Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Orion Platform > Orion - Knowledgebase Articles > Installer package has invalid signature/Invalid signature on executable file

Installer package has invalid signature/Invalid signature on executable file

Created by Interspire Import, last modified by Caroline Juszczak on Jan 26, 2018

Views: 2,846 Votes: 0 Revisions: 14

Overview

You get an error similar to the following:

  • Agent deployment failed. Installer package has invalid signature (NPM during Agent Deployment)
  • Invalid signature on executable file (SAM when running the "Configure Server" button for AppInsight for Exchange)

Environment

Orion Platform products

Cause

This is caused when the Certificate Authority (CA) certificate for the issuing CA of the certificate used to sign the executable file for the remote configuration is missing from the "Local Computer\Trusted Root Certification Authority" store for the server. Normally, the certificate will be imported into the store automatically if it is missing, unless the system has been "locked down" using security settings to prevent this.

Note: Windows 2012 R2 natively includes the intermediate certificate needed to validate the code signing certificate used. Other non-Windows 2012 R2 servers should have their root certificates updated automatically by Windows Update, provided the server has internet access and is allowed to download abd install Windows updates on a regular basis.  

11111.png 

Resolution

You will need to manually download the Root CA certificate and install it into the Local Computer\Trusted Root Certification Authority store on the Exchange server. You can download it here: https://www.symantec.com/content/dam/symantec/docs/other-resources/verisign-class-3-public-primary-certification-authority-g5-en.pem

  1. Open a new MMC.
  2. Click File > Add/Remove Snap-in.
  3. Add the Certificates Snap-in.
    22222.png 
  4. Select Computer Account, and then click Next.
    33333.png 
  5. Ensure Local Computer is selected (the computer this console is running on).
  6. Click Finish.
    44444.png 
  7. Click OK to add the snap-in into the MMC window.
  8. Expand the certificate store tree.
  9. Right-click the Trusted Root Certification Authorities store.
  10. Select All Tasks/Import to import the previously downloaded certificate(s).
    55555.png 
  11. Follow the prompts of the wizard to import the certificate(s).
  12. Verify the Verisign Class 3 Public Primary Certification Authority – G5 certificate is present in the Trusted Root Certification Authorities store (It is recommended that you import all missing Root CA certificates).
    66666.png 
  13. Re-run the Configure Server button in AppInsight for Exchange and the process should complete successfully.
    77777.png 

At this point, the Verisign Root CA certificate(s) can be removed from the Exchange server, if desired (not recommended). 

 

Last modified

Tags

Classifications

Public