anyweb

I think they are stuck in progress because they never continue, they've failed during/after the reboot, only digging into the smsts.log will you know for sure, but that should reveal the cause

welcome to the forums ! we are happy to help

it's not broken, you just need to be logged in as a member to download files from windows-noob.com now you are so please try again.

ah is there a child task sequence involved ? Run Task Sequence step is disabled. Not including child task sequence with package ID 'PRI004CA' into the sequence.

create a virtual machine machine the same setup as your primary, install SQL, and restore the db on that vm, that would be how i'd do it...

you need the actual sql server 2017 ISO (the cd) in drive d:\ or whatever drive you are attaching it to... that is the installation media

what does the smsts.log tell you ?

how did you install sql ? that's where the sql accounts) are defined...

no problem, I've reminded them that people are seeing it so hopefully a bug fix will come soon

it's a bug, the microsoft product group are aware of it, it doesn't happen for everyone, just some people cheers niall

so again, what is causing it to be critical, what do the status messages say ?

I don't understand what you are saying...

and what is it complaining about ?

warnings are just that, warnings. They are not errors. It looks ok to me...if you look at the actual status of the individual components that have warnings, how do they look ?

ok back to the basics, are you upgrading the site using the inbuilt upgrade ability, or what are you trying to do exactly

restart the server and see is your problem solved

you said and i quote... you need to configure your antivirus exclusions in THAT product if it's the product that is doing antivirus on your configmgr server... is it ?

...

here you go https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/recommended-antivirus-exclusions

can you uninstall the antivirus software, reboot the server and try again, or if you cannot uninstall it, create exclusions for SMS related files and folders

what version of configmgr is it ? and do you use 3rd party antivirus ?

also, have you seen this post from Eswar, he's not using PKI either but it's working for him http://eskonr.com/2021/01/certificate-error-while-deploying-an-os-over-cmg-using-bootable-media/

how are you deploying the feature update ? what does the windowsupdate.log tell you ?

so I got this back from the very knowledgeable Jason in the PG "The problem here appears to be that the cert on the CMG is issued by an internal CA and thus not trusted by the WinPE environment. Using a cert from a public PKI is the only way I know of to get past this (or using a pre-start script to add the issuing PKI as trusted before the TS engine launches)."

I haven't tested it in non-pki environments and a quick look at the documentation only states this " For version 2010 early update ring, if you use a PKI-based certificate for the boot media, configure it for SHA256 with the Microsoft Enhanced RSA and AES provider. For later releases, including globally available version 2010, this certificate configuration is recommended but not required. The certificate can be a v3 (CNG) certificate. " In other words, it doesn't call out non-PKI environments or token based auth in this scenario, i'll ping the product group and ask if it's actually supported cheers niall