Remote Windows 2008R2 client upgrade fails

Document ID:KM03115227
Creation Date:09-Mar-2018
Modified Date:10-May-2018
- Micro Focus Products:
  data protector 9.09

Summary

Remote Windows 2008R2 client upgrade fails with "Digital Signature verification of the install kit failed."

Error

Remote Windows 2008R2 client upgrade fails with:

[Critical] <client.domain.com> [70:32] Digital Signature verification of the install kit failed.

Cause

The Data Protector's installservice.exe binary digital signature cannot be verified

Fix

1. Install the latest digital signature certificates:

- On a Windows server machine with internet access execute in Powershell: certutil -generateSSTFromWU x:\path\<name>.sst, where x:\path is a location on a local disk and name (without <>) is the name of the Certificate Store file. This command will download from the MS update servers the latest digital signature certificates.

- Open the new sst file from powershell/cmd: explorer x:\path\<name>.sst.

- Find and export 3 certificates: "AddTrust External CA Root", "COMODO Certification Authority" and "COMODO RSA Certification Authority".

- Import the 3 certificates either for a single client or the whole domain by following the instructions at https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754841(v=ws.11).

2. Update the CRL (Certificate Revocation List) cache on the affected host:

- certutil -URLCache -f http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl

3. In case there are still such errors to be seen after the above procedure, try to replace the currently used \\InstallationServer.domain.com\Omniback\i386\installservice.exe from v9.09 b115 with installservice.exe from v9.07 b109