Forefront Client Security not updating on Windows 2000

Had an old Windows 2000 server that Forefront Client Security (client version 1.5.1996.0) would not update on.

FCS uses the Windows Update mechanism to get its new definitions. In the WindowsUpdate.log file (C:\WINNT\WindowsUpdate.log) there were the following messages:

2012-02-20 12:01:04:192 1116 1da4 Misc Validating signature for C:\WINNT\SoftwareDistribution\Download\5ce69a27b6ba11fec19bdd99bd4253e2\46f6584123f31fb0f353dba7c2c1b97b9a1e4ffb:
2012-02-20 12:01:04:551 1116 1da4 Misc WARNING: Error: 0x800b010a when verifying trust for C:\WINNT\SoftwareDistribution\Download\5ce69a27b6ba11fec19bdd99bd4253e2\46f6584123f31fb0f353dba7c2c1b97b9a1e4ffb
2012-02-20 12:01:04:551 1116 1da4 Misc WARNING: Digital Signatures on file C:\WINNT\SoftwareDistribution\Download\5ce69a27b6ba11fec19bdd99bd4253e2\46f6584123f31fb0f353dba7c2c1b97b9a1e4ffb are not trusted: Error 0x800b010a
2012-02-20 12:01:04:567 1116 1da4 DnldMgr WARNING: File failed postprocessing, error = 800b010a
2012-02-20 12:01:04:567 1116 1da4 DnldMgr Failed file: URL = 'http://111.222.333.444/Content/FB/46F6584123F31FB0F353DBA7C2C1B97B9A1E4FFB.exe', Local path = 'C:\WINNT\SoftwareDistribution\Download\5ce69a27b6ba11fec19bdd99bd4253e2\46f6584123f31fb0f353dba7c2c1b97b9a1e4ffb'
2012-02-20 12:01:04:567 1116 1da4 DnldMgr Error 0x800b010a occurred while downloading update; notifying dependent calls.

So the digital signature check is failing on something that the Automatic Updates service is downloading, and as Windows 2000 is out of support it won’t be security updates, thus is most likely to be Forefront definitions.

I downloaded and installed the Update for Root Certificates (which says it’s for XP SP3 but seems to work on Windows 2000). Usefully, it gives no confirmation that it’s done anything when you execute it.

For good measure, I stopped both the BITS (Background Intelligent Transfer Service) and wuauserv (Automatic Updates) services, deleted the SoftwareDistribution folder from within C:\WINNT, then restarted the services. Going to Forefront and making it check for updates now worked, there was CPU activity from the MsMpEng.exe process, and a minute or so later Forefront was up to date.

This entry was posted in Applications, Windows and tagged , , , , , , , , , . Bookmark the permalink.

4 Responses to Forefront Client Security not updating on Windows 2000

  1. Pingback: Anonymous

  2. Stefan says:

    Thanks! Worked for me!


  3. Andy says:

    Thank you!


  4. Pingback: Fix Ox800b010a Errors - Windows XP, Vista & Windows 7, 8

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.