Submit a ticketCall us

WebinarUpcoming Webinar: Know What’s Changed – with NEW Server Configuration Monitor

Change management in IT is critical. But, even with a good change management process, changes are too often not correctly tracked, if at all. The configuration of your servers and applications is a key factor in their performance, availability, and security. Many incidents can be tracked back to an authorized (and sometimes unauthorized) configuration change, whether to a system file, configuration file, or Windows® Registry entry. Join SolarWinds VP of product management Brandon Shopp to discover how the new SolarWinds® Server Configuration Monitor is designed to help you.

Register now.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Error 800B0004 when installing updates

Error 800B0004 when installing updates

Updated November 17, 2016


When you install updates, error 800B0004 displays in the Windows Update Client with the following message:

The subject is not trusted for the specified action.


  • All Patch Manager versions
  • All Windows Client machines


The WSUS certificates are being deployed to the Trusted Root certificate store instead of the Trusted Root and Trusted Publishers certificate stores

See Error Code: 0x800B0109 when deploying third-party updates to client systems for additional details.


  1. Check the Certificates Store on the client machine with the error.
    1. Open MMC.
    2. Click on File > Add/Remove Snap-in.
    3. Select Certificates and Add.
    4. Select Computer Account, and then click Next.
    5. Click Finish, and then click OK.
    6. Expand the Certificates Module.
    7. Check the Trusted Root and Trusted Publishers stores to confirm they have the WSUS Certificate.
      If it is in one store and not the other, right-click the certificate, go to All tasks and export the certificate.
      You can take the default values during export.
  2. After you export the certificate, go to the appropriate store and right click the certificate.
  3. Go to All Tasks and import the certificate.
  4. Verify that the issue has been resolved and verify that your Group Policy is set up to deploy the certificates to both the Trusted Root and Trusted Publishers store.


Last modified