Overview
You encounter issues with the missing patches scanning, remediation, or custom software deployment to target computers running legacy Microsoft products, Windows 7 and Windows Server 2008/R2.
Solution
The most common root cause for LanGuard operations failures and the certificate chain issue on Windows 7 and Windows Server 2008/R2 operating systems is that the Extended Security Update (ESU) keys are not installed and activated.
Only ESU customers can get updates for Windows 7 and Windows Server 2008/R2 operating systems after January 14, 2020. As LanGuard uses WSUS to gather information and report on the needed updates for each system, the functionality of LanGuard performing updates for these systems does not change.
The updates look for the MAK activation at the endpoint and will only install those systems together with the MAK key. If the target computer Windows OS does not have the ESU MAK key, it is NOT eligible to receive and install the updates, i.e., all operations will be failing in the end due to Windows itself refusing the updates.
If you are getting "A certificate chain processed but terminated in a root certificate which is not trusted by the trust provider" error during scanning operations, refer to the Why am I getting 'A certificate chain processed' error when scanning? article.
If your legacy Microsoft product is included in the ESU program, follow these steps:
- Purchase ESU,
- Ensure that you have installed all of the prerequisites listed in the Obtaining Extended Security Updates (ESUs) for eligible Windows devices
- Activate the MAK key.
- Restart the computer.
The ESU program is the last resort for those who need to run certain legacy Microsoft products past their end-of-support period. It includes critical and important security updates (as defined by the Microsoft Security Response Center) for a maximum of three years after the product’s end-of-extended-support date.
For more information, including the list of products with ESU programs, check the Lifecycle FAQ-Extended Security Updates page from Windows and the Extended Security Updates FAQ.
Testing
Verify that scanning and remediation issues are gone for the computers with activated MAK keys. If the issue persists, contact GFI LanGuard Support.