Started by Justin Chalfant (Patch My PC), February 23, 2019, 06:12:06 PM
When attempting to install third-party software updates, you receive error code 0x800b0109.
In WUAHandler.log, you will also see the following error in the log.
Failed to download updates to the WUAgent datastore. Error = 0x800b0109
Error code 0x800b0109 translates to:
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
This error occurs when a client is attempting to install third-party software update(s) that are signed using a WSUS signing certificate that isn't trusted on the client devices.
To resolve error code 0x800b0109, you need to distribute the WSUS signing certificate to the Trusted Root and Trusted Publishers certificate stores on your client devices.
You can distribute the certificate using the third-party software updates feature in SCCM 1806+ (Microsoft Docs), or you can deploy the certificate using group policy (PDF Guide).
We also have a detailed step-by-step video guide below that covers deploying the WSUS signing certificate using SCCM 1806+ or using group policy to resolve error 0x800b0109 on your clients.
Quote from: Junge on January 27, 2020, 07:06:14 AMWe have the GPO solution and no https to the SUP. We are using a selfsigned cert right now but that will change soon.Everything is running fine and the software is installing as we hoped. The issue here is that we cannot rebuild (OSD) a machine without getting the 0x800b0109 error as its not trusted during the OSD fase. We have several steps "Check for Updates" and it does its job and finds the 3rd party patches but cannot install them and fails. How would be the clever way to inject the cert during OSD? Should we modify our TS to inject the cert or is there another way instead?