This project has moved and is read-only. For the latest updates, please go here.

Updates keep failing

Topics: Publishing Issue
Feb 9, 2015 at 3:46 PM
Edited Feb 9, 2015 at 3:47 PM
Hi,

I have pushed some updates via WPP but most of the clients are not installing them and the computer receives a Windows Update error code 800B0004.

For example.. I have pushed an msi file of Adobe Reader on my WSUS server with WPP and the client receives the update. After downloading, the file wont be installed. However, there are some clients that are installing these updates with no problem.
  • .Net framework 4.0 is installed.
  • Client has received the WSUS self-signed certifcate threw GPO
I checked in event viewer but I don't see alot of details about the error. Does anyone know where I can find more information about this error and how I can solve this?
Feb 9, 2015 at 10:36 PM
hi,
the computer receives a Windows Update error code 800B0004.
This code mean : "The subject is not trusted for the specified action."

You certainly have a problem with your certificate.
I checked in event viewer but I don't see alot of details about the error. Does anyone know where I can find more information about this error
You should look at C:\Windows\WindowsUpdate.log
Feb 10, 2015 at 10:49 AM
DCourtel wrote:
hi,
the computer receives a Windows Update error code 800B0004.
This code mean : "The subject is not trusted for the specified action."

You certainly have a problem with your certificate.
I checked in event viewer but I don't see alot of details about the error. Does anyone know where I can find more information about this error
You should look at C:\Windows\WindowsUpdate.log
015-02-10 11:43:09:067 764 968 Agent ** END ** Agent: Downloading updates [CallerId = AutomaticUpdatesWuApp]
2015-02-10 11:43:09:067 764 968 Agent *************
2015-02-10 11:43:13:866 764 968 Report CWERReporter finishing event handling. (00000000)
2015-02-10 11:43:21:922 764 c90 DnldMgr BITS job {59DBEAF3-F977-408B-BC57-41D8A3E98AE4} completed successfully
2015-02-10 11:43:22:031 764 c90 Misc Validating signature for C:\windows\SoftwareDistribution\Download\f4ce6d7617e96602e3737727eb5864f6\9adff049-8616-4d5a-9775-9546baafe678_1.cab with dwProvFlags 0x00000080:
2015-02-10 11:43:22:124 764 c90 Misc Microsoft signed: No
2015-02-10 11:43:22:124 764 c90 Misc Trusted Publisher: No
2015-02-10 11:43:22:124 764 c90 Misc WARNING: Digital Signatures on file C:\windows\SoftwareDistribution\Download\f4ce6d7617e96602e3737727eb5864f6\9adff049-8616-4d5a-9775-9546baafe678_1.cab are not trusted: Error 0x800b0004
2015-02-10 11:43:22:124 764 c90 DnldMgr WARNING: VerifyFileTrust on file C:\windows\SoftwareDistribution\Download\f4ce6d7617e96602e3737727eb5864f6\9adff049-8616-4d5a-9775-9546baafe678_1.cab failed with hr = 800b0004.
2015-02-10 11:43:22:124 764 c90 DnldMgr WARNING: File failed postprocessing, error = 800b0004
2015-02-10 11:43:22:124 764 c90 DnldMgr Failed file: URL = 'http://wsus.qi.lan/Content/F9/A7A706B6CAF01FAC9E8F8254E97596EFDD29A3F9.cab', Local path = 'C:\windows\SoftwareDistribution\Download\f4ce6d7617e96602e3737727eb5864f6\9adff049-8616-4d5a-9775-9546baafe678_1.cab'
2015-02-10 11:43:22:124 764 c90 DnldMgr Error 0x800b0004 occurred while downloading update; notifying dependent calls.
2015-02-10 11:43:22:171 764 eb0 AU >>## RESUMED ## AU: Download update [UpdateId = {9660E38B-F374-4AE9-BD5C-66095EEC7758}]
2015-02-10 11:43:22:171 764 eb0 AU # WARNING: Download failed, error = 0x800B0004
2015-02-10 11:43:22:171 764 eb0 AU #########
2015-02-10 11:43:22:171 764 eb0 AU ## END ## AU: Download updates
Feb 10, 2015 at 10:51 AM
Edited Feb 10, 2015 at 10:52 AM
It looks like a certificate problem indeed. Could you tell me what went wrong because the certificate is pushed to every client and I have checked this. And why is it working on some clients?
Feb 14, 2015 at 8:46 PM
Check that the certificate is on right store (computer store).
If you use a self-signed cert, the same cert must be in "trusted Publisher" and "trusted root cert authorities"
if you use your own cert, the code-signing cert must be in the "trusted Publisher" and the cert of your authority must be in the "trusted root cert auth".