locked
Certificate problems updating from a WSUS server with a workgroup computer (error 0x800b0109) RRS feed

  • Question

  • Good afternoon,

    Sorry my english is bad,

    I'm currently deploying Windows 10 ENTERPRISE with WDS/MDT and i am about to build the reference image.

    To do so, i use a virtual machine.

    When i try to update the computer with my WSUS (that uses HTTPS) i have the following error :

    0x800b0109

    This error seems to come from a certificate problem (i paste the windowsupdate.log at the end of this post).

    When i try to update, the virtual machine is in WORKGROUP, i configured the following local GPO with GPEDIT like so :

    - Allow signed updates from an intranet microsoft update service location => ENABLED

    - i Specified the url "https://MYSERVER.MYDOMAIN:8531" in specify intranet microsoft update service location

    I also disabled local windows firewall

    Now i'm wondering if this is even possible to upgrade a WORKGROUP computer from a domain WSUS server ?

    I'm stuck with that error and I don't know what to do, can anyone help me ?

    Thanks !!!

    Best regards.

    Benjamin.

    Here is the windowsupdate.log

    2018/02/14 14:37:05.3120056 3528  4004  ComApi          * START *   Federated Search ClientId = TrustedInstaller FOD Enumerate (cV: Qd/M7OUmI0uFqPon.1.1.0)
    2018/02/14 14:37:05.3129874 1728  3488  IdleTimer       WU operation (SR.TrustedInstaller FOD Enumerate ID 14) started; operation # 87; does use network; is not at background priority
    2018/02/14 14:37:05.3195108 1728  1116  IdleTimer       WU operation (SR.TrustedInstaller FOD Enumerate ID 14, operation # 87) stopped; does use network; is not at background priority
    2018/02/14 14:37:05.3338121 3528  4940  ComApi          Federated Search: Starting search against 1 service(s) (cV = Qd/M7OUmI0uFqPon.1.1.0)
    2018/02/14 14:37:05.3339209 3528  4940  ComApi          * START *   Search ClientId = TrustedInstaller FOD Enumerate, ServiceId = 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 (cV = Qd/M7OUmI0uFqPon.1.1.0.0)
    2018/02/14 14:37:05.3348038 1728  3488  IdleTimer       WU operation (CSearchCall::Init ID 15) started; operation # 90; does use network; is not at background priority
    2018/02/14 14:37:05.3666563 1728  3488  Agent           * START * Queueing Finding updates [CallerId = TrustedInstaller FOD Enumerate  Id = 15]
    2018/02/14 14:37:05.3666610 1728  3488  Agent           Removing service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 from sequential scan list
    2018/02/14 14:37:05.3666650 1728  3488  Agent           Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 is not in sequential scan list
    2018/02/14 14:37:05.3666693 1728  3488  Agent           Added service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 to sequential scan list
    2018/02/14 14:37:05.3668341 1728  2876  Agent           Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 is in sequential scan list
    2018/02/14 14:37:05.3889454 1728  1288  Agent           * END * Queueing Finding updates [CallerId = TrustedInstaller FOD Enumerate  Id = 15]
    2018/02/14 14:37:05.4000127 1728  1288  Agent           * START * Finding updates CallerId = TrustedInstaller FOD Enumerate  Id = 15
    2018/02/14 14:37:05.4000182 1728  1288  Agent           Online = Yes; Interactive = Yes; AllowCachedResults = No; Ignore download priority = No
    2018/02/14 14:37:05.4000202 1728  1288  Agent           Criteria = (Product='Client.OS.rs2.amd64' and CurrentVersionOnly=1)""
    2018/02/14 14:37:05.4000238 1728  1288  Agent           ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2018/02/14 14:37:05.4000249 1728  1288  Agent           Search Scope = {Machine}
    2018/02/14 14:37:05.4000285 1728  1288  Agent           Caller SID for Applicability: S-1-5-18
    2018/02/14 14:37:05.4000825 1728  1288  Agent           *FAILED* [8024043D] GetIsInventoryRequired
    2018/02/14 14:37:05.4255059 1728  1288  Misc            Got WSUS Client/Server URL: https://MYSERVER.MYDOMAIN:8531/ClientWebService/client.asmx""
    2018/02/14 14:37:05.4417705 1728  1288  Driver          Skipping printer driver 3 due to incomplete info or mismatched environment - HWID[(null)] Provider[(null)] MfgName[(null)] Name[PDFCreator] pEnvironment[Windows x64] LocalPrintServerEnv[Windows x64]
    2018/02/14 14:37:05.4417756 1728  1288  Driver          Skipping printer driver 5 due to incomplete info or mismatched environment - HWID[microsoftmicrosoft_musd] Provider[Microsoft] MfgName[Microsoft] Name[Microsoft enhanced Point and Print compatibility driver] pEnvironment[Windows NT x86] LocalPrintServerEnv[Windows x64]
    2018/02/14 14:37:05.6036502 1728  1288  ProtocolTalker  ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://MYSERVER.MYDOMAIN:8531/ClientWebService/client.asmx
    2018/02/14 14:37:05.6036580 1728  1288  ProtocolTalker  PT: Calling GetConfig on server
    2018/02/14 14:37:05.6037077 1728  1288  IdleTimer       WU operation (CAgentProtocolTalker::GetConfig_WithRecovery) started; operation # 91; does use network; is at background priority
    2018/02/14 14:37:05.6037318 1728  1288  WebServices     Auto proxy settings for this web service call.
    2018/02/14 14:37:26.9740120 1728  1288  WebServices     WS error: Une erreur s??est produite lors de la communication avec le point de terminaison sur ?? https://MYSERVER.MYDOMAIN:8531/ClientWebService/client.asmx ??.
    2018/02/14 14:37:26.9740160 1728  1288  WebServices     WS error: Une erreur s??est produite lors de l??envoi de la requ??te HTTP.
    2018/02/14 14:37:26.9740211 1728  1288  WebServices     WS error: Une cha??ne de certificats a ??t?? trait??e mais s??est termin??e par un certificat racine qui n??est pas approuv?? par le fournisseur d??approbation.
    2018/02/14 14:37:26.9740451 1728  1288  WebServices     WS error: L??autorit?? de certification n??est pas valide ou correcte
    2018/02/14 14:37:26.9740522 1728  1288  WebServices     *FAILED* [800B0109] Web service call
    2018/02/14 14:37:26.9740550 1728  1288  WebServices     Current service auth scheme=0.
    2018/02/14 14:37:26.9740574 1728  1288  WebServices     Current Proxy auth scheme=0.
    2018/02/14 14:37:26.9740798 1728  1288  IdleTimer       WU operation (CAgentProtocolTalker::GetConfig_WithRecovery, operation # 91) stopped; does use network; is at background priority
    2018/02/14 14:37:26.9740976 1728  1288  ProtocolTalker  *FAILED* [800B0109] GetConfig_WithRecovery failed
    2018/02/14 14:37:26.9741059 1728  1288  ProtocolTalker  *FAILED* [800B0109] RefreshConfig failed
    2018/02/14 14:37:26.9741102 1728  1288  ProtocolTalker  *FAILED* [800B0109] RefreshPTState failed
    2018/02/14 14:37:26.9742076 1728  1288  ProtocolTalker  SyncUpdates round trips: 0
    2018/02/14 14:37:26.9742163 1728  1288  ProtocolTalker  *FAILED* [800B0109] Sync of Updates
    2018/02/14 14:37:26.9742443 1728  1288  ProtocolTalker  *FAILED* [800B0109] SyncServerUpdatesInternal failed
    2018/02/14 14:37:26.9996042 1728  1288  Agent           *FAILED* [800B0109] Synchronize
    2018/02/14 14:37:27.0785025 1728  1288  Agent           Exit code = 0x800B0109
    2018/02/14 14:37:27.0785073 1728  1288  Agent           * END * Finding updates CallerId = TrustedInstaller FOD Enumerate  Id = 15
    2018/02/14 14:37:27.0815016 1728  1288  IdleTimer       WU operation (CSearchCall::Init ID 15, operation # 90) stopped; does use network; is not at background priority
    2018/02/14 14:37:27.0836379 3528  2944  ComApi          *RESUMED*   Search ClientId = TrustedInstaller FOD Enumerate, ServiceId = 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 (cV = Qd/M7OUmI0uFqPon.1.1.0.0)
    2018/02/14 14:37:27.0858803 3528  2944  ComApi          Exit code = 0x00000000, Result code = 0x800B0109 (cV = Qd/M7OUmI0uFqPon.1.1.0.0)
    2018/02/14 14:37:27.0858937 3528  2944  ComApi          * END *   Search ClientId = TrustedInstaller FOD Enumerate, Updates found = 0, ServiceId = 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 (cV = Qd/M7OUmI0uFqPon.1.1.0.0)
    2018/02/14 14:37:27.0867600 3528  4940  ComApi          * END *   All federated searches have completed. Jobs = 1, Succeeded = 0, ClientId = TrustedInstaller FOD Enumerate (cV = Qd/M7OUmI0uFqPon.1.1.0)
    2018/02/14 14:37:27.0889567 3528  4004  ComApi          *FAILED* [80070005] ISusInternal:: DisconnectCall
    2018/02/14 14:37:36.3359283 1728  5012  ComApi          * START *   Federated Search ClientId = UpdateOrchestrator (cV: Dz9i20USKkas1LIz.0.1.0)
    2018/02/14 14:37:36.3361038 1728  5012  IdleTimer       WU operation (SR.UpdateOrchestrator ID 16) started; operation # 101; does use network; is not at background priority
    2018/02/14 14:37:36.3425842 1728  1116  IdleTimer       WU operation (SR.UpdateOrchestrator ID 16, operation # 101) stopped; does use network; is not at background priority
    2018/02/14 14:37:36.3504801 1728  352   ComApi          Federated Search: Starting search against 1 service(s) (cV = Dz9i20USKkas1LIz.0.1.0)
    2018/02/14 14:37:36.3505901 1728  352   ComApi          * START *   Search ClientId = UpdateOrchestrator, ServiceId = 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 (cV = Dz9i20USKkas1LIz.0.1.0.0)
    2018/02/14 14:37:36.3510688 1728  352   IdleTimer       WU operation (CSearchCall::Init ID 17) started; operation # 104; does use network; is not at background priority
    2018/02/14 14:37:36.3819324 1728  352   Agent           * START * Queueing Finding updates [CallerId = UpdateOrchestrator  Id = 17]
    2018/02/14 14:37:36.3819371 1728  352   Agent           Removing service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 from sequential scan list
    2018/02/14 14:37:36.3819414 1728  352   Agent           Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 is not in sequential scan list
    2018/02/14 14:37:36.3819454 1728  352   Agent           Added service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 to sequential scan list
    2018/02/14 14:37:36.3820235 1728  2876  Agent           Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 is in sequential scan list
    2018/02/14 14:37:36.3939724 1728  392   Agent           * END * Queueing Finding updates [CallerId = UpdateOrchestrator  Id = 17]
    2018/02/14 14:37:36.4060731 1728  392   Agent           * START * Finding updates CallerId = UpdateOrchestrator  Id = 17
    2018/02/14 14:37:36.4060802 1728  392   Agent           Online = Yes; Interactive = Yes; AllowCachedResults = No; Ignore download priority = No
    2018/02/14 14:37:36.4060854 1728  392   Agent           Criteria = IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1""
    2018/02/14 14:37:36.4060913 1728  392   Agent           ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2018/02/14 14:37:36.4060925 1728  392   Agent           Search Scope = {Machine}
    2018/02/14 14:37:36.4060984 1728  392   Agent           Caller SID for Applicability: S-1-5-21-272670557-930081916-1037277435-500
    2018/02/14 14:37:36.4061000 1728  392   Agent           ProcessDriverDeferrals is set
    2018/02/14 14:37:36.4062084 1728  392   Agent           *FAILED* [8024043D] GetIsInventoryRequired
    2018/02/14 14:37:36.4318735 1728  392   Misc            Got WSUS Client/Server URL: https://MYSERVER.MYDOMAIN:8531/ClientWebService/client.asmx""
    2018/02/14 14:37:36.4505706 1728  392   Driver          Skipping printer driver 3 due to incomplete info or mismatched environment - HWID[(null)] Provider[(null)] MfgName[(null)] Name[PDFCreator] pEnvironment[Windows x64] LocalPrintServerEnv[Windows x64]
    2018/02/14 14:37:36.4505757 1728  392   Driver          Skipping printer driver 5 due to incomplete info or mismatched environment - HWID[microsoftmicrosoft_musd] Provider[Microsoft] MfgName[Microsoft] Name[Microsoft enhanced Point and Print compatibility driver] pEnvironment[Windows NT x86] LocalPrintServerEnv[Windows x64]
    2018/02/14 14:37:36.5648516 1728  392   ProtocolTalker  ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://MYSERVER.MYDOMAIN:8531/ClientWebService/client.asmx
    2018/02/14 14:37:36.5650685 1728  392   ProtocolTalker  PT: Calling GetConfig on server
    2018/02/14 14:37:36.5650874 1728  392   IdleTimer       WU operation (CAgentProtocolTalker::GetConfig_WithRecovery) started; operation # 105; does use network; is at background priority
    2018/02/14 14:37:36.5651256 1728  392   WebServices     Auto proxy settings for this web service call.
    2018/02/14 14:37:50.2904609 1728  392   WebServices     WS error: Une erreur s??est produite lors de la communication avec le point de terminaison sur ?? https://MYSERVER.MYDOMAIN:8531/ClientWebService/client.asmx ??.
    2018/02/14 14:37:50.2904649 1728  392   WebServices     WS error: Une erreur s??est produite lors de l??envoi de la requ??te HTTP.
    2018/02/14 14:37:50.2904704 1728  392   WebServices     WS error: Une cha??ne de certificats a ??t?? trait??e mais s??est termin??e par un certificat racine qui n??est pas approuv?? par le fournisseur d??approbation.
    2018/02/14 14:37:50.2904933 1728  392   WebServices     WS error: L??autorit?? de certification n??est pas valide ou correcte
    2018/02/14 14:37:50.2904984 1728  392   WebServices     *FAILED* [800B0109] Web service call
    2018/02/14 14:37:50.2905012 1728  392   WebServices     Current service auth scheme=0.
    2018/02/14 14:37:50.2905035 1728  392   WebServices     Current Proxy auth scheme=0.
    2018/02/14 14:37:50.2905185 1728  392   IdleTimer       WU operation (CAgentProtocolTalker::GetConfig_WithRecovery, operation # 105) stopped; does use network; is at background priority
    2018/02/14 14:37:50.2907295 1728  392   ProtocolTalker  *FAILED* [800B0109] GetConfig_WithRecovery failed
    2018/02/14 14:37:50.2907417 1728  392   ProtocolTalker  *FAILED* [800B0109] RefreshConfig failed
    2018/02/14 14:37:50.2907460 1728  392   ProtocolTalker  *FAILED* [800B0109] RefreshPTState failed
    2018/02/14 14:37:50.2907519 1728  392   ProtocolTalker  SyncUpdates round trips: 0
    2018/02/14 14:37:50.2907551 1728  392   ProtocolTalker  *FAILED* [800B0109] Sync of Updates
    2018/02/14 14:37:50.2907709 1728  392   ProtocolTalker  *FAILED* [800B0109] SyncServerUpdatesInternal failed




    • Edited by Elton_Ji Friday, February 16, 2018 2:39 AM private information protection
    Wednesday, February 14, 2018 1:39 PM

Answers

  • Hello,

    Few busy days passed and i could not take a look at that problem.

    This afternoon i did the following :

    - Delete the virtual disk (because i had weird errors with MDT deployment)

    - Create new disk

    - I restarted my test and now it's working, my VM is updating with WSUS via MDT.

    I don't know what happened...

    If i find news i'll post it

    Thanks for your help.

    Benjamin.

    • Marked as answer by BenjaminFili Tuesday, February 20, 2018 3:45 PM
    Tuesday, February 20, 2018 3:45 PM

All replies

  • Hello,

    Change https://MYSERVER.MYDOMAIN:8531 to http://MYSERVER.MYDOMAIN:8530

    and Open 8530, 8531 port from your WSUS server..

    follow up this troubleshoot guidance for further assistant..

    https://gallery.technet.microsoft.com/office/Troubleshooting-WSUS-d63da113

    Wednesday, February 14, 2018 4:50 PM
  • Hello,

    thanks for your reply i'll try that i keep you upd to date.


    Wednesday, February 14, 2018 8:48 PM
  • Hi,

    I'd suggest you follow the following article to configure SSL for WSUS:

    http://jackstromberg.com/2013/11/enabling-ssl-on-windows-server-update-services-wsus/

     Note: Since this is a 3rd-party forum , the content might be changed without any notification . We do not guarantee the security and accuracy all the time .

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 16, 2018 2:55 AM
  • Hello,

    Few busy days passed and i could not take a look at that problem.

    This afternoon i did the following :

    - Delete the virtual disk (because i had weird errors with MDT deployment)

    - Create new disk

    - I restarted my test and now it's working, my VM is updating with WSUS via MDT.

    I don't know what happened...

    If i find news i'll post it

    Thanks for your help.

    Benjamin.

    • Marked as answer by BenjaminFili Tuesday, February 20, 2018 3:45 PM
    Tuesday, February 20, 2018 3:45 PM