Error 0x800B0109 means that a certificate chain has been processed but ended with a root certificate that the trusted provider does not trust
One of the steps is also to install the client certificate on the local computer, which must be derived from the root certificate used in the VPN configuration. This is the basic authentication mechanism used by the Azure gateway. However, if you have done so and still receive the above error, then the gateway certificate (client certificate) does not appear to be properly installed on your local computer.
When installing patches deployed on client computers through SCCM, the installation fails with error code 0x800b0109 and the error message "A certificate chain processed but terminated in a root certificate that the trusted provider does not trust" . This error occurs when the certificate signed with patches is missing from the client's certificate list.
To solve this problem:
The signing certificate must be imported into the Trusted Publishers and Trusted Root Authorities store on client machines so they can rely on third-party updates.
"The option" Allow signed content from the Microsoft Update Service location intranet "in" Group Policy Management "must be enabled.
Run the Windows Update troubleshooting and see if it can help you
- Press "Windows + X" and select Control Panel.
- In the search box, type Troubleshooting, then click Troubleshooting.
- Under System and Security, click Repair Windows update problems.
Delete the contents of the temporary folder.
You can delete all downloaded, failed, and pending Windows 10 updates using the Run command.
Open the Run dialog box by pressing Win + R in combination, type% temp% in the dialog that opens and then press Enter. In the folder that opens before selecting all the files and folders in the Temp folder, then delete them.
temp% is one of the many Windows environment variables that can open the Windows folder and calls a temporary folder, which is usually located in C:\Users\[username]\AppData\Local\Temp.
Clear distribution of the software and the Catroot2 folder.
When Windows downloads updates, they are stored in a special folder called Software Distribution. Files downloaded here will be automatically deleted once the installation is complete. Therefore, after stopping the Windows Update Service, you must delete all the files in the Software Distribution folder. Resetting the catroot2 folder has resolved several problems with Windows Update.