WU to a release that does not have the Sept. and Oct. LCUs integrated. Will they integrate those LCUs into currently available releases of 1909 or 2004, for example, via WU?

“Devices will only be impacted if they have already installed any latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated,” Microsoft explains”

Reply | Quote

This issue is specific to those pushing upgrades via media and is not applicable to those using Windows Update or WUfB. From the Microsoft link:

“Note Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps.”

Reply | Quote

Yeah, so they say. But how trustworthy is this claim? Based on Susan’s recent survey, it seems that many of us lack confidence in Microsoft’s assurances, based upon past experience. You already have characterized their workaround as “laughable,” which indicates you, too, have at least some  disrespect for Microsoft. No one should be compelled to waste time dealing with this problem. Microsoft should fix it pronto and be prepared to offer full disclosure.

Reply | Quote

We finally had this issue reported internally. Thank you Susan for making this announcement. Some of us corporate types are still pushing the out-of-date media method to upgrade to 1909 so we were expecting this issue to arise sooner than later.

Some enterprises have various reasons for not using WUfB or Windows Update for pushing feature upgrade installations. Such as not enough control over the upgrade process and not enough Internet bandwidth for some users.

Microsoft’s suggested workaround to roll back to the previous version until a fix has been implemented in our environment is laughable. This is yet another black eye in the WaaS concept. In order to follow that advice, we basically would have to stop our 1909 upgrades until Microsoft gives the all clear. We’re better off just re-applying the certificates after the upgrade. I wonder if Dynamic Updates would resolve this.

It is things like these that make me despise WaaS. The WaaS concept in general is the single biggest issue that I have with Windows 10 a.k.a. “the final version of Windows.”  Come on Microsoft, you’ve been doing this for 5 years already. Why is the WaaS process still so painful at times?

Reply | Quote

MikeyD215 wrote:

Yeah, so they say. But how trustworthy is this claim?

I updated 2004 with Oct. patched to 20H2 using Windows Update. No certificate or any other problems.

Reply | Quote

Yes, they say that the problem is not updating via WU. It’s updating via media such as previously created iso files.

Reply | Quote

[EP]

well WCHS I manually updated from Win10 1909 to 2004 on a Toshiba laptop using this updated 2004 ISO image from MSDN/MVS:

en_windows_10_consumer_editions_version_2004_updated_oct_2020_x64_dvd_25512d0f.iso

I did not experience any certificate problems using this one rather than the old 2004 ISO install media from the Win10 ISO download page.

maybe Microsoft should provide some of those updated ISOs that MSDN/MVS subscribers are getting each month to those affected enterprise users who are experiencing those certificate problems.

• This reply was modified 4 years, 4 months ago by EP.
• This reply was modified 4 years, 4 months ago by EP.

Reply | Quote

EP wrote:

maybe Microsoft should provide…

And for a working updated 1909/2004 iso image, what is currently available to those who are not enterprise users or MSDN/MVS subscribers?

Reply | Quote

I do not even see the thread I thought I started. I may try it again and hope DA BOSS understands.

 

Reply | Quote

original was caught by anti-spam on quick edits.
Slow down..on edits or it just disappears (give it 5-10 mins before edit)

If debian is good enough for NASA...

Reply | Quote

Does this situation mean that we can repurpose usb’s containing iso’s for 1909 & 2004 due to the certificate problem?  Apparently the only upgrade path now to 2004 is by Windows Update.

Is it likely that MS will release updated iso’s for versions 1909 & 2004?

 

Reply | Quote

I upgraded to 20H2 using the MCT USB stick, and the only certificate issue I’ve encountered was for outlook.com.  I was given the option to continue using the website and/or install the certificate.

I installed the certificate using the defaults, then clicked on “Yes” to continue using the website, and that cleared the issue.  No other certificate issues have cropped up.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I am just an ordinary user (not a system admin) and have multiple devices all at Win10 Pro 1909 with October updates installed just days ago. My feature upgrades have always been done using the ISO images saved from Media Creation Tool. This has always been the simplest and easiest for me. But now it sounds my 2004 ISO on DVD is no good, and I don’t know what to do. I really don’t want to do multiple upgrades via Windows Update. It would be best if I had a way to get a more current 2004 ISO, but I don’t belong to anything like MSDN/MVS. What to do? Do I uninstall KB4577671 (or restore from system image backup made prior to October updates)? Do I do nothing and hope that Microsoft provides an updated 2004 ISO for us ordinary people? Do I accept that Windows Update is now my only choice? I REALLY had been loving the update deferral GUI options in Pro and had upgraded from Home just to get them. I feel a bit intimidated to lose the GUI options in 2004, but realize I will someday. Had been trying to understand the 2004 Group Policy equivalents and was on the verge of taking the plunge to 2004. I think I’m basically asking the same questions everyone else is – what to do? If I want to undo the October CU one way or another, best to do it now before baked in even further. I am really angry at Microsoft for blowing up the ISO upgrade path. What should ordinary folk (non-sysadmin types) do now?

2 users thanked author for this post.

SkipH

Reply | Quote

Be patient. This impacts enough people that MS should issue fresh ISOs before 1909 is EOL in May 2021. Beside, 1909 is more stable at this point anyway.

Reply | Quote

Is it correct that a 1909 iso, made right before 2004 was released, could be used to re-install one’s current 1909 version, if this problem had not otherwise occurred? If so, what does one do, if one needs to re-install before this gets fixed?

Reply | Quote

Reinstall is not an issue, only updating (leaving existing files on disk).

Why reinstall when you should have an image backup to restore?

cheers, Paul

Reply | Quote

If what you say is true, then I will not be able to use the 2004 ISO that I created to upgrade, which I had planned to do this weekend. All of the files inside the ISO are dated 8/8/2020, and I have done updates via Microsoft Update since Sept 16, 2020.

It sounds like my only option is to do the 2004 upgrade via online update.  I am considering setting the target release using the instructions for Windows Home linked above by PKCano.

Thoughts?

Reply | Quote

I have upgraded to 2004 using Windows Update after setting TargetRlease.. to 2004.
I then disabled TargetReleas and got and updated to 20H2.

1 user thanked author for this post.

brian1248

Reply | Quote

You can do it online or wait a little longer for MS to update the ISO images, then download a newer one via the Heidoc app.

cheers, Paul

1 user thanked author for this post.

brian1248

Reply | Quote

[gborn]

I’ve reported this issue to MS end of October, after I covered it in the blog post Windows 10 forgets certificates during upgrade – at that time we thought, it was caused by October 2020 Updates. Glad, MS confirmed, that it was caused by Sept. 2020 Updates in conjunction with some not refreshed builds.

It hits some people forced to home office – they where no more able to use their VPNs.

And, what MS didn’t say: The certificate issue also affects Office 365 downloads (but I’m not sure, if it’s the same error). See:  Office 365: Download fails (in ConfigMgr) after Oct. 2020 Updates

Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

https://www.borncity.com/win/

• This reply was modified 4 years, 4 months ago by gborn.

Reply | Quote

[EP]

pastebin links to updated 1909, 2004 & 20H2 install media ESDs with Oct 2020 updates integrated that fix the “lost certificates” problem

WSUS links for 1909 build 18363.1139

WSUS links for 2004 build 19041.572

WSUS links for 20H2 build 19042.572

now if only MS would issue updated 2004 & 20H2 ISOs on MS Techbench (with build .572) that include the Oct 2020 updates instead of just issuing them to MSDN/MVS suscribers

• This reply was modified 4 years, 4 months ago by EP.

Reply | Quote

EP wrote:

pastebin links to updated 1909, 2004 & 20H2 install media ESDs with Oct 2020 updates integrated that fix the “lost certificates” problem

What is the purpose of these links? How can the run-of-the-mill novice user who has previously used the MCT to download an .exe file that would produce an iso file use these links??

Reply | Quote

https://www.thurrott.com/windows/windows-10/243391/tip-download-any-version-of-windows-10  See that post.  I doubt they will make the tool offer up all versions, but it’s clear that it’s getting easier and easier to find ways to download the version you want.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

wavy

Reply | Quote

Susan Bradley wrote:

I doubt they will make the tool offer up all versions,

So, in following the instructions at that link, we will get good .exe files that the Media Creation Tool would otherwise produce for creating new, good iso files for 1909, 2004, and 20H2 that will not have the ‘lost certificate’ problem?

Reply | Quote

or as an alternative, ask a willing MVS subscriber to give you any of the following refreshed 1909 and/or 2004 ISOs (google search for them):

(Win10 v2004 consumer US English ISOs updated Oct. 2020 – build 19041.572)
en_windows_10_consumer_editions_version_2004_updated_oct_2020_x64_dvd_25512d0f.iso
en_windows_10_consumer_editions_version_2004_updated_oct_2020_x86_dvd_79847e1f.iso

(Win10 v1909 consumer US English ISOs updated Oct. 2020 – build 18363.1139)
en_windows_10_consumer_editions_version_1909_updated_oct_2020_x64_dvd_809597f2.iso
en_windows_10_consumer_editions_version_1909_updated_oct_2020_x86_dvd_a209a4f8.iso

at least these Oct 2020 refreshed ISOs for 1909 & 2004 do NOT have the certificates problem

Reply | Quote

My problem is that I do not know any MVS subscribers to get these ISOs.

1 user thanked author for this post.

Reply | Quote

I downloaded the bat file tool mentioned in the article by Paul Thurrott and used it to download refreshed iso files for both versions 1909 and 2004. Worked like a charm. (Downloaded latest MCT into TEMP directory, downloaded .bat file tool zip into TEMP directory, extracted .bat file tool from zip into TEMP, then ran .bat. You wind up executing the MCT, but constrained to whichever feature version selected as the bat began.)

I checked to see if the refreshed iso files were of a different size than the iso files I had created in April (1909) and September (2004). Sure enough the 2004 iso was  larger than the one created in September. However, both iso files for 1909 were exactly the same size.

Does that sound reasonable?

1 user thanked author for this post.

castiel

Reply | Quote

I just queried the author of the batch file to see if he/she is linking to the newer version of 1909, v.18363.1139. Which would explain my finding, if it turns out he did not update the file to link to the October refreshed .iso.

“I just used this tool to create .iso files for updates 1909 and 2004. This tool worked like a charm. However, the 1909 .iso just created is exactly the same size (4,188,608 KB) as the .iso created last April, whereas the 2004 .iso just created is larger than the .iso I created just two months ago in September.

Is this tool grabbing the (October) refreshed version of 1909, v.18363.1139?”

I will post whatever answer he/she provides, although you can read the entire batch file code and all comments at the download site.

Here is a link to the batch file:

https://gist.github.com/AveYo/c74dc774a8fb81a332b5d65613187b15

 

1 user thanked author for this post.

castiel

Reply | Quote

Hi

You might be able to check on the Windows version, build and edition of the downloaded refreshed 1909 and 2004 ISOs by using the DISM tool. See the postings starting at https://www.askwoody.com/forums/topic/its-time-to-be-thinking-about-saving-a-copy-of-win10-v2004/#post-2295233

Cheers.

1 user thanked author for this post.

castiel

Reply | Quote

The DISM command confirms that the Windows 10 Pro 2004 iso I just downloaded using the MCT Wrapper bat file is indeed the one we all wanted that includes the October 13 update to Build 19041.572 (see below).

C:\WINDOWS\system32>dism /Get-WimInfo /WimFile:D:\sources\install.esd /index:6

Deployment Image Servicing and Management tool
Version: 10.0.18362.1139

Details for image : D:\sources\install.esd

Index : 6
Name : Windows 10 Pro
Description : Windows 10 Pro
Size : 14,602,004,750 bytes
WIM Bootable : No
Architecture : x64
Hal : <undefined>
Version : 10.0.19041            <—-
ServicePack Build : 572       <—-
ServicePack Level : 0
Edition : Professional
Installation : Client
ProductType : WinNT
ProductSuite : Terminal Server
System Root : WINDOWS
Directories : 23399
Files : 94838
Created : 10/9/2020 – 3:58:24 PM
Modified : 11/14/2020 – 11:13:31 PM
Languages :
en-US (Default)

The operation completed successfully.

 

Reply | Quote

The author of the batch program has acknowledged that he was NOT picking up the refreshed iso file for version 1909. That bug was corrected earlier today. I deleted his previous batch file and the 1909 iso I created with it and started all over again. This time I did get a different iso and used the DISM tool to verify that it is the correct version this time.

But it is 10. 0. 18362. 1139.

In the post by EP on 11/10/20 above there must be a typo, as it is identified as 18363 instead of 18362. I verified that it really is 18362 by checking the 1909 iso I downloaded last April and that version is 18362 also [build 592].

I now recommend this tool to anyone who wants correct iso files for 1909 or 2004, without waiting around for MSFT to make them available to everyone who wants them.

Reply | Quote

Actually, the Build for Win10 1909 really is 18363.

But you are correct – when I use DISM on my saved iso’s, DISM does display both 1903 and 1909 as Build 18362.

I now see this behavior had been noted and discussed in length back in May 2020 in the topic:

https://www.askwoody.com/forums/topic/nows-a-good-time-to-squirrel-away-a-copy-of-win10-version-1909/

Apparently, for me, ignorance really was bliss.

Reply | Quote

I am too much of a newbie and lost by all this. What would be most helpful is a definitive answer as to where and how to get a refreshed ISO for Win 10 Pro 2004 that would avoid the lost certificates problem. I do see locations from which to download ISO images, but not at all clear how current those images may be. Could someone with more expertise than me point us to where the refreshed ISOs can be downloaded and what Builds we should be looking for? Sorry to be so helpless.

1 user thanked author for this post.

Reply | Quote

Susan’s post on 11/10 has the answer you are seeking.

Go to Paul Thurrott’s web site to read how to use the batch tool that will enable you to obtain a corrected iso file for 2004. There is a link in that article that will take you to the site where you can learn more about the tool and download a zip tile containing the tool.

Here’s the article:

https://www.thurrott.com/windows/windows-10/243391/tip-download-any-version-of-windows-10 

Good luck!

Reply | Quote

That should be a zip FILE. (Maybe there actually is something called zip tile, sort of a step up from vinyl tile?)

Reply | Quote

I have the .iso file for 1909 on my desktop, but I didn’t include the build number in the name. I will be burning a DVD. Would there be a problem in renaming .iso file with more info in the name, before I burn it to a DVD?

Reply | Quote

I routinely rename the ISO, to be clear about the version number and date downloaded. The name change doesn’t alter anything, and makes it much easier for me to identify.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

I always use a USB stick these days. Faster and more flexible.

cheers, Paul

Reply | Quote

If I used Heidoc on Nov 13 to download 2004 did I get the corrected certificate version?

WSBJB

Reply | Quote

Probably. Use DISM to check and let us know.

cheers, Paul

1 user thanked author for this post.

WSBJB

Reply | Quote

Paul T wrote:

Probably. Use DISM to check and let us know.

cheers, Paul

Here is what I got with DISM.  It does say Windows 10 home?

Thanks,
WSBJB

Index : 1
Name : Windows 10 Home
Description : Windows 10 Home
Size : 14,212,376,596 bytes
WIM Bootable : No
Architecture : x64
Hal : <undefined>
Version : 10.0.19041
ServicePack Build : 264
ServicePack Level : 0
Edition : Core
Installation : Client
ProductType : WinNT
ProductSuite : Terminal Server
System Root : WINDOWS
Directories : 20255
Files : 87841
Created : 5/11/2020 – 12:49:13 AM
Modified : 5/11/2020 – 1:25:07 AM
Languages :
en-US (Default)

Reply | Quote

If you actually have the PRO version, then change the DISM entry to Index=6 and it will show as PRO.

Reply | Quote

The fixed images are post October.
ServicePack 264 is from May, as shown in the Created date.
You need at least SP 572.

See this page for version numbers and release dates.
https://en.wikipedia.org/wiki/Windows_10_version_history_(version_2004)

cheers, Paul

 

Reply | Quote

Paul T wrote:

The fixed images are post October.
ServicePack 264 is from May, as shown in the Created date.
You need at least SP 572.

See this page for version numbers and release dates.
https://en.wikipedia.org/wiki/Windows_10_version_history_(version_2004)

cheers, Paul

 

Thanks. Then how do I get Heidoc to download the right version? I did not choose May, I chose the most recent version offered AFAIO.

Sorry for the hassle. LOL I am usually the one helping people with windows, just not updates.

Thanks,

WSBJB

Reply | Quote

Have you tried the batch file version?
#2311344

cheers, Paul

Reply | Quote

Paul T wrote:

Have you tried the batch file version?
#2311344

cheers, Paul

I had not tried the batch file but just did and think I finally have what I need!  Service Pack 572. Seems like this is still the best and maybe only way to get the right version at least for 2004.

Thanks for all of your help,
WSBJB

Index : 6
Name : Windows 10 Pro
Description : Windows 10 Pro
Size : 14,602,004,750 bytes
WIM Bootable : No
Architecture : x64
Hal : <undefined>
Version : 10.0.19041
ServicePack Build : 572
ServicePack Level : 0
Edition : Professional
Installation : Client
ProductType : WinNT
ProductSuite : Terminal Server
System Root : WINDOWS
Directories : 23399
Files : 94838
Created : 10/9/2020 – 3:58:24 PM
Modified : 11/18/2020 – 12:30:23 PM
Languages :
en-US (Default)

1 user thanked author for this post.

Paul T

Reply | Quote

WSBJB wrote:

I had not tried the batch file but just did and think I finally have what I need! Service Pack 572. Seems like this is still the best and maybe only way to get the right version at least for 2004.

Will this 2004 iso file burn to a 4.7GB DVD? Or is it too large?

Reply | Quote

WCHS wrote:

WSBJB wrote:

I had not tried the batch file but just did and think I finally have what I need! Service Pack 572. Seems like this is still the best and maybe only way to get the right version at least for 2004.

Will this 2004 iso file burn to a 4.7GB DVD? Or is it too large?

It is 4.174 GB

WSBJB

Reply | Quote

You may need a DVD+R DL if the ISO is too big to burn on a DVD+R.

Reply | Quote

PKCano wrote:

You may need a DVD+R DL if the ISO is too big to burn on a DVD+R.

I understand that 20H2 has (Chr)edge baked in. My 20H2 iso is 4.57GB — cutting it close for a single layer DVD+R (4.7GB). I haven’t tried burning it yet, using CDBurnerXP. Can I assume that I will get an error message, if it doesn’t fit?

BTW, for 20H2, Thurrott’s .bat file calls it ‘2009’ Compare that to GP TRV=2010

Reply | Quote

The size you gave is for the ISO, not the expanded image.
CDBurnerXP should give you a message if the disk is not big enough.
I quit trying to burn the ISOs to a regular DVD. I just go ahead and use the DVD+R DL.

Reply | Quote

WSBJB wrote:

It is 4.174 GB

My DISM report reads exactly like yours for 2004-572, except for the “Modified” date.
The Properties info for the .iso file says 4,273,733,632 bytes=3.97GB and the file size of the file on the desktop is 4,173,568 KB.

Reply | Quote

[EP]

Microsoft “resolved” this certificates issue with the following quote on Nov. 17:

Resolution: This issue is now resolved when using the latest feature update bundles and refreshed media. Feature update bundles were released November 9, 2020 for Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. Refreshed media was released November 3, 2020 on Volume Licensing Service Center (VLSC) and Visual Studio Subscriptions (VSS, formerly MSDN Subscriptions). For information on verifying you’re using the refreshed media, see How to address feature update refreshes in your environment. If you are using or creating custom media, you will need to include an update released October 13, 2020 or later.

Note If you are updating to Windows 10, version 20H2, this is only resolved with the feature update bundle released November 9, 2020. Refreshed media is not yet available on VLSC or VSS. Refreshed media for VLSC and VSS will be released in the coming weeks to address this issue and another known issue that requires a media refresh. Please check the known issue here for the status of the remaining Windows 10, version 20H2 known issue.

if upgrading from older Win10 version to 2004 with ISO, use the following ISOs from VSS/MSDN (build 19041.572):
en_windows_10_consumer_editions_version_2004_updated_oct_2020_x64_dvd_25512d0f.iso
en_windows_10_consumer_editions_version_2004_updated_oct_2020_x86_dvd_79847e1f.iso

if upgrading from older Win10 version to 1909 with ISO, use the following ISOs from VSS/MSDN (build 18363.1139):
en_windows_10_consumer_editions_version_1909_updated_oct_2020_x64_dvd_809597f2.iso
en_windows_10_consumer_editions_version_1909_updated_oct_2020_x86_dvd_a209a4f8.iso

google search for these or their SHA hashes

note – refreshed 20H2 install ISO media is not yet available from MS

• This reply was modified 4 years, 3 months ago by EP.
• This reply was modified 4 years, 3 months ago by EP.

Reply | Quote

@EP, Can you provide a link to this MS quote?

Reply | Quote

https://docs.microsoft.com/en-us/windows/release-information/resolved-issues-windows-10-1909#1513msgdesc

Google is your friend.

Reply | Quote

This seems to be the exact 2004 version I got using the batch file.

WSBJB

 

Reply | Quote

Something weird? I used the Windows 10 2004 ISO downloaded via the MCT Wrapper bat file to upgrade from Windows 10 Pro 1909 to 2004. The DISM command had shown the ISO file to be Build 19041.572 (October 2020) that should avoid the “lost certificates”. Upgrade appeared successful and winver command showed the Build as 19041.572 as desired and expected. But when I ran wushowhide (quality deferral set via Group Policy to 30),  KB4579311 unexpectedly appeared in the update list. KB4579311 was the October 2020 update to 2004 that was tied to the “lost certificates”. Since the ISO I used was the Build 19041.572 version for 2004 and had been verified with DISM before using and then winver after the feature upgrade completed, why would wushowhide think that KB4579311 was needed to be installed? I would have expected KB4579311 to be “baked into” the October 2020 ISO.

Has anyone actually used the ISO downloaded via the MCT Wrapper bat file to perform a feature upgrade to 2004?

That said, I have not noticed anything not working, but I feel uncomfortable by what wushowhide reports. I changed the quality deferral via GP from 30 to 0 and ran wushowhide again which now picks up the November 2020 KB4586781 to take me to Build 19041.630 as verified using the winver command.

Still uneasy that KB4579311 showed up as an available update (since I thought it would have been in the Build 19041.572 ISO used to upgrade).

Has anyone else used the MCT Wrapper bat ISO download as I did? Or can anyone explain or guess why KB4579311 even showed up?

I am sorely tempted to go back to 1909 by a system image restore I made before the upgrade.

Reply | Quote

castiel wrote:

Still uneasy that KB4579311 showed up as an available update (since I thought it would have been in the Build 19041.572 ISO used to upgrade).

I looked in the MS-Catalog and KB4579311 was listed there, I think, as the enhancement package for 20H2, released 10/19/2020.

Reply | Quote

It appeared as: 2020-10 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB4579311).

Is KB4562830 the Enablement Package to get from 2004 to 20H2 (?).

For KB4562830:

Prerequisites

You must have the following prerequisites installed before applying this update:

Servicing stack update for Windows 10, version 2004: September 8, 2020 or a later servicing stack update
October 13, 2020—KB4579311 (OS Build 19041.572) or a later cumulative update

Maybe I have been looking at this too long…

Reply | Quote

You are correct. KB4562830 basically turns on the features for 20H2 that are already in place, but turned off, in v2004.

Reply | Quote

Yes, I mispoke/misread the MS-Catalog in #2317128.

Reply | Quote