System Center Essentials TechCenter >
System Center Essentials Forums
>
System Center Essentials - Updates
>
SCUP & SCE: Verification of file signature failed for file:
SCUP & SCE: Verification of file signature failed for file:
- Guys, I'm losing my mind here. Hope somebody can help me :)
I'm trying to publish updates to SCE using SCUP (4.5).
However, whenever I hit "Publish updates", I get this error:
Publish: : Exception occured during publishing: Verification of file signature failed for file: \\<server>\UpdateServicesPackages\3129f912-bdf9-43f8-9f47-6737e4a82524\2cb740b5-3484-4c45-8a7f-b2ac3be5fc0b_1.cab$$<Updates Publisher><Sun Sep 27 19:35:20.425 2009. ><thread=9>
I tried using a brand new Self-Signed Certificate, as well as a Code Signing Certificate obtained from the internal CA.
I have copied the Certificates to the Trusted Publishers store on the local computer.
It's a single-server deployment, SCE, WSUS and Update Publisher are on the same machine.
I have read all documentation for SCUP & Certificates, and I'm pretty certain that I've followed them accordingly :)
Cheers
Michel
Answers
- OK.. great.
Appearantly, the trouble I had did have something to do with my Test Update I was trying to publish.
After recreating the Update in SCUP, it did work as expected.
Hope that helps someone other, too :)
Thanks for your help Eric, really appreciate it.
Cheers
Michel- Marked As Answer byFragKing Wednesday, October 14, 2009 4:55 PM
All Replies
- Hi Michel,
Please Add the self signed WSUS certificate to the Trusted Publishers Store and the Trusted Root Certification Authorities store on the Updates Publisher machine as follows:
1. Click Start, click Run, type MMC in the text box, and then click OK to open the Microsoft Management Console (MMC).
2. Click File, click Add/Remove Snap-in, click Add, click Certificates, click Add, select Computer account, and then click Next.
3. Select Another computer, type the name of the update server or click Browse to find the update server computer, click Finish, click Close, and then click OK.
4. Expand Certificates (update server name), expand WSUS, and then click Certificates.
5. In the results pane, right-click the desired certificate, click All Tasks, and then click Export.
6. In the Certificate Export Wizard, use the default settings to create an export file with the name and location specified in the wizard. This file must be available to the update server before proceeding to the next step.
7. Right-click Trusted Publishers, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.
8. If a self-signed certificate is used, such as WSUS Publishers Self-signed, right-click Trusted Root Certification Authorities, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.
9. Right-click Certificates (update server name), click Connect to another computer, enter the computer name for the Updates Publisher computer, and click OK.
10. If Updates Publisher is remote from the update server, repeat steps 7 through 9 to import the certificate to the certificate store on the Updates Publisher computer. - Hello Eric
Thank you very much for your reply.
I already tried this, and verified it again.
Certificates are installed in Trusted Publishers, Truster Root CA's and WSUS stores.
But I still get the Verification failed error message.
I verified that the correct certificate is used on the "Update Server" -> "Signing Certificate" dialog in the SCUP Settings.
Regards
Michel - Hi Michel,
Could you please try the following steps:
Step 1. Click Start -> Run -> MMC
Step 2. File -> Add/ Remove Snap-In -> Add -> Certificates
Step 3. Choose Computer account -> Local Computer -> Add -> Close -> OK
Step 4. Expand Certificates -> Expand Personal -> Click Certificates
Step 5. Find the self signed WSUS certificate and Right Click it -> All Tasks -> Export
Step 6. Click Next -> Yes -> Next -> Next -> Create a Password -> Retype the Password -> Click Next -> Pick a location to save the file -> Next -> Finish
Step 7. Open SCUP -> Click Settings -> Click Update Server Tab -> Click Browse -> Find Cert -> Click Create -> Enter Password
Step 8. Proceed to GPO Setup from help file.
-
In SCE Managed Computers Group policy. Expand the selected policy setting in the console tree, expand Computer Configuration , expand Administrative Templates , expand Windows Components , and then click Windows Update .
-
In the results pane, right-click Allow signed content from intranet Microsoft update service location , click Properties , click Enabled , and then click OK .
- Marked As Answer byEric Zhang - MSFTMSFT, ModeratorMonday, October 12, 2009 1:47 AM
- Unmarked As Answer byFragKing Wednesday, October 14, 2009 4:55 PM
-
- Hi Eric
Unfortunately, this did not work.
The certificate was accepted by SCUP, but I still get this Signature error :(
/Michel - OK.. great.
Appearantly, the trouble I had did have something to do with my Test Update I was trying to publish.
After recreating the Update in SCUP, it did work as expected.
Hope that helps someone other, too :)
Thanks for your help Eric, really appreciate it.
Cheers
Michel- Marked As Answer byFragKing Wednesday, October 14, 2009 4:55 PM
