locked
SCCM 2012 - R2 -CU3 - Client Installation Issue - Couldn't verify authenticode signature. Return code 0x80092026 && Failed to extract manifest cab file with error 0x80004005. Try next location RRS feed

  • Question

  • Hi All,

                       I am unable to install SCCM client on couple of machine.  I am seeing this issue for some of the clients so not sure on what is problem. Clients are windows 2008 R2 server. I verified the registry value for the trust  and it is showing up correctly. Any help would be much appreciated..

    Infra detail

    ===========

    SCCM 2012 R2 - CU3 server  , SQL-2012  remote , DP server -- All the servers are running Windows server 2012 R2.

    I tried to push client to a collection of 10 computer - and 5 of them client got installed but the rest are failing with this error.

    ====================================

    Couldn't verify 'C:\Windows\ccmsetup\ccmsetup.cab' authenticode signature. Return code 0x80092026 ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
    A Fallback Status Point has not been specified.  Message with STATEID='316' will not be sent. ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
    Failed to extract manifest cab file with error 0x80004005. Try next location. ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
    Enumerated all 1 local DP locations but none of them is good. Fallback to MP. ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
    GET 'HTTP://server1.com/CCM_Client/ccmsetup.cab' ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
    Couldn't verify 'C:\Windows\ccmsetup\ccmsetup.cab' authenticode signature. Return code 0x80092026 ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
    CcmSetup failed with error code 0x80004005 ccmsetup 1/8/2015 4:02:04 PM 13828 (0x3604)

    ====================================

    Regards,

    Ren



     



    • Edited by Renjit Friday, January 9, 2015 9:17 PM typo
    Friday, January 9, 2015 9:15 PM

Answers

  • This issue has been resolved. 

    The solution for this issue -  Under software restriction policy --> Trusted Publishers -- Change the "Trusted publisher management" value to "Allow all administrators and users to manage user's own Trusted publishers".

    Make this as a new policy and apply to only these two O

    • Marked as answer by Renjit Thursday, July 30, 2015 7:03 PM
    Thursday, July 30, 2015 7:03 PM

All replies

  • 0x80092026  "The cryptographic operation failed due to a local security option setting."

    Is there anything special about the servers encountering the issue? GPOs, etc.?

    You take a look at this thread - it may relate to the issue you are seeing:

    https://social.technet.microsoft.com/Forums/en-US/1a580444-c980-4e59-bd4e-e15857026170/push-client-installation-authenticode-errors?forum=configmanagerdeployment

    Jeff

    Friday, January 9, 2015 9:24 PM
  • Hello,

    Check if the following registry key is changed:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

    This value corresponds to the Internet Explorer security setting "Check for publisher’s certificate Revocation" and "Check for signatures on downloaded programs". The default value is set to 23c00.

    Check this article.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 12, 2015 5:51 AM
  • Thanks Jeff.

    That link not specifically saying where and what we have to look. Here in my infra, I can deploy agents to other servers in the same server group  and all are identical. Not sure what is the reason for failure. Including the GPO, Security Settings everything is same. 

    Looking for more option.

    Ren


    Monday, January 12, 2015 4:31 PM
  • @Dani,

         I checked these settings earlier and it didn't work. Looking for more option.

    Regards,

    Ren

    Monday, January 12, 2015 4:33 PM
  • Maybe try to specify the sitecode in your client push properties?

    A quick glance at some links showed that as a potential solution. . .

    Jeff

    Monday, January 12, 2015 5:15 PM
  • The site code is there in client push installation properties. 

    Tried to do with a manual installation, given me the same error. 

    Ren

    Monday, January 12, 2015 6:04 PM
  • Any suggestions..?
    Tuesday, January 13, 2015 3:02 PM
  • Since the issue is occurring only on some systems in the environment, I would focus investigation on those systems.  Double check and make sure all the client prerequisites are satisfied:

    http://technet.microsoft.com/en-us/library/gg682042.aspx

    Jeff

    Tuesday, January 13, 2015 3:27 PM
  • Just to add on - The OS for failing servers are Windows 2003 & Windows 2008. Do we have any list of Pre-req for these OS?

    Ren

    Tuesday, January 13, 2015 4:38 PM
  • The OS for failing servers are Windows 2003 & Windows 2008. Do we have any list of Pre-req for these OS?

    Sure: http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigClientReq

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, January 13, 2015 4:45 PM
  • @Torson, I have verified this link earlier.  The pre-req for the client is going downloaded during the client download time. Here it is failing before that. It is detects the package and failing right there..

    Ren

    Tuesday, January 13, 2015 5:14 PM


    • Proposed as answer by Renj1 Thursday, July 30, 2015 7:00 PM
    • Edited by Renj1 Thursday, July 30, 2015 7:04 PM
    Thursday, July 30, 2015 7:00 PM
  • This issue has been resolved. 

    The solution for this issue -  Under software restriction policy --> Trusted Publishers -- Change the "Trusted publisher management" value to "Allow all administrators and users to manage user's own Trusted publishers".

    Make this as a new policy and apply to only these two O

    • Marked as answer by Renjit Thursday, July 30, 2015 7:03 PM
    Thursday, July 30, 2015 7:03 PM