Submit a ticketCall us

AnnouncementsSystem Monitoring for Dummies

Tired of monitoring failures disrupting the system, application, and service? Learn the key monitoring concepts needed to help you create sophisticated monitoring and alerting strategies that can help you save time and money. Read the eBook.

Get your free eBook.

Home > Success Center > Orion Platform > Orion - Knowledgebase Articles > Installer package has invalid signature/Invalid signature on executable file

Installer package has invalid signature/Invalid signature on executable file

Created by Interspire Import, last modified by Caroline Juszczak on Jan 26, 2018

Views: 3,515 Votes: 0 Revisions: 14


You get an error similar to the following:

  • Agent deployment failed. Installer package has invalid signature (NPM during Agent Deployment)
  • Invalid signature on executable file (SAM when running the "Configure Server" button for AppInsight for Exchange)


Orion Platform products


This is caused when the Certificate Authority (CA) certificate for the issuing CA of the certificate used to sign the executable file for the remote configuration is missing from the "Local Computer\Trusted Root Certification Authority" store for the server. Normally, the certificate will be imported into the store automatically if it is missing, unless the system has been "locked down" using security settings to prevent this.

Note: Windows 2012 R2 natively includes the intermediate certificate needed to validate the code signing certificate used. Other non-Windows 2012 R2 servers should have their root certificates updated automatically by Windows Update, provided the server has internet access and is allowed to download abd install Windows updates on a regular basis.  



You will need to manually download the Root CA certificate and install it into the Local Computer\Trusted Root Certification Authority store on the Exchange server. You can download it here:

  1. Open a new MMC.
  2. Click File > Add/Remove Snap-in.
  3. Add the Certificates Snap-in.
  4. Select Computer Account, and then click Next.
  5. Ensure Local Computer is selected (the computer this console is running on).
  6. Click Finish.
  7. Click OK to add the snap-in into the MMC window.
  8. Expand the certificate store tree.
  9. Right-click the Trusted Root Certification Authorities store.
  10. Select All Tasks/Import to import the previously downloaded certificate(s).
  11. Follow the prompts of the wizard to import the certificate(s).
  12. Verify the Verisign Class 3 Public Primary Certification Authority – G5 certificate is present in the Trusted Root Certification Authorities store (It is recommended that you import all missing Root CA certificates).
  13. Re-run the Configure Server button in AppInsight for Exchange and the process should complete successfully.

At this point, the Verisign Root CA certificate(s) can be removed from the Exchange server, if desired (not recommended). 


Last modified