updated Nov 5, 2018
Symptom 1
You have PM and WSUS on two separate servers. And you are trying to create and publish WSUS self-signed certificate from PM console and the following error message displays when the wizard completes:
The provisioning process is complete. Failed to create the signing certificate. Access is denied
OR
Failure Message: Operation on TrustedPublisher failed. Access is denied Operation on root failed. Access is denied
And the WSUS self-signed cert is not created on the WSUS server. So, you use this workaround How to create a self-signed WSUS certificate when the Server Publishing Setup Wizard fails
The cert is created but PM does will not publish and throws the message "The provisioning process is complete. Failed to create the signing certificate. Access is denied"
You have verified the account running PM application and has local and WSUS admin privileges on WSUS server.
Symptom 2:
PM and WSUS installed on the same or separate servers and you get this error when Publishing 3rd Party update packages "The directory name is invalid"
Scenario 1:
Patch Manager is installed on the Same server as your CA:
Scenario 2:
Certificate management controlled via GPO:
Scenario 3: PM and WSUS on a separate server with UAC enabled on both and the servers are in either domain or non-domain environments.
For symptom 2 in the overview section above, ensure “Logon as a batch job” GPO setting is configured to include the Local Admins group or the Patch Manager account.