0x800b0109-A Certificate chain processed but terminated in a root certificate which is not trusted by the trust provider

Issue:

  • Windows updates are failing to install on the endpoints when deployed from SCCM
  • Error message is “Failed to install updates” and the error code is 0X800B0109.
  • The description of the error code is “A certificate chained processed, but terminated in a root certificate which is not trusted by the trust provider”.

Cause:

  • WSUS certificate may have expired a new one has been generated by SCCM.
  • The new WSUS certificate has been uploaded automatically to the Software Update Point that is being used to code-sign the updates from Microsoft.
  • Since the WSUS certificate has not been deployed to the endpoints then they do not trust the software updates coming from WSUS server.

Solution:

  • Navigate to the Trusted Root Certificate location on the SCCM server and export the WSUS certificate to a desired location.
  • Copy the WSUS certificate and deploy it to the endpoints using GPO.
  • Once the endpoints have received WSUS certificate in the Trusted Root Certificate Authority and Trusted Publishers in the Certificate console, then the endpoints will trust the updates code-signed using that certificate.

Leave a Comment

Your email address will not be published. Required fields are marked *