Forum Discussion

marty5's avatar
marty5
Brass Contributor
Aug 11, 2025
Solved

Win 2025 - MCC Install Failure

WSL_Mcc_Install_Transcript [08/11/2025 14:41:51] Completed configuration of port forwarding [08/11/2025 14:41:51] Setting WslMccUbuntuEthZeroIp [08/11/2025 14:41:51] Creating cache folder locations...
  • adityamiddha's avatar
    adityamiddha
    Dec 10, 2025

    Instead, you can validate the certificate chain by running:

    openssl s_client -connect geomcc.prod.do.dsp.mp.microsoft.com:443 -showcerts

    This will show what cert is being included on the check. Based on these results the customer will have the evidence on how they should proceed. Importing MS certs is not necessary and the requests to *.prod.do.dsp.mp.microsoft must avoid going through their proxy.

    ------------------------------

    For example, we had one customer run the Open SSL command above with the additional proxy parameter:

    openssl s_client -connect geomcc.prod.do.dsp.mp.microsoft.com:443 -proxy [proxy_name] -showcerts"

    And found a "temporary failure in name resolution" error. They ran the command again, this time replacing the proxy hostname with an IP address instead. Only then did the openssl command work.

    As a result, they changed the "-proxyurl" in the MCC installation script to the IP address instead of the proxy hostname. This fully resolved the issue.

marty5's avatar
marty5
Brass Contributor
Nov 12, 2025

*.prod.do.dsp.mp.microsoft.com are the URL's that continually causes issues due to the Microsoft cert lacking a trusted CA/full chain.  Import the CA or skip the SSL validity checks at the firewall level.

More info: https://community.fortinet.com/t5/Support-Forum/Microsoft-Update-Secure-Server-CA-2-1-not-trusted-in-Fortgate-or/m-p/295174

  • kunal-60812's avatar
    kunal-60812
    Copper Contributor
    Dec 01, 2025

    How to import the ca

Resources