This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 88%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Windows clients failed to autheticate with WSUS server and get above subjected error. The CA certificate is invalid in windows update log file.
When i look at the client machine and try to reach WSUS server, I get bad server certificate or invalid server certificate.
FYI - Certificate on server looks good and root certificate on client also good and valid but still some clients wont get the updates because of this certificate error.
I tried below to troubleshoot but did not work.
deleted the softwaredistribution folder.
Clear SSL state in internet explorer.
browser history deleted.
Date and time also correct.
Could you please help me with this issue. Please let me know if you need addiditonal information.
Hi @chirag patel ,
It seems that there are no updates for two days. Please let us know if you have any questions or updates of the case.
Looking forward to your feedback.
Best regards,
Cherry
If there's a certificate error, WSUS Clients will not talk to WSUS. You must fix the underlying certificate error. 9 times out of 10, if the certificate has not expired, the issue is that the certificate has not been installed on the client's Trusted Root Certificate Authorities store.
Either via GPO or by a manual import process.
Thank you!
We do have internal CAs are distributed already via GPO . Some clients able to authenticate with WSUS server and install the updates. Few clients, when they try to reach WSUS server it always failed and get Bad Server certificate or Invalid certificate using Web browser.
This is screenshot from clients which are failing
In windows update log file, it says
2022/09/07 09:55:58.4314516 252276 252232 WebServices WS error: The certificate authority is invalid or incorrect.
2022/09/07 09:55:58.4314554 252276 252232 WebServices FAILED [800B0109] Web service call.
What else i can check to figure out this issue.
Hi @chirag patel ,
1, Please help confirm that GPO " Allow signed content from intranet Microsoft update service location " is enabled
Navigate to Computer configuration > Policies > Administrative Templates > Windows Components > Windows Update. Select "Allow signed content from intranet Microsoft update service location" and click Edit policy settings.
2, We can see the published certificate exists in the client's Trusted Root Certification Authorities, right?
3, If the problem is still can’t be solved. Please upload a full windowsupdate.log for us to discuss together.
Thanks for your time and patience!
Best regards,
Cherry