This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Microsoft Endpoint Configuration Manager version 2006
Windows Server 2012 R2
When trying to manually download any "Microsoft 365 Apps Update - Semi-Annual Enterprise Channel" to a deployment, the download fails.
Failed to download content id. Error: invalid certificate signature
I get the following in the PatchDownloader.log:
Connecting - Adding file range by calling HttpAddRequestHeaders, range string = "Range: bytes=0-" $$<Software Updates Patch Downloader><10-21-2020 15:38:41.359+300><thread=14112 (0x3720)>
Download http://officecdn.microsoft.com/pr/b8f9b850-328d-4355-9145-c59439a0c4cf/office/data/16.0.13127.20638/i640.cab.cat in progress: 27 percent complete $$<Software Updates Patch Downloader><10-21-2020 15:38:41.643+300><thread=14112 (0x3720)>
Download http://officecdn.microsoft.com/pr/b8f9b850-328d-4355-9145-c59439a0c4cf/office/data/16.0.13127.20638/i640.cab.cat in progress: 55 percent complete $$<Software Updates Patch Downloader><10-21-2020 15:38:41.644+300><thread=14112 (0x3720)>
Download http://officecdn.microsoft.com/pr/b8f9b850-328d-4355-9145-c59439a0c4cf/office/data/16.0.13127.20638/i640.cab.cat in progress: 82 percent complete $$<Software Updates Patch Downloader><10-21-2020 15:38:41.645+300><thread=14112 (0x3720)>
Download http://officecdn.microsoft.com/pr/b8f9b850-328d-4355-9145-c59439a0c4cf/office/data/16.0.13127.20638/i640.cab.cat in progress: 100 percent complete $$<Software Updates Patch Downloader><10-21-2020 15:38:41.645+300><thread=14112 (0x3720)>
Download http://officecdn.microsoft.com/pr/b8f9b850-328d-4355-9145-c59439a0c4cf/office/data/16.0.13127.20638/i640.cab.cat to C:\Users\<me>\AppData\Local\Temp\CAB4512.tmp returns 0 $$<Software Updates Patch Downloader><10-21-2020 15:38:41.646+300><thread=14112 (0x3720)>
Using per-user settings for CRL checking. $$<Software Updates Patch Downloader><10-21-2020 15:38:41.647+300><thread=14112 (0x3720)>
Cert revocation check is disabled so cert revocation list will not be checked. $$<Software Updates Patch Downloader><10-21-2020 15:38:41.647+300><thread=14112 (0x3720)>
To enable cert revocation check use: UpdDwnldCfg.exe /checkrevocation $$<Software Updates Patch Downloader><10-21-2020 15:38:41.648+300><thread=14112 (0x3720)>
Verifying file trust C:\Users\<me>\AppData\Local\Temp\CAB4512.tmp $$<Software Updates Patch Downloader><10-21-2020 15:38:41.649+300><thread=14112 (0x3720)>
Authentication of file C:\Users\<me>\AppData\Local\Temp\CAB4512.tmp failed, error 0x800b0004 $$<Software Updates Patch Downloader><10-21-2020 15:38:41.657+300><thread=14112 (0x3720)>
ERROR: DownloadUpdateContent() failed with hr=0x80073633 $$<Software Updates Patch Downloader><10-21-2020 15:38:41.659+300><thread=1640 (0x668)>
If I uninstall KB4580358, I can download successfully.
Anyone else experiencing this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Does installing this fix anyone https://www.prajwaldesai.com/sccm-2006-hotfix-kb4578605-configmgr-2006-update/
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 3%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
Is anyone else seeing regression of this error while running the latest CM 2010 build with KB4594177 installed?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 82%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I'm running CM 2006 w/ KB4575787 installed and am unable to download "Microsoft 365 Apps Update - Current Channel Version 2101 for x86 based Edition (Build 13628.20380)".
We ran into this last November too & applied a hotfix for SCCM which resolved it at the time.
In %temp%\patchdownloader.log I have:
Verifying file trust C:\Users\<username>\AppData\Local\Temp\11\CAB894C.tmp.c2rx
Authentication of file C:\Users\<username>\AppData\Local\Temp\11\CAB894C.tmp.c2rx failed, error 0x800b0004
ERROR: DownloadUpdateContent() failed with hr=0x80073633
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 45%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
We are running 2006 with Hotfix Rollup KB4575789, we've just had an issue again downloading M365 (Office) too:
Downloading content for ContentID = 326004, FileName = office\data\16.0.12527.21594\stream.x64.gl-es.dat.cat.
Proxy is enabled for download, using registry settings or defaults.
FileHash value is NULL. Hash verification for this file will not be performed.
Connecting - Adding file range by calling HttpAddRequestHeaders, range string = "Range: bytes=0-"
HttpSendRequest failed 500
Download http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114/office/data/16.0.12527.21594/stream.x64.gl-es.dat.cat to C:\Windows\TEMP\CAB6327.tmp.cat returns 500
ERROR: DownloadUpdateContent() failed with hr=0x800701f4
Reran the ADR today, its taken nearly six hours as its in the middle of our working day but the download has successfully completed (we have all languages ticked as we operate across the globe), so hopefully it was just a connection/availability issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 27%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
we are on 2006 with Hotfix Rollup KB4575789
Also getting issues with the O365 ADR original ADR started with error 0x80073633 Invalid Certificate Signature, when rerun it gives error 0x87D20417 Auto Deployment Rule download failed
I have recreated the ADR with same settings as original and again have the error 0x80073633 Invalid Certificate Signature
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 76%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Same here, running 2010 with KB4594177. All other ADRs work fine, only O365 gives "0x87d20417"
What OS updates do you have on your site servers? Have you installed the Feb updates? Ours have the Jan updates installed, not yet Feb they get installed tonight.
We're running the January updates, the February ones are yet to be approved
iours are still on Jan updates as as Maint window isnt until this weekend
please let me know if you still have the same issues after your update
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 25%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
We started having this issue in the fall. So a couple of weeks ago, we upgraded to 2010 and were able to download a January O365 update. Hooray!
Then comes yesterday and the issue reappeared for the Feb 9 Current Channel release of 2101.13628.20380. The same invalid cert error.
But ONLY for that release. I can download the immediately preceding one that is now superseded. Or the Semi-Annual Enterprise version. Or a Windows 7 version or any other version I try. The ONLY one I get the error on is the current one that I want and need.
Has anyone else seen that? Or am I an extra-special kind of ridiculous? The callous was just starting to soften on my forehead ...
We are aware of the reported issues and believe we understand the root cause -- it's different and unrelated to the similar issue that occurred in the fall. How we address this is still TBD, but we are working on it.
Hi Jason.
Is this specific to the Feb 9 Current Channel release of 2101.13628.20380? If so, I will cease and desist trying to resolve it on my own. As stated earlier, I am able to get any other update I choose, just not this one.
Thanks in advance.
Correct. The issue, to our knowledge, is restricted to the latest Microsoft 365 update. The fix should be on our end as well, so we aren't at this time expecting any changes by customers other than to reinitiate the download. That's still a bit TBD though so yep, holding pattern for now.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 45%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hi,
thanks for the update.
Was October 2020 CU Un-installed prior to upgrading SCCM CB with Hotfix Rollup KB4575789?
is it mandatory to uninstall this October 2020 CU?
thanks for sharing the update.
I think there no official update from MS regarding this issue or "mentioning to Uninstall October 2020 CU from the servers".
people are suffering because of their patches and production applications are getting impacted and they are sitting idle, leaving us to suffer.
Hi, ours was fine after rerunning the ADR (with the Jan server CU updates installed on the site server) however we are not downloading updates for the latest M365 apps (Office) build, we are downloading for v2002, Jason's comments suggest the issue is only related to the latest version of M365 Apps and that they are working on a fix. Ours therefore must've been a different issue as we also had a different error code.
Hi, no there was no need to uninstall the October CU in order to update ConfigMgr as the ConfigMgr hotfix rollup contained the fix that allows the downloads to work with the CU installed. Prior to updating to 2006 however yes we did temporarily remove the Oct CU from a jump box with the ConfigMgr console installed just to enable us to download the M365 apps updates for that month and then we reinstalled the CU and updated ConfigMgr to 2006 a couple of weeks later before the next Patch Tuesday release.
Jason's comments:
"The issue, to our knowledge, is restricted to the latest Microsoft 365 update. The fix should be on our end as well, so we aren't at this time expecting any changes by customers other than to reinitiate the download. That's still a bit TBD though so yep, holding pattern for now"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 75%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
We are still on 1910 and we have the same issue with the o365 Feb Patches. Do we know when this will be fixed
Ive logged a call with MS support this morning, as jason said just hold until its fixed as its at their end
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 73%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHT%3C/text%3E%3C/svg%3E)
We are running CB 2010 with latest hotfixes KB4594176/4594177 and having the exakt the same problem when downloading x64/x86 (Microsoft 365 Apps Update - Current Channel Version 2101 for x86 based Edition (Build 13628.20380) and Microsoft 365 Apps Update - Current Channel Version 2101 for x86 based Edition (Build 13628.20380)
Failed to download content id xxxxxxxxx . Error: Invalid certificate signature. ADR error 0x80073633.
MS support have said the fault is with unsigned .c2rx files. so all up to them to fix and redeploy the signed files i'm guessing
This is correct. Please see my comment above.
Please read the entire thread (as mottled as it is). We know of the issue and are working on a fix. The expectation is that the fix will be on our end only (as it's related to the content of the latest M365 Apps update and not functionality of ConfigMgr). No one is leaving you to suffer although is you feel you are suffering, then you need to open a support case.
Going to close this thread after I post this answer and reiterate the information. We believe we understand the exact issue occurring. This new issue is only loosely related to the issue originally reported in this thread. We don't expect customers to have to change anything on their end as the issue is related to the content in the update and not ConfigMgr itself. As we work on implementing and validating the fix, please stand-by. If you are concerned about this message or the impact of the issue, please open a support case.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 68%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIR%3C/text%3E%3C/svg%3E)
Where is new thread regarding O365 Updates?
Do we know when this will be fixed by MS
Note that 2006 hotfix rollup released last week addresses the download issue. If you aren't running 2006, I don't think you're going to see a fix.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 79%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
Jason,
Do you know if this would be the same issue for 2002 (Hotfix KB4553501). I have a CAS (don't ask why it's overkill, GEO/Political reasons) and something that worked last month does not today.
Worked in October: Microsoft 365 Apps Update - Semi-Annual Enterprise Channel Version 2002 for x86 based Edition (Build 12527.21236)
Failed in November: Microsoft 365 Apps Update - Semi-Annual Enterprise Channel Version 2002 for x86 based Edition (Build 12527.21330)
If this is the case I can use one of the workarounds listed. I just don't want to waste a couple days with a case or those workarounds and find out this issue is exclusive to 2006.
Thanks,
Brian
Correct. Only the 2006 hotfix rollup released late last week addresses this and I know of no plans at this time about fixing this for any down-level versions of ConfigMgr. Our standard practice is not to issue fixes for down-level versions and to my knowledge, we never have in the CB era of ConfigMgr.
Update: We are investigating the possibility of down-level CM updates for this. There would be a significant pain point for customers though so the investigation is on-going and no decision has been made. We strongly prefer orgs to upgrade to 2006 + HFRU to address this issue.
I've already posted an update (it's on the next page of the answers if you aren't seeing it).
As for maintaining your software, that's the nature of software and security. This isn't about us intentionally breaking customers, it's about us keeping our products secure and thus our customer's as well. Sometimes, this breaks things and there are ramifications for all involved. There was no incompetence or malice involved here.
Thanks Jason, that is what I suspected & your update too.
Do you know if 2020-11 2012r2 KB4586786 fixes this problem?
When I tried to download from the catalog, it gave me a link for "noop_a1aed054581993fcfb1085f8d08dde385566efc0.exe"???
I pulled the 600+ individual files for both the x86 and x64 version overnight. When I point to "\MyShare\365Apps\November\x64\7ffbc6bf-bc32-4f92-8982-f9dd17fd3114" I still get "Error: Invalid certificate signature".
I don't want to have to back out the 2020-10 patch because we are looking to deploy 2006 (and the hotfix) late December. Don't want to have to install/uninstall/reboot production systems multiples times as a workaround.
Thanks for any insight.
Brian
Jason - Thanks, I see your comments further down in the thread of this conversation. I will evaluate best "next steps" for our company. I suspect it will be moving forward with the 2002 hotfix and dealing with the pain it causes to 2006 at that time.
Appreciate all the feedback from Jason. Always a great source of information.
What I failed to understand was where the certificate check was actually occurring. It wasn't until Jason said "Manual download of the update files is another and using a console installed on a workstation without the updates is a third option." that if finally sunk in. The certificate check was happening on the machine w/ the console installed, which is why even after downloading them I was still getting certificate errors.
I went to a Dev server, uninstalled the 2020-10 patch, and then rebooted. Installed the CM Console. Downloaded using the local files that I had downloaded manually. Everything worked fine.
I installed the 2020-11 CU for the 2012r2 server knowing I will probably have to repeat the same process until we can update to 2006 (and the then timely HFRU).
Thanks,
Brian
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
We have a 2002 environment and are seeing this exact issue. We can see this thread relates to 2006 but the same error codes appear in our logs and O365 will not download. According to the comments above it was stated that MS will not release a hotfix for 2002 to address this problem and only recommends upgrading to 2006. Has anyone else with 2002 seen this problem?
Is the only solution to remove the October updates?
Thanks
No, this no longer correct. We have released updates for 2002 and 1902:
https://support.microsoft.com/help/4575783
https://support.microsoft.com/help/4575784
Note the super-ugly, manual workarounds for subsequent upgrades though.
Despite these hotfixes, the best and recommend path here is upgrading to 2006 + HFRU.
We are on 2002 running a Primary site on a 2012R2. We are having this problem but looking at the installed patches for October we only see KB4578953, KB4578962 & KB4580347
We do not see KB4577668 installed on the server but yet we are having the exact same issue as explain here.
Do we need to remove one of the other patches?
Is there a reason you aren't installing the ConfigMgr hotfix listed above or (better yet) upgrading to ConfigMgr 2006?
The hotfix for 2002 causes issues upgrading to 2006. Also we have to get approvals to upgrade to 2006 and verify there are no issues. To workaround we need to get the updates for Office downloading and then in two weeks we will have the approvals for upgrading to 2006.
The hotfix for 2002 causes issues upgrading to 2006.
No, not really. The issue (singular) is well documented in the KB as is the proper path for addressing this issue when you upgrade -- it's an ugly workaround to be sure, but far from complicated.
If you need a temporary workaround, why not manually download the files as noted or use a console installed on a system that is only current with updates to September? The behavior causing the download issues isn't exclusive to the October updates anymore as they've been superseded by the November CU so you need to have a system that has no current updates (back to September as noted).
We had the same exact issue on 2002. Below is from my comment in the thread about what we did and will do again in the December "Patch Tuesday" cycle. We are planning to upgrade our system to 2006 near the end of the year.
I went to a Dev server, uninstalled the 2020-10 patch, and then rebooted. Installed the CM Console. Downloaded using the local files that I had downloaded manually. Everything worked fine. I installed the 2020-11 CU for the 2012r2 server knowing I will probably have to repeat the same process until we can update to 2006 (and the then timely HFRU).
Have to remember the issue is not coming from your CAS/Primary, but rather the system where the Console is installed. As long as these updates are not installed on the system with the Console, appears to work as expected.
Best,
Brian
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 6%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
For one of my customer on 2002 + KB 4560496: Update Rollup for Microsoft Endpoint Configuration Manager current branch, version 2002, still had same issue. Event uninstalling Oct and Nov patches didnt help.
Eventually, I figured the patchdownloader.dll in x86 and x64 directory were older version than what is mentioned in KB 4560496:
I simply replaced the patchdownloader.dll from 2006+patch setup to the 2002+patch and successfully downloaded the patch.