Share via

SCCM 0x87d00215

Anthony Vand 141 Reputation points
2023-09-20T15:45:18.3666667+00:00

Hello Everyone

I know this question has been asked on this forum multiple times, but I could not find any solution to my problem for this.

Recently I have added a new CA server to my environment, decommissioning the old one.

I used the following video to create necessary certificate for PKI certificate assignment:
https://www.youtube.com/watch?v=nChKKM9APAQ&ab_channel=PatchMyPC

However, after deploying updates, I noticed some devices are not getting updates and I see the error (0x87d00215) in multiple logs (CCMExec, Updates Deployment).

WUHandler shows not problem.

User's image

User's image

The problem is its only happening to some computers and not all . I tired reinstalling the client multiple times, using parameters, pushing it through SCCM console with no luck.

Any help is appreciated as someone else might have this problem as well

Microsoft Configuration Manager
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anthony Vand 141 Reputation points
    2023-09-29T12:21:43.7533333+00:00

    Sorry for the late reply

    I was wrapping things up to come up with a final solution

    So here are the steps I took to resolve my issue:

    1 - Delete the old cert manually from problematic devices (and later from non-problematic devices to be on the safe side)

    2 - Do as @AllenLiu-MSFT mentioned:

    1. Stop the Windows Update service by running the following command: net stop wuauserv
    2. Rename the C:\Windows\SoftwareDistribution folder to C:\Windows\SoftwareDistribution.old.
    3. Start the Windows Update service by running the following command: net start wuauserv

    3 - Reinstall the client by pushing it from the site server and checking (Uninstall current SCCM client)

    User's image

    Thank you @AllenLiu-MSFT , your note definitely helped

    1 person found this answer helpful.
    0 comments
  2. AllenLiu-MSFT 48,356 Reputation points Microsoft External Staff
    2023-10-03T02:23:10.8766667+00:00

    We're glad the problem is solved now.

    1 person found this answer helpful.
    0 comments
  3. AllenLiu-MSFT 48,356 Reputation points Microsoft External Staff
    2023-09-21T02:37:55.14+00:00

    Hi, @Anthony Vand

    Thank you for posting in Microsoft Q&A forum.

    Since the issue is only happening on some computers, it could be related to the certificate configuration on those specific devices. I would recommend checking the certificate configuration on the affected devices to ensure that they are using the correct certificate and that it is properly installed.

    Additionally, you could try resetting the Windows Update Agent data store on the affected devices by following these steps:

    1. Stop the Windows Update service by running the following command: net stop wuauserv
    2. Rename the C:\Windows\SoftwareDistribution folder to C:\Windows\SoftwareDistribution.old.
    3. Start the Windows Update service by running the following command: net start wuauserv
    4. Start a software update scan cycle.

    And what type of boundaries are you using? Is it Ip ranges only?

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

  4. Shane Williford 0 Reputation points
    2025-03-05T15:09:41.2533333+00:00

    I know this post is 2yrs old, but can you all share where you looked for the certificate at? In the target/client device's Personal Store? Is/was it the sccm cert or a self-named cert for the target/client?

    Thanks!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.