Third-Party Updates Fail to Install with Error 0x800b0109 in SCCM

When attempting to install third-party software updates, you receive error code 0x800b0109.


In WUAHandler.log, you will also see the following error in the log.

Failed to download updates to the WUAgent datastore. Error = 0x800b0109

Why does Error 0x800b0109 Happen?

Error code 0x800b0109 translates to:

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

This error occurs when a client is attempting to install third-party software update(s) that are signed using a WSUS signing certificate that isn’t trusted on the client devices.

Resolution to Error 0x800b0109

To resolve error code 0x800b0109, you need to distribute the WSUS signing certificate to the Trusted Root and Trusted Publishers certificate stores on your client devices.

We also have a detailed step-by-step video guide below that covers deploying the WSUS signing certificate using SCCM 1806+ or using group policy to resolve error 0x800b0109 on your clients.

If you prefer a non-video format, you can use the following guides to distribute the WSUS signing certificate: