Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.

AV Exclusions for ConfigMgr 2012

Peter Daalmans has compiled a really great post for AV exclusions for Endpoint Protection/ConfigMgr 2012.

Read the full post here.


System Center Updates Publisher 2011 Screencasts


The Complete SCUP 2011 installation and configuration guide

Fellow MVP Kent Agerlund has a great post with a nice download for installing and configuring SCUP 2011. 

Read his original post here.

The latest version of System Center Custom Updates Publisher 2011 is released and ready for download. SCUP 2011 is a freeware tool from Microsoft that can assist you in authoring and publishing 3rd. party updates to Configuration Manager and System Center Essentials.

To get you started you can download the complete SCUP 2011 installation and configuration guide here I hope the guide can save you a few hours of work and get you up and running with SCUP today.

In my guide I have references to two files used to deploy the needed certificates. Those are:

Certutil.exe and certadm.dll, both files are part of the Windows Server 2003 Administration Tools Pack.

Happy “Scuping”


How To – System Center Updates Publisher 2011 Installation

New in System Center Updates Publisher 2011

  • Simpler setup with no database installation

  • An improved user interface that allows better control of managing software updates

  • Improved applicability rule authoring experience

  • Improved performance when importing and managing software updates

  • The ability to create software update bundles

  • The ability to define prerequisite and superseded updates as part of a software update definition

  • A new “Automatic” publication type with which Updates Publisher 2011 can query Configuration Manager to determine whether the selected software updates should be published with full content or only metadata

  • A new Software Update Cleanup Wizard that you can use to expire software updates that exist on the update server, but are not in the Updates Publisher 2011 repository

Download SCUP 2011 here.

Required pre-req: Microsoft .Net Framework 4

Required pre-req: WSUS-KB2530768

After installing the required .Net Framework 4 and KB2530768, launch the installation.


Accept the license agreement and select “Next”.


Change the installation path, or accept the defaults, click “Next”.


Click “Next” to start the installation.


Once the installation has finished, click “Finish” to close the installation program.


Once installed, you will have a new SCUP 2011 program group.


Here we can see the new 2011 console successfully launched.



Unable to Publish Updates using SCUP – Exception occurred during publishing

Was having some trouble getting SCUP to publish updates on my lab today and this TechNet post solved my issue.

Read the full post here.

I was talking to my buddy Clifton Hughes today and he mentioned an interesting issue that we’ve seen a couple times concerning an error you get when trying to publishing updates to WSUS via System Center Update Publisher.  In this particular case, when you try to publish an update you would get the following error in the UpdatesPublisher.log:

Publish:  : Exception occurred during publishing: Verification of file signature failed for file: \\<serverName>\UpdateServicesPackages\<AppName_abf10b91-bfa6-44ff-aa54-099e4bf1487d\

You may also see this error:

"Exception occurred during publishing: Verification of the signature failed for fil" for each of the updates attempted.

To resolve this one, add the self-signed WSUS certificate to the Trusted Publishers Store and the Trusted Root Certification Authorities store on the Update Publisher machine as follows:

1.             Click Start, click Run, type MMC in the text box, and then click OK to open the Microsoft Management Console (MMC).

2.             Click File, click Add/Remove Snap-in, click Add, click Certificates, click Add, select Computer account, and then click Next.

3.             Select Another computer, type the name of the update server or click Browse to find the update server computer, click Finish, click Close, and then click OK.

4.             Expand Certificates (update server name), expand WSUS, and then click Certificates.

5.             In the results pane, right-click the desired certificate, click All Tasks, and then click Export.

6.             In the Certificate Export Wizard, use the default settings to create an export file with the name and location specified in the wizard. This file must be available to the update server before proceeding to the next step.

7.             Right-click Trusted Publishers, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.

8.             If a self-signed certificate is used, such as WSUS Publishers Self-signed, right-click Trusted Root Certification Authorities, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.

9.             Right-click Certificates (update server name), click Connect to another computer, enter the computer name for the Updates Publisher computer, and click OK.

10.           If Updates Publisher is remote from the update server, repeat steps 7 through 9 to import the certificate to the certificate store on the Updates Publisher computer.

Once you do this you should be good to go.

A special thanks to Clifton Hughes and Vinay Pamnani for doing all the leg work in tracking this down and getting it documented.