none
SCUP 2011 failes with A fatal error occurred during publishing :Signature verification exception during publish

    Question

  • PublishItem: InvalidException occurred during publishing: Verification of file signature failed for file: \\WSUS\UpdateServicesPackages\de80c836-6549-40e8-b408-1a525f51ea26\d3624167-2f9d-48e4-99d5-0cdbfb5d9259_1.cab$$<Updates Publisher><Tue Mar 5 22:25:28.431 2013.6><thread=6>
    Publish: A fatal error occurred during publishing :Signature verification exception during publish, verify the WSUS certificates and advanced timestamp setting are properly configured.$$<Updates Publisher><Tue Mar 5 22:25:28.435 2013.6><thread=6>
    Publish: Background processing completed.$$<Updates Publisher><Tue Mar 5 22:25:28.436 2013.1><thread=1>

    Under the category of - I wish it would just bloody well work.

    I have uninstalled and resinstalled WSUS 3.0 SP1 and SCUP 2011.

    WSUS has the following updates installed on it:

       WinSE368126
       KB2734608
       KB2720211

    Server OS is 2007 R2 Stadard, 64-bit OS.

    Now updates needed from either Microsoft or itsself.

    I have created a new self-signed certificate
    I have checked Options/Advanced Add timestop and I've unchecked Add timestamp.
    On the SCUP/WSUS server the certificate has been imported in to two trusted areas.

    The UpdateServicesPackages share is empty.

    SCUP and WSUS are on the same server, and pointing towards SCCM 2012 CU2.

    This is becoming very frustrating.

     

    • Changed type AnonymousToday Wednesday, March 27, 2013 8:49 PM Hopefully I can reply to the answer!
    • Changed type AnonymousToday Wednesday, March 27, 2013 9:01 PM Moving it back to a question.
    Wednesday, March 06, 2013 6:57 AM

All replies

  • I have uninstalled and resinstalled WSUS 3.0 SP1

    That would be your first problem. Upgrade to WSUS 3 SP2, install KB2720211, and regenerate a 2048-bit self-signed code-publishing certificate using SCUP.

    WSUS has the following updates installed on it: KB2734608

    Hmm, then, you don't have a WSUS 3 SP1 installation, because KB2734608 can only be installed to WSUS 3 SP2.

    So the next question is this: After you installed KB2720211/KB2734608 did you regenerate a *new* WSUS self-signed publishing certificate using SCUP prior to installing KB2661254?

    Server OS is 2007 R2 Stadard, 64-bit OS.

    I'm really trying to be friendly and compassionate, but now you're scaring me. Properly identifying your environment is the first step to properly diagnosing a problem. There is no such operating system as "2007 R2 Standard", but I'll assume that you mean "2008 R2 Standard" (maybe that's just a typo and you hit the '7' instead of the '8'?, but given the misidentification of the WSUS version, I need to be absolutely sure).

    In any event, from all of that that comes my next pertinent question: Have you installed Service Pack 1 to your 2008R2 server?


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Thursday, March 07, 2013 1:30 AM
    Moderator
  • Sorry, yes it is 2008. Know why 6 is afraid of 7? Because 7 ate 9.

    And yep, you're right I am using WSUS SP2. See, told you I was frustrated.

    I do have KB2661254 installed and it was installed on 10/22/2012 so that's a non-issue. Also, in my original post, yep I did create a new certificate. I also checked the certificate and the Public key is RSA (2048) and the Path is WSUS itself. That's a non-issue. But thanks for looking out for me. :)

    Also, there are no new updates; I fat fingered that too in my original post as well. Yes, SP1 is installed, no further updates needed as being reported by Microsoft Updates.


    (Note to Moderator Clarence, Stop it!!!! The guy asked me a question, so don't mark it as an answer. The question is in direct line of Lawrence trying to help me resolve the issue which at this time is unresolved and thus un-Answered)
    Wednesday, March 27, 2013 9:00 PM
  • Sorry, yes it is 2008. Know why 6 is afraid of 7? Because 7 ate 9.

    And yep, you're right I am using WSUS SP2. See, told you I was frustrated.

    :-)

    I do have KB2661254 installed and it was installed on 10/22/2012 so that's a non-issue.

    Well, actually it could have been *THE* issue. If you did not create a new WSUS signing certificate between [a] the time you installed KB2720211 (or KB2734608) and [b] the time you installed KB2661254, then that would have been absolutely the issue! So I had to ask.

    Also, in my original post, yep I did create a new certificate.

    This factoid I did not glean from the post. Of course, I also had no information as to the state of KB2720211 or KB2661254 either. You did say, but you also said you had WSUS3SP1, so then I had to take *everything* with the proverbial rock of salt.

    I also checked the certificate and the Public key is RSA (2048)

    Excellent! Now we have some authoritative information. :-)

    Verification of file signature failed for file: \\WSUS\UpdateServicesPackages\de80c836-6549-40e8-b408-1a525f51ea26\d3624167-2f9d-48e4-99d5-0cdbfb5d9259_1.cab$$

    Okay, let's return to the original error.

    • What update is this that was being published?
    • Was the binary for this update a SIGNED binary from the VENDOR?
    • Does the WSUS/SCUP server have the necessary Certificate Chain in the Certificate Store for the signing certificate used to sign that binary?


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Wednesday, May 22, 2013 1:12 AM
    Moderator
  • (Note to Moderator Clarence, Stop it!!!! The guy asked me a question, so don't mark it as an answer. The question is in direct line of Lawrence trying to help me resolve the issue which at this time is unresolved and thus un-Answered)

    With all fairness to Clarence.. who I, myself, have often had critical commentary... based on the information at hand that you were running WSUS3SP1...

    install KB2720211 and create a new publishing certificate

    would have been absolutely the correct answer.

    The only reason we now know it is not the correct answer is because incorrect/misleading information has been clarified and we have a better picture of the situation. :-)


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Wednesday, May 22, 2013 1:18 AM
    Moderator