A new Flexera Community experience is coming on November 25th. Click here for more information.
This guide provides a solution if you receive an error message 0x800b0109 when deploying third-party updates created by the Flexera Software Vulnerability Manager.
You receive an error 0x800b0109 when installing any third party update while all Microsoft updates install successfully without any error. This error message would be shown in the control panel and windowsupdate.log file on the client machine. All third-party updates will fail to install.
By default, third-party updates are not trusted by Microsoft Windows. All updates installed by WSUS are signed by a Microsoft certificate and MS operating systems trust packages downloaded from Microsoft update. All third-party updates are created locally and signed by a WSUS code signing certificate. This cert should be trusted by client machines and you need to distribute the certificate to all machines receiving updates from WSUS. Windows Update should also be configured to trust packages that are signed by a local update authority like WSUS/SUP.
Make sure that the WSUS publisher self-signed certificate is imported into the Trusted Root Certificate Authority and Trusted Publisher folders. You can verify that by opening a computer certificate of the machine where the update is failing. The certificate should be present in both Trusted Root Certification Authority and Trusted Publishers folders as shown below.
You also have to verify that the Windows Update setting "Allow signed updates from an intranet Microsoft update service location" is enabled as shown below.
Open it by typing gpedit.msc in the Start menu.
Navigate to Computer Policy > Administrative templates > Windows Components > Windows Update.
Once these settings are changed install the update again. It should now install successfully. To resolve the issue on multiple computers, make sure that these changes are pushed to the computers by a group policy.
You can either generate the required GPO via Software Vulnerability Manager under Patching > WSUS/SCCM > Configure upstream server > Create group policy OR create the group policy manually.
on Nov 15, 2018 05:31 PM - edited on Sep 19, 2019 04:37 PM by RDanailov