This warning can be safely ignored.
It is basically trapping on a duplicate certificate being found on the target when we go to verify what certificates are there.
We will be fixing this in an upcoming release.
Think the package has been published OK, least it is showing in my list of Updates. However when I distribute it I get the following error
Details: Download failed. A certificate chain processed but terminated in a root certificate which is not trusted by the trust provider Error Code: 0x800B0109
I have checked the certificates and the WSUS self signed certificate is in Trusted Root Certificates, I have even distributed it down via EW just to make sure it was in there ( that distribution completed successfully ).
This is often caused by not having the appropriate policy settings that allow the clients to receive updates from an intranet Update Services location. Any machine that is going to receive 3rd party updates will need to have this set. You can set this with our local policy editor - although you may need to set it at the OU or domain level:
The Windows Update Policy on the targets needs to Allow non-Microsoft signed content
This can be enabled using EminentWare's Windows Update Policy Task or using GP.
Once enabled, you should be able to install.
Please note that there is currently a bug in the wsus server provisioning wizard that improperly checks the WSUS console cache and this cache can indicate the WSUS server is NOT provisioned, when in fact you have already provisioned the WSUS server. To workaround this and verify that you have provisioned the WSUS signing cert on the WSUS server, please select the WSUS server node after running the WSUS server provisioning wizard in the tree control and select refresh. This will refresh the cache and this information.
The reason I mention this is because it is easy to re-provision the WSUS server. This can lead to the same error you have seen if you already distributed the previous signing cert to the clients. If this happens, you simply need to re-publish any previously published packages and push out the new certificates.