The 0x800b0109 error is almost always caused by a problem with security certificates. It can be seen in Windows VPN settings, Windows Updates (for older versions of Windows), Dropbox, and other applications which use certificates.

VPN SSTP 0x800b0109 error

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider (Error 0x800b0109)

If you're trying to connect to a VPN over SSTP and get this error message, the problem should be straightforward to fix. You need to acquire a valid CA root certificate for your VPN certificate chain. When you connect to a VPN using your certificate it should belong to a chain of certificates with a valid "root" certificate at the top of the tree. It is this top root certificate which error 0x800b0109 is referring to.

For an external VPN service you should ask their technical support department for a valid root CA certificate to install on your computer. You will receive a file ending in ".crt" from them. Double-click this file in Windows and it will be installed automatically.

If you maintain your own SSTP VPN server you will need to copy the CA root certificate from the VPN server to each of the clients. On the server open the SSL certificate and switch to the "Certification Path" tab. Select the top certificate in the tree (which will be your root certificate) and click "View". You can now export a ".crt" file to copy to your VPN client(s).

Another method to install a root certificate on a Windows client is to use the certutil command. Open a command line window and run certutil -verify -urlfetch path\to\certificate.crt

(Stand-alone) Windows Updates 0x800b0109 error

Unfortunately this is bad news. Its almost always caused by using an old version of Windows which is no longer supported by Microsoft. They have revoked the root certificate preventing Windows Update from running properly, resulting in the cryptic 0x800b0109 error. You should upgrade to a more recent version of Windows or take Linux for a spin.

(Network) Windows Updates 0x800b0109 error

If you're running a more recent version of Windows on a LAN with Windows Server, you may encounter this error even though Microsoft still supports that version of the operating system. It's caused by attempting to share downloaded updates from a central server on the network to clients. Clients do not have permission to accept updates from Windows Server, usually due to a Group Policy setting.

Fix it by enabling signed content from the Intranet. In the Group Policy Object Editor expand "Computer Configuration", then "Administrative Templates", then "Windows Components" and then click "Windows Update". Now you can enable "Allow signed content from intranet Microsoft update service location".

Finally on the client(s) run gpupdate /force to force-update the group policy.

If you're using a self-signed certificate for WSUS see this PDF guide for distributing the self-signed certificate to clients.

Dropbox 0x800b0109 error

Chances are you're on an old operating system running Windows XP or Windows Server 2003. These are plagued with security issues and you really should upgrade to a newer version of Windows (or try Linux!).

If that's not an option then scroll down to the next section for a solution.

Miscellaneous 0x800b0109 errors

The 0x800b0109 error can be seen with almost any application which uses security certificates, including Dropbox.

If you're using an old version of Windows such as XP or Server 2003, this is a common error message, and can be fixed by following these steps. If you're on a newer version of Windows be sure to install antivirus and antimalware software, as your root certificates may be compromised.

You will need a second computer (PC B) to complete this step, which has a working copy of the software you're trying to get working on the first (PC A). We will copy the correct security certificates from A to B which will fix the problem.

  • On PC B open Internet Explorer, use the "Tools" menu and select "Internet options"
  • Click the "Content" tab then click Certificates
  • Click the Trusted Root Certification Authorities tab
  • Click the first certificate in the list, then hold Shift and click the last certificate. All certificates in the list will be highlighted
  • Click Export and follow the prompts to save the file
  • Do the same steps above for the "Intermediate Certification Authorities" tab
  • Now copy those files to a USB key or similar and transfer it to PC A
  • On PC A open Internet Explorer and go to "Internet options"
  • Click the "Content" tab, and then click Certificates
  • Click "Import" and use the import wizard to load certificates from the USB key
  • Do the same again for the "Intermediate Certification Authorities" tab

Some forum threads have downloadable certificates which other users have helpfully uploaded. Be aware that importing strange certificates from the Internet is not good security practice - it's like importing random front door keys to allow anyone access to your house! Copying from a trusted computer is definitely preferred.

Preventing 0x800b0109 errors

Windows has a built-in feature to automatically update root certificates from the relevant authorities. Enabling this should prevent 0x800b0109 errors in the future. In "Control Panel" select the "Add/Remove Components" dialog and enable "Update root certificates".

About the author

John is a guest writer and technical author passionate about Internet technology. He enjoys keeping updated in the latest tech trends and emerging technologies and writing about them.