Lumension Patch Manager DeskTop 2.0
Lumension Patch Manager DeskTop 2.1
From your LPM DeskTop Server, updates publish successfully. However, the updates do not deploy successfully to one or more client.
You should open the System Center Configuration Manager logs to determine the cause (%windir%\CCM\Logs\WUAHandler.log). If the error that follows is listed in the log, follow the procedure in this article to resolve the issue.Failed to download updates to the WUAgent datastore. Error = 0x800b0109
The error is caused by one of the following issues:
- A Group Policy Object (GPO) that allows clients to receive 3rd-party updates has not been deployed to your clients.
- The GPO has been deployed to your clients, but that GPO is not properly configured (either your publishing certificate isn't placed in the correct certificate stores or the Allow signed updates from an intranet Microsoft update service location is not enabled).
To resolve this error:
- Make sure your GPO is configured correctly.
- From your client, force it to download the latest Group Policy.
- From your client, verify that the publishing certificate is installed in the correct stores.
- From your client, verify that the Allow signed updates from an intranet Microsoft update service location policy is enabled.
- From the LPM DeskTop Console, redeploy your 3rd-party content.
For complete instructions, see below.
Verifying Publishing Certificate Deployment
To resolve the error appearing in your log, make sure your GPO is configured correctly and that each client has received that group policy.
- Log in to your LPM DeskTop Server as a user with administrative access rights.
- Make sure you've deployed a properly configured group policy to your network.
Tip: While completing this procedure, double-check that:
- If a group policy was not created and deployed to clients during the LPM DeskTop installation, complete Knowledge Base Article 1715 in its entirety.
- If a group policy was deployed, but you're receiving the error message in the log anyways, make sure your GPO is configured correctly. Complete only Step 3 of Knowledge Base Article 1715.
- You place the certificate in your GPO's Trusted Root Certification Authorities and Trusted Publishers stores.
- You enable the Allow signed updates from an intranet Microsoft update service location policy.
- Log in to your client that isn't installing 3rd-party content as a user with administrative access rights.
- Open a command prompt and enter the following command:gpupdate /forceThis command forces the client to download the latest version of the group policy, which contains the certificates and policies needed to install 3rd-party updates. Close the command prompt when you're done.Note: It may take a little while for your other clients to update the group policy on their own.
- Open the Certificate Manager.Open the Start Menu or Start Screen and search for certmgr.msc.
- Verify that the publishing certificate that you created and distributed using Knowledge Base Article 1715 is installed on the client.
- Expand the Certificates > Trusted Root Certification Authorities > Certificates. Select the Certificates folder.
- From the main pane, make sure that your certificate is listed.
- Expand the Certificates > Trusted Publishers > Certificates. Select the Certificates folder.
- Again, from the main pane, make sure that your certificate is listed.
- Verify that the Allow signed updates from an intranet Microsoft update service location policy is enabled.
- Open the Registry Editor.Open the Start Menu or Start Screen and search for regedit.
- Expand the registry tree to HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows > WindowsUpdate.
- From the main pane, make sure that the DWORD value of AcceptTrustedPublisherCerts is set to 1. Close the Registry Editor and log out of the client when you're done.
- Open the Registry Editor.
- Using the LPM DeskTop Console Plug-in, redeploy content to the client.