Windows server update disallowed/untrusted certificates in a disconnected environment RRS feed

  • Question

  • I've been reading all of the KB articles around auto-updates for revoked certificates and the ones about doing this in a disconnected environment and I have yet to find anything with actual instructions on how to do it. Most of our servers do not have internet access but we can access Microsoft Update if we enable the use of a proxy server. Normally the servers have no access to any internet sites but a few like WSUS or Symantec do have access to specific sites.

    Ideally I'd like to have the servers update the allowed/disallowed certificates via Windows update (via a temporary proxy setting )but doing an offline update would be fine if online updates cannot be accomplished.

    All of the servers have update KB2813430 installed but none have KB2677070 installed. From what I've read, as long as you have one you should be able to get the updates by manually running Windows update (in our case with the proxy connection). For whatever reason the servers are not getting the updates. I've checked by filtering the application logs for any CAPI2 entries. I'd really like to get the online updates working using the proxy if possible.

    If it would be better to use offline updates in our environment that would be fine but I've been unable to find any articles that give specifics on how to set everything up. This is the closest I've come to an article on doing the offline updates but I'm confused but a lot of what's written:

    Tuesday, July 7, 2015 4:16 PM


All replies