Windows 10 Feature Upgrades Not Downloading or Check for ESD Decryption Issue

  1. Depending upon when you find out that you have an ESD decryption error the issue could apply to any Windows 10 Feature Upgrade.  Somewhere on the internet there is a list that states what Windows 10 feature upgrades are effected this is true except it applies to only the Windows 10 Versions that were released up to then so its not a definitive list. In this segment I will go over how to check if you have an ESD decryption issue and how to correct.  Keep in mind that I am only checking this on two builds that we have in our environment but depending upon your environment you may need to look at additional builds.
  2. Check if you have an ESD Issue for Build 1703 on your SQL Server by running the commands below.  If the results show 1 or more you have a problem for any build you have an issue.  If you receive a “0” for all the queries you are good.
  3. To Fix this issue: Within the WSUS or Software Management Point Disable the Upgrades Classification from WSUS and/or SCCM or by running the powershell command below.  The example is set to 1607 and 1703 but if you have other builds in your environment you will need to modify the below to fit your needs.

    4.  Run this SQL query below on your SQL Server with the builds associated in your environment to delete the bad digests/hashes.

    5. For this step follow this guide to install the hotfix and make the necessary adjustments  from Microsoft https://support.microsoft.com/en-us/help/3159706/update-enables-esd-decryption-provision-in-wsus-in-windows-server-2012

6. Make sure the server is fully up to date with the latest updates.  Avoid .net 4.7.   Make sure your WSUS Server has the following .esd MIME type added to your IIS Management Server for WSUS

7. Reboot your server – re-nable in SCCM/WSUS the Upgrades Classification and force a synchronization

8. After Synchronization is complete run the checks for #2 (remember to modify the code for each Windows 10 build you have in your environment to be safe it may be a good idea to get the entire list of builds to check against as newer builds will come out and will not be listed in this article) on the SQL Server you should receive “0” as your result.  This means the issue is gone.

If you still have anything higher than “0” you still have the issue.  You will need to go through the entire process again or see this article called “SCCM Reinstall SUSDB” to reinstall your SUSDB to start fresh.  The only parts you should do prior to reading this article is perform step #5 & #6.

Leave a reply:

Your email address will not be published.

Site Footer