IT Consultant Everyday Notes

Just some problems/solutions storage

SCCM 2012: SCCM 2012 SP1 Client update failed. Error: “Couldn’t verify ‘C:\Windows\ccmsetup\MicrosoftPolicyPlatformSetup.msi’ authenticode signature. Return code 0x800b0101

UPDATE: Microsoft published updated binaries for SCCM 2012 SP1 addressing this (and other minor) issues. You should use this new file set  for new installations. Links are here:


I upgraded my Lab SCCM to 2012 and decided to try “Client autoupdate” feature introduced with SCCM 2012.

Unfortunately the attempt failed and I saw

Couldn’t verify ‘C:\Windows\ccmsetup\MicrosoftPolicyPlatformSetup.msi’ authenticode signature. Return code 0x800b0101

in ccmsetup.log on the Client.

Signing certificate for the msi looks like:


so it looks expired for me  Smile

Fortunately Microsoft published  – Cumulative update 0 (CU0)  including an update (download)

I download the update and ran it on my SCCM


it did not pass from the first time, of course:


I should say the warning is a bit confusing – from the first sentence – Reboot is not required, from the second – I must restart the computer. Winking smile. Reboot the server and try again!

This time it looks better:





create packages:


and proceed with install:


Checking certificate again:


and the msi is validated successfully and the client is installed:


Do not forget to deploy the update to another Primary servers.

Anoop found some confusion between KB and the update wizard:

I still think the updates is not necessary for CAS…

6 responses to “SCCM 2012: SCCM 2012 SP1 Client update failed. Error: “Couldn’t verify ‘C:\Windows\ccmsetup\MicrosoftPolicyPlatformSetup.msi’ authenticode signature. Return code 0x800b0101

  1. Joel Guevara January 21, 2013 at 9:18 am

    Thx for the detailed instructions. The one thing I would like clarification with is, do you apply this update after the install of SP1 or before? any information is greatly appreciated.

  2. Jason March 19, 2013 at 8:34 am

    What happens after 3/4/2013?

  3. Alon Or December 30, 2014 at 12:37 pm

    Make a .reg file with the following and import to problematic client:

    Windows Registry Editor Version 5.00

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: