Remote Windows 2008R2 client upgrade fails with:
[Critical] <client.domain.com> [70:32] Digital Signature verification of the install kit failed.
The Data Protector's installservice.exe binary digital signature cannot be verified
1. Install the latest digital signature certificates:
- On a Windows server machine with internet access execute in Powershell: certutil -generateSSTFromWU x:\path\<name>.sst, where x:\path is a location on a local disk and name (without <>) is the name of the Certificate Store file. This command will download from the MS update servers the latest digital signature certificates.
- Open the new sst file from powershell/cmd: explorer x:\path\<name>.sst.
- Find and export 3 certificates: "AddTrust External CA Root", "COMODO Certification Authority" and "COMODO RSA Certification Authority".
- Import the 3 certificates either for a single client or the whole domain by following the instructions at https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754841(v=ws.11).
2. Update the CRL (Certificate Revocation List) cache on the affected host:
- certutil -URLCache -f http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
3. In case there are still such errors to be seen after the above procedure, try to replace the currently used \\InstallationServer.domain.com\Omniback\i386\installservice.exe from v9.09 b115 with installservice.exe from v9.07 b109