Encountering 0×800b0109 Error on Windows 7 Update – Certificate Trust Issues
Has anyone recently experienced Windows Update failures on Windows 7 with error code 0×800b0109 (“A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider”)?
This started appearing when attempting to install security updates manually via WSUS Offline Update and also during regular Windows Update processes. Manual checks of the update .cab files confirm they are signed, but the certificate path cannot be verified-possibly due to expired root certificates or missing updates in the Trusted Root Certification Authorities store.
Questions:
- Are there any recent updates to trusted root certificates for Windows 7 via Windows Update, or is there a manual package that can be used to update this on out-of-support systems?
- Is there a recommended secure method for importing required certificates to restore functionality for WSUS or Windows Update?
- Has Microsoft deprecated any root CAs recently that could affect ongoing patching for Windows 7, even for ESU customers?
- Are there any known workarounds (besides manual root cert import) or is a migration to a supported OS the only viable path forward?
Any insight or recommended steps from others managing legacy Windows 7 systems under similar constraints would be appreciated.