Common Errors and Resolutions for System Center Updates Publisher 2011

System Center Updates Publisher 2011 has been released recently.
You can download it now from: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=083f45ca-1ede-4f7a-be74-77854c3a9b01&displaylang=en

When you start your surfing on the new release of SCUP, you may encounter some common errors. This blog will list some of the common error you may receive and tell you the reason and how to solve it: 

Error code/info

Possible reason and resolution

In SCUP.log

cannot access a closed Stream

WSUS hotfix not installed.

In SCUP.log

Publisher.SignPackageCab Error signing cab

You’re in a network without direct internet access.Uncheck the “Add timestamp when signing updates (requires internet connectivity)” in Options->Advanced.

In SCUP.log

WindowsDataProtection was unable to decrypt data

Only enable proxy when you actually need it to download from internet.And disable proxy when you need to download content from local UNC.

In SCUP.log

CabUtilities.CheckCertificateSignature File cert verification failed for \\minfang2\UpdateServicesPackages\f19878e1-020a-41c0-a2d9-47a0ccaffbeb\247cff60-f85c-48f8-ba37-ebcaaa831540_1.cab with 2148204810 Publisher.VerifyAndPublishPackage VerifyAndPublishPackage(): Failed to Verify Signature for file: \\minfang2\UpdateServicesPackages\f19878e1-020a-41c0-a2d9-47a0ccaffbeb\247cff60-f85c-48f8-ba37-ebcaaa831540_1.cab

If you’re using a pfx file to create the signing certificate, make sure you have imported its root CA into the Trusted Root CA and Trusted Publisher Store.

In WindowsUpdate.log

Update failed to install with error code:0x80242009

The msp package doesn’t have FullFilePatchCode attribute.

In WindowsUpdate.log

Update shows not applicable:WARNING: update {7A546DBB-8BB9-4245-B043-2F0D50CF063F}.1 has no install blob, prune itAnd finally it will failed with error code 0x80240017 in SMS log (SUS_E_NOT_APPLICABLE, install is not needed)

Try to install an update that has been published as metadata only. Customers need to publish it as full content again before they deploy it to client.Metadata only publish is for scan purpose only.

In WindowsUpdate.log

Update is not trusted:WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\Download\

c82fa2bbf58594e72a7d6fcdd0e61459_ctc\sccm2007ac-sp2-kb977384-x86-enu.cab are not trusted: Error 0x800b0109

Check wsus certificate is imported and “Allow signed content from intranet Microsoft update service location” is enabledhttp://technet.microsoft.com/en-us/library/bb530992.aspx

In WindowsUpdate.log

Update is not trusted:Trusted Publisher: No2010-12-05 18:48:15:578 868 cb0 Misc WARNING: Digital Signatures on file C:\WINDOWS\SoftwareDistribution\Download\

c6872cb69b5355433e2bd4a1c75a3399ef1ffb2d are not trusted: Error 0x800b0004

Verify if you have published this update as metaonly.

In PatchDownload.log

Patch download fail:Connected to \\SCCMVM01232\root\sms\site_CAR Software Updates Patch Downloader 3/31/2011 6:49:34 PM 6420 (0x1914)Download destination = \\sccmvm01232\sus\6c4996dd-2d0b-4607-8735-f250fadf3041.1\Advert.exe . Software Updates Patch Downloader 3/31/2011 6:49:35 PM 6420 (0x1914)Contentsource = http://updatespublishermetadataonlysoftwareupdate/ . Software Updates Patch Downloader 3/31/2011 6:49:35 PM 6420 (0x1914)Downloading content for ContentID = 43, FileName = Advert.exe. Software Updates Patch Downloader 3/31/2011 6:49:35 PM 6420 (0x1914)HttpSendRequest failed 12007 Software Updates Patch Downloader 3/31/2011 6:49:35 PM 3960 (0x0F78)

Verify if you have published this update as full content.