The Redmonds are investigating a new known issue. This issue leads us to a complete lack of system and user certificates after the update. This occurs on some Windows 10 systems managed by outdated installation media. Via update management tools, physical media or ISO images.
Computers updated through Windows Update or Windows Update for Business are not affected by this issue. Since they always receive the latest feature updates.
Microsoft is already working on a solution to recover certificates
Affected versions include client versions 1903 or later. And for servers, Windows Server 1903 or later, in managed environments.
“System and user certificates can be lost when upgrading a device from Windows 10, version 1809 or later to a later version of Windows 10,” Microsoft explains.
“Devices will only be affected if they have already installed a latest cumulative update (LCU) released on September 16, 2020 or later, and then upgrade to a later version of Windows 10 from” a media or installation source that does not have an LCU released on October 13, 2020 or later integrated. “
Problems appear when devices are updated with obsolete packages through the Update Management Tool. For example, Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, ISO images, or physical media.
The fix will arrive in a few weeks on Windows 10
Microsoft says it will provide updated installation media and updated packages in the coming weeks. As soon as a resolution is available for this new known issue.
BleepingComputer has contacted Microsoft for details on certificates lost due to this issue, but there has been no response yet.
Temporary solutions to the problem
While there is no workaround for this issue, for now we can try to fix it by upgrading to an older version of Windows 10.
“The uninstall window can last 10 or 30 days depending on how your environment is configured and which version you are updating to,” says Redmond.
“Next, you will need to upgrade to the latest version of Windows 10 after the issue is resolved in your environment.”
It is also possible to increase the number of days that you can revert to choosing a previous version of the system by using the following DISM command (be sure to do this before the uninstall window expires. by default):
DISM / Online / Set-OSUninstallWindow / Value:[days]
You can choose any time interval between 2 and 60 days; if it is less than or greater than this interval, the number of days after the update that an uninstall can be started will be set to 10 days.