• Welcome to Support Forum: Get Support for Patch My PC Products and Services.

WSUS Airgapped Issue

Started by jdeas2000, February 19, 2024, 06:17:08 PM

Previous topic - Next topic


Issue Summary:
Third-party patches from PatchMyPC install successfully on Windows 10 but encounter an error ("Some update files aren't signed correctly, Error: 0x800b0109") on all editions of Windows Server.

The environment is airgapped, utilizing WSUS Standalone, with both WSUS and PatchMyPC on a source system connected to the internet. A self-signed certificate generated from the source WSUS is distributed to the airgapped environment through Group Policy. The same certificate is applied via the same GPO to both Windows 10 and Windows Server 2016/2019, residing in Trusted Root CA and Trusted Publishers on all operating systems.

Possible Cause:
The issue may stem from a missing supporting certificate. Attempts to resolve the problem by copying certificates from VeriSign and GlobalTrust from working Windows 10 machines, to the servers have been unsuccessful.

Do you guys know specifically what certificates are required or what might my problem be?

Ben Reader (Patch My PC)

Hey there,

If the WSUS code-signing certificate is indeed self-signed, there should be no supporting certificates required, as there should be no certificate chain to follow.

As a first step, I would suggest reviewing our KB article that covers this specific scenario.


If after following the guide you still have no resolution, let us know - we will need pmpc (and wsus) server-side logs &  pmpc logs from one  of the affected client devices




Thank you.

The situation was resolved by the "Allow signed updates for an intranet Microsoft update service location" policy.
Did not realize our GPO was issued to Desktops but not Servers for the above.

Ben Reader (Patch My PC)

Great to hear that the issue was resolved!