I would like the client machines in my organization to update the Root Certificates from a centralized location INSIDE the organization. This used to work with WSUS, but Microsoft left this way aside by 2014, I think.
The point of this is the clients do not have direct access to the internet but through a proxy with an authentication portal, as in an hotel. This proxy, which belongs to a third/parent organization, automatically logs out the clients after 8 hours. So when the clients try to update the certificates from Microsoft site, with the client not having access to internet, it logs an error event.
This itself it's not a big deal. But as we've the clients forwarding the error events to an event collector, this server get flooded with these errors.
Dismissing these errors is not a (desired) option, as we may dismiss clients which are really not updating the certificates, even with access to internet.
Any ideas?
Looks like you have to download the updates to a web or file server and point your clients at it - TechNet document