Just on a guess, we are prompting windows upgrade with a page to confirm the certificate , which it can't see. Did you trust MWG's root CA in your browser?
MWG's root CA is trusted on all machines (Group policy). Anyway, if SSL Scanner is enabled windows update always fail.
OK, then let's think different
If URL.Host matches in list (*.windowsupdate.com$;windowsupdate.microsoft.com$;w2ksp*.microsoft.com$;office .microsoft.com$;download.microsoft.com$;update.microsoft.com$) then enable workaround.
In the workaround, you need to only check "Check handling of conflicting content length header". Windows update uses the CL header to check the downloaded files against their announced size.
If this doesn't help, I suggest opening a call with support.
1 of 1 people found this helpful
Hi michael... your solution could be correct. I will wait another day or two if everything will work as it should, before thanking you. Meanwhile you get my points for probably correct answer (if I forgot to click it later)