Recently i ran across an issue installing .Net Framework patches from Microsoft,, these new updates (KB2633870 & KB2600217) failed with code 800B010B.
It looks like a GPO we have in place may have changed a default setting that addresses how CERT Revocation is handled. I tried a few things in resolving the issue, thinking the issue was related to out of date root certs on the PC, i ran the following commands
certutil -URLCache -f http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
certutil -URLCache -f http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
Read the following for information on Root Certificates : http://support.microsoft.com/kb/931125.
That didn’t seem to fix the issue, ultimately, i found the answer on a German Blog ( http://bent-blog.de/fehler-80070643-und-800b010b-bei-microsoft-net-4-windows-updates-kb2656351-kb2656368-und-kb2600217/)
The key is to change the Software Publishing State Key Value within the registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing]
Change the DWORD Key “State” with value 0xc9 to the value 0x22849
After changing the value, i was able to install the update without incident.
I am hoping this post saves my readers the trouble of finding the fix.