PENDING Unable to update W11 24H2 clients

[fartarbensonbury]

Hi, we are experiencing an issue when trying to deploy W11 updates to our W11 24H2 estate. W10, W11 not 24H2, Server OS and 3rd Party updates are working fine.

Windows 11 Enterprise devices fail to install 2025-03 Cumulative Update for Windows 11 Version 24H2 for x64-based Systems (KB5053598) with error 0x80096004 The signature of the certificate cannot be verified. We have tried numerous fixes including deleting local cache files both in Windows\ccmcache and Windows\SoftwareDistribution\Download but the error remains. The other fixes are resetting group policy, resetting machine policy, reinstalling ccm agent, turning off and then back on delta installs, deleting the update from the dp's, re-distributing deployment package, downloading again, distributing to dp's. Running wsusutil.exe reset on the wsus server and then manually syncing the updates in sccm. Opening for both up and down firewall port TCP 8005 for delta downloads. All certificates have been checked including WSUS and IIS, all in date and all trusted.

Client Centre.


SCCM Error.

Any help or guidance would be much appreciated.

Many Thanks