Hi everyone! I've been running a PowerShell script in an MDT task sequence to update applications using winget after deploying them. It has always worked great until we started deploying Windows 11 version 25H2. Suddenly, I began getting this error when running the command:
WINGET PIN ADD --ID myapp.id
It fails to search the source and gives this error: 0x8a15005e, indicating that the server certificate didn't match the expected values.
This happened when I tried to exclude an app via pin or while updating apps. After searching and trying many things, I found a solution that worked:
1. WINGET SETTINGS --ENABLE BypassCertificatePinningForMicrosoftStore
2. WINGET UPGRADE Microsoft.AppInstaller --accept-source-agreements --accept-package-agreements
3. WINGET PIN ADD --ID myapp.id
4. WINGET SETTINGS --DISABLE BypassCertificatePinningForMicrosoftStore
5. WINGET UPGRADE --all --include-unknown --accept-source-agreements --accept-package-agreements
Some others mentioned they had success using --source winget. So essentially, we temporarily bypass certificate pinning to update the App Installer and then re-enable it before updating everything else. I hope this helps anyone dealing with similar issues on newer Windows 11 builds! Feel free to share if you've found other workarounds. Good luck!
3 Answers
You just saved my day! I fresh-installed Windows and hit this wall with winget. I was about to give up, haha! Your solution works like a charm. I also heard that adding `--source winget` can help bypass the store if anyone's facing the same issue. Just a heads up for others!
That sounds like a smart move! Virtual machines can save so much hassle when testing stuff like this.
Haha, I totally get you! Microsoft really nailed it with the whole certificate pinning for security, then turns around and gives us a bypass option. Classic! But hey, at least there's a fix. Thanks for sharing that!
Is this a new issue with the latest Windows 11 update? I'm curious if anyone else has run into it before.
Yeah, I found an article that mentioned similar problems from last year. We only started seeing it with the Win11 v25H2 though.
Good call! I've been using that flag too. It helps skip the store altogether. I was clueless at first and ended up reinstalling Windows a few times trying to troubleshoot this. Finally created a VM to test it out before committing any big changes!