locked
Content file download failed.File cert verification failure. RRS feed

  • Question

  • hello everybody

    i try to implement a new wsus server in my company 

    the server is 2012 r2 and is full patched..

    after i add the wsus role and the server begin to download all the updates needed hi stuck on 299 updates needing files ..

    and in the event viewer i see many event that shows that i have a problem :

    content file download failed.
    Reason: File cert verification failure. 
    Source File: /c/msdownload/update/software/updt/2017/02/microsoft-windows-internetexplorer-optional-package_60104b100877f78388293cbf6a4bcb26162dbce2.cab 
    Destination File: D:\WsusContent\E2\60104B100877F78388293CBF6A4BCB26162DBCE2.cab"

    i try to to folow the steps in this artical but it didnt silved the problem..

    https://community.spiceworks.com/topic/1974422-wsus-file-cert-verification-failure-win-10-kb3163016-june-2016

    any suggestions  ?


     

    nirc cohen

    Wednesday, July 26, 2017 11:50 AM

Answers

  • I'm actually wrestling with the exact same error/reason but on files that are part of the Win10 Feature On Demand (FOD) product group.

    When I first ran into the problem, it was on my first server that had gone through all the manual processes when the Win10 changes broke everything.  It was working just fine up until this past May, when the errors started.

    After getting frustrated by search results that only pertained to 2008r2 or involved doing the KB3095113 and KB3159706 hokey-pokey, nuked the VM and started from scratch.  After applying all the patches for 2012r2, installing WSUS and patching again (before doing any WSUS config), I'm right back where I started.

    It should be noted that KB3095113 and KB3159706 are superseded;  If a WSUS server is built now and fully patched, the only deficiency from doing the old manual processes is the .ESD MIME type in IIS.  Even the SSL edits are done.

    TL;DR:  2012r2 WSUS server successfully went through win10 growing pains, had errors much later.  Scorched-earth rebuild did not correct.

    • Marked as answer by niro_007 Sunday, August 6, 2017 9:36 AM
    Thursday, August 3, 2017 8:02 PM

All replies

  • So you applied the SSL modifications from KB3159706 that I mentioned in that thread (I'm OverDrive on Spiceworks).

    One thing WSUS needs is patience - especially on the initial sync. I notice this was 4 days ago - has anything changed in the 4 days?


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Sunday, July 30, 2017 8:00 PM
  • I'm actually wrestling with the exact same error/reason but on files that are part of the Win10 Feature On Demand (FOD) product group.

    When I first ran into the problem, it was on my first server that had gone through all the manual processes when the Win10 changes broke everything.  It was working just fine up until this past May, when the errors started.

    After getting frustrated by search results that only pertained to 2008r2 or involved doing the KB3095113 and KB3159706 hokey-pokey, nuked the VM and started from scratch.  After applying all the patches for 2012r2, installing WSUS and patching again (before doing any WSUS config), I'm right back where I started.

    It should be noted that KB3095113 and KB3159706 are superseded;  If a WSUS server is built now and fully patched, the only deficiency from doing the old manual processes is the .ESD MIME type in IIS.  Even the SSL edits are done.

    TL;DR:  2012r2 WSUS server successfully went through win10 growing pains, had errors much later.  Scorched-earth rebuild did not correct.

    • Marked as answer by niro_007 Sunday, August 6, 2017 9:36 AM
    Thursday, August 3, 2017 8:02 PM
  • Are you sure that it's superseded? Microsoft doesn't show that.

    I'm wondering if my Cleanup Script would help as it fixes a whole boatload of problems - even on brand new WSUS Servers.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need.

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Remove all Drivers from the WSUS Database.
    2. Shrink your WSUSContent folder's size by declining superseded updates.
    3. Remove declined updates from the WSUS Database.
    4. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    5. Compress Update Revisions.
    6. Remove Obsolete Updates.
    7. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    8. Application Pool Memory Configuration to display the current private memory limit and easily increase it by any configurable amount.
    9. Run the Recommended SQL database Maintenance script on the actual SQL database.
    10. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment, simply run:

    .\Clean-WSUS.ps1 -FirstRun

    and then

    .\Clean-WSUS.ps1 -InstallTask

    If you wish to view or increase the Application Pool Memory Configuration, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Thursday, August 3, 2017 9:48 PM
  • I've verified that those KBs are not in my installed updates list; when I try to run them standalone, I get the "Not Applicable" error.

    I tried your script on the old server before I nuked it, and it's been running happily on the replacement.  The problem persists...

    Wednesday, August 9, 2017 3:40 PM