Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Network Performance Monitor (NPM) > Installer package has invalid signature/Invalid signature on executable file

Installer package has invalid signature/Invalid signature on executable file

Created by Interspire Import, last modified by Caroline Juszczak on Aug 30, 2016

Views: 450 Votes: 0 Revisions: 13

Overview

You get an error similar to the following:

  • Agent deployment failed. Installer package has invalid signature (NPM during Agent Deployment)
  • Invalid signature on executable file (SAM when running the "Configure Server" button for AppInsight for Exchange)

Environment

All versions of NPM

Cause

This is caused when the Certificate Authority (CA) certificate for the issuing CA of the certificate used to sign the executable file for the remote configuration is missing from the "Local Computer\Trusted Root Certification Authority" store for the server. Normally, the certificate will be imported into the store automatically if it is missing, unless the system has been "locked down" using security settings to prevent this.

Note: Windows 2012 R2 natively includes the intermediate certificate needed to validate the code signing certificate used. Other non-Windows 2012 R2 servers should have their root certificates updated automatically by Windows Update, provided the server has internet access and is allowed to download abd install Windows updates on a regular basis.  

11111.png 

Resolution

You will need to manually download the Root CA certificate and install it into the Local Computer\Trusted Root Certification Authority store on the Exchange server. You can download it here: https://www.symantec.com/content/dam/symantec/docs/other-resources/verisign-class-3-public-primary-certification-authority-g5-en.pem

  1. Open a new MMC.
  2. Click File > Add/Remove Snap-in.
  3. Add the Certificates Snap-in.
    22222.png 
  4. Select Computer Account, and then click Next.
    33333.png 
  5. Ensure Local Computer is selected (the computer this console is running on).
  6. Click Finish.
    44444.png 
  7. Click OK to add the snap-in into the MMC window.
  8. Expand the certificate store tree.
  9. Right-click the Trusted Root Certification Authorities store.
  10. Select All Tasks/Import to import the previously downloaded certificate(s).
    55555.png 
  11. Follow the prompts of the wizard to import the certificate(s).
  12. Verify the Verisign Class 3 Public Primary Certification Authority – G5 certificate is present in the Trusted Root Certification Authorities store (It is recommended that you import all missing Root CA certificates).
    66666.png 
  13. Re-run the Configure Server button in AppInsight for Exchange and the process should complete successfully.
    77777.png 

At this point, the Verisign Root CA certificate(s) can be removed from the Exchange server, if desired (not recommended). 

 

Last modified

Tags

Classifications

Public