Microsoft Windows Error Code 0x800B0109: How to Fix It
Medium 30-60 minutes Medium Severity
Verified July 2026
- Error Code
- 0x800B0109
- Brand
- Microsoft Windows
- Product Type
- operating_system
- Severity
- Medium
- DIY Difficulty
- Medium
- Estimated Fix Time
- 30-60 minutes
Ad
Tools You'll Need
- Administrator-level Windows account
- Internet connection (or a second device to download files)
- Windows Command Prompt (elevated/admin)
- Windows PowerShell (elevated/admin)
- Optional: Microsoft Safety Scanner (free download)
How to Fix Error Code 0x800B0109
-
Confirm the Error and Note Your Windows Version
Do not skip this step — applying the wrong fix for the wrong Windows version can cause additional issues. -
Run the Windows Update Troubleshooter
-
Manually Update Your Trusted Root Certificates
Run Command Prompt as Administrator or these commands will fail silently. If you are on a corporate or school network, your IT policy may block this — contact your IT department instead. -
Sync Your System Clock
-
Reset Windows Update Components Using the Command Line
These commands must be run as Administrator. Renaming the catroot2 folder forces Windows to rebuild its certificate store cache, which is safe but may take extra time on the first update attempt afterward. -
Repair System Files with SFC and DISM
Do not interrupt SFC or DISM while they are running. If DISM fails with an error about not being able to connect to the source, you may need an active internet connection or a Windows installation ISO as a repair source. -
Manually Download and Install the Failed Update
Only download updates directly from the official Microsoft Update Catalog (catalog.update.microsoft.com). Never download Windows updates from third-party sites. -
Check for Malware Interfering with Certificate Services
If malware is detected, do not continue using the PC for sensitive tasks (banking, email) until the infection is fully resolved and the system is confirmed clean. -
Re-register Cryptographic DLL Files
You must be running Command Prompt as Administrator or you will receive 'access denied' errors.
Ad
When to Call a Professional
You should contact a professional IT technician or Microsoft Support if: (1) All the above steps have been completed and the error persists. (2) The SFC or DISM tools report errors they cannot repair. (3) Your PC is domain-joined or managed by a company IT policy — your organization's Group Policy may be intentionally restricting certificate updates, and only your IT department can resolve this. (4) Malware was detected but your antivirus cannot fully remove it — a technician may need to perform an offline remediation. (5) You are running a very old version of Windows that has passed its end-of-life date and no longer receives root certificate updates from Microsoft, in which case an OS upgrade is the proper solution.Frequently Asked Questions
What does Windows error 0x800B0109 mean?
Error 0x800B0109 means Windows could not verify the digital certificate chain for a Windows Update package. In simple terms, Windows checks that every update is signed and trusted all the way back to a root certificate authority. If any link in that chain is missing, expired, or untrusted on your system, the update is blocked and this error is shown.
Can error 0x800B0109 be caused by the wrong date and time?
Yes, absolutely. Digital certificates are only valid within specific date ranges. If your system clock is significantly wrong — even by a day or two — Windows may see a certificate as expired or not yet valid, causing it to reject the entire update. Always check your system clock first, as this is one of the quickest fixes.
Is Windows error 0x800B0109 a virus or a sign of being hacked?
Not necessarily. In most cases this error is caused by an outdated or corrupted certificate store, an incorrect system clock, or corrupted Windows Update components — all of which are normal technical issues. However, some types of malware do tamper with Windows certificates to block security updates. Running a full scan with Windows Defender or Microsoft Safety Scanner will help rule this out.
Why does 0x800B0109 happen after a clean Windows install?
A freshly installed Windows image may have a certificate store that was current at the time the installation media was created, but is now outdated. Microsoft regularly adds new root certificates and removes old ones. A clean install from older media may be missing newer trusted root certificates. Running 'certutil -generateSSTFromWU' or using Windows Update itself (once connected to the internet) will bring the certificate store up to date.
Does error 0x800B0109 affect Windows security?
Yes, indirectly. If this error is preventing security updates from installing, your system is missing important patches that protect against vulnerabilities. You should prioritize resolving this error as soon as possible. In the short term, ensure Windows Defender definitions are still updating separately (they use a slightly different pipeline), and avoid downloading untrusted software until the issue is resolved.