none
Event ID 364 after WSUS reinstall RRS feed

  • Question

  • I need to reinstall WSUS to clear some 3rd party updates from it and start over

    Everything seemed to work okay and it started to download over 300GB afterward.

    Once that was completed, it still said there was 2 files that needed to be downloaded.

    The event viewer has an error message "file cert verification failure", event id 364, for a Windows 10 update cab.

    I've looked online but can't find anything that fixes this. I even ran the wsus reset and re-downloaded everything but still stuck at 2 files needed to be downloaded.

    Don't think its a firewall issue since I re-installed on the same server.

    Don't think it is a Windows 2012 R2 patch since again its from the same server that was functioning normally.

    SSL issue? Application Pool? IIS?

    Does removing the WSUS role and re-adding it wipe out some sort of patch?


    Heath

    Friday, March 8, 2019 3:37 PM

All replies

  • Hi Heath,
      

    Thank you for posting here.
      

    Analyze what you provide, This may be due to a number of reasons.
    I suggest you refer to the similar thread as below to troubleshoot this issue: WSUS on Server 2016 - File cert verification failure.
    Here are a few solutions to the problem:
      

    1. When the WSUS server is missing some root certificates and/or intermediate certificates, there is a problem that the content file download fails.
    2. The WSUS IIS application pool has insufficiently dedicated memory limits to cause the service to stop.
        

    Reply back with the results would be happy to help.
      

    Regards,
    Yic Lv

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 11, 2019 2:17 AM
  • the application pool was having problems initially but after I changed the memory pool, it no longer stops.

    what specifically do I need to check when it comes to certificates?

    The trusted root certs should be the same since I didn't rebuild the OS, just removed and re-added the WSUS role.

    I use a cert on the WSUS website that was generated from an internal CA, but that was the case beforehand as well.

    Heath


    Heath

    Monday, March 11, 2019 1:48 PM
  • Hi Heath,
     

    Regarding the certificate issue, I suggest you refer to the similar thread as below to troubleshoot this issue: Event ID 10032 & 364 on WSUS server
     

    Reply back with the results would be happy to help.
     

    Regards,
    Yic

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 12, 2019 7:22 AM
  • maybe I'm missing something but the server that has the WSUS role on it can access microsoft.

    the article seems to be about setting up a website or file share so other clients can get the updated trusted certs.

    why would that be necessary in my case?

    Heath


    Heath

    Tuesday, March 12, 2019 4:06 PM
  • Hi Heath,
       

    I am sorry that the above method did not help you. And I will continue to research the possibility of the certificate direction.
       

    Analyze the current problem again, in addition to installing the necessary updates (KB3159706) and the latest Security Monthly Quality Rollup, please check if the following Critical Updates are included in the installed updates:
    KB2756872: Windows 8 Client and Windows Server 2012 General Availability Update Rollup
       

    This update fixes an issue with a specific digital certificate generated by Microsoft without the correct timestamp attribute. For reference: Microsoft Security Advisory 2749655
       

    Hope the above can help you.
      

    Regards,
    Yic

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 13, 2019 6:36 AM
  • I looked at installed updates and neither KB3159706 or KB2756872 are listed.

    I checked Windows Update and neither show up.

    I manually downloaded KB3159706 but when I tried to install it, it said it wasn't applicable to my server even though I'm running Windows 2012 R2 with WSUS role and KB2919355 is installed.


    Heath

    Thursday, March 14, 2019 1:59 PM
  • Hi Heath,
      

    As far as I know, the latest monthly rollups includes fixes for KB3159706.
    Please provide the KB number of the two Windows 10 updates with the problem in order to continue the analysis.
      

    Regards,
    Yic

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 15, 2019 6:41 AM
  • Files:

    windows10.0-kb4022730-x86_*.cab

    windows10.0-kb4022730-x64_*.cab


    Heath

    Monday, March 18, 2019 2:05 PM
  • Hi Heath,
     

    The following article is about downloading or installing a third-party update with a certificate error, which may help you: "Certificate errors when downloading or installing third-party updates to clients or software distribution points"
    *Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
     

    Hope the above can help you.
     

    Regards,
    Yic

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 25, 2019 2:25 AM