This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 40%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hi,
we have a primary site SCCM v2006 with the role WSUS 4.0 installed on a w2012 R2 server.
The problem is that the last time we've got Office 365 updates in SCCM console was for the patch tuesday may 11 2021.
Since then, at each SCCM full synchronization, we don't get new updates in the Office 365 updates node in SCCM Console while updates are visible in WSUS console.
wsyncmgr.log shows for each Office 365 update an error like this :
Synchronizing update ca42e924-de4b-4c25-b43a-05df95a6fe52 - Microsoft 365 Apps Update - Semi-Annual Enterprise Channel Version 2008 for x64 based Edition (Build 13127.21348)
Base Url for Office update file list service not configured or not valid , keep the original Url
ProcessFileManifest() failed to process O365 file manifest. Caught exception: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure ...
Failed to synchronize O365 update ca42e924-de4b-4c25-b43a-05df95a6fe52 - Microsoft 365 Apps Update - Semi-Annual Enterprise Channel Version 2008 for x64 based Edition (Build 13127.21348)
STATMSG: ID=6709 SEV=W LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=XXXXXXXXXXX SITE=XXX PID=9128 TID=10472 GMTDATE=mar. juil. 20 15:53:47.462 2021 ISTR0="Microsoft 365 Apps Update - Semi-Annual Enterprise Channel Version 2008 for x64 based Edition (Build 13127.21348)" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
Skipped update ca42e924-de4b-4c25-b43a-05df95a6fe52 - Microsoft 365 Apps Update - Semi-Annual Enterprise Channel Version 2008 for x64 based Edition (Build 13127.21348) because it failed to sync.
Nothing have been modified in the settings of the Software Update Point and the ADR.
The whitelist of the endpoints Microsoft seems to be ok and Security team has check the proxy server.
Logs of proxy shows successfull connections on tcp go.microsoft.com 443, tcp sws.update.microsoft.com 443, tcp statsfe2.update.microsoft.com 443 and tcp config.office.com 443.
Any suggestion ?
what can i test / verify on primary site ? ... with IE ?
in the SMS database ?
Thanks for your answers !
Finally, someone in my team found the solution : he installed the DigiCert Cloud Services CA-1 certificate on site server and now Office 365 updates are synchronizing by SCCM and showed in SCCM console.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 67%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
Hi,
Thank you very much for your feedback and sharing. We're glad that the question is solved now. It may help others who have similar issue. If you have any questions in future, we warmly welcome you to post in Microsoft Q&A forum again.
Have a nice day!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 5%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi
Could you elaborate on this fix please as we seem to have the exact same issue - Office updates stopped syncing but Windows client are fine. Cant see the updates in the \Software Library\Overview\Office 365 Client Management\Office 365 Updates?
Thanks!
Is it just semi-annual channel or all 365 update channels?
it's all 365 updates channels.
IIn the Software Updates node of the sccm console, there is no problem to get the lastet windows 10 updates.
I know you have mentioned that there have been no changes in proxy or network side, so maybe we can put a pin on this for the time being.
I don't recall any issues with CB 2006 involving Office 365 updates, but maybe it will be a good idea for you to upgrade your site to 2103 or 2010.
Hi,
According to the log content provided, it seems to be a certificate issue.
Maybe we could try to update the root certificates first. Here is the link:
https://learn.microsoft.com/en-us/security/trusted-root/release-notes
Before that, check that the server has not turned off Automatic Root Cert Updates.
Path: Group Policies > Expand Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings.
For more details, please refer to this similar issue:
https://social.technet.microsoft.com/Forums/en-US/34c70420-d6f2-4dcf-94fc-ca966de64d81/wsus-server-unable-to-sync-from-microsoft?forum=winserverwsus
Hope the above information can help you.
If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
The setting "Turn off Automatic Root Certificates Update" is not configured.
This is not an error with WSUS because i see all Office 365 update in Update Services Console.
We can get the lastest windows 10 update that are visible in the Software Update node in SCCM Console.