Hello,I am trying to deploy Adobe Acrobat 9 Professional from my SCE 2007 server and I am running into some issues. If I try and set the package up from my XP desktop, I get an error message while trying to digitally sign the package...verification of file signature failed . If I try and create the package directly from the SCE server console, it will create successfully. I know the SCE certificates installed on my Windows XP box are good, because I just set up an Adobe Illustrator CS4 package from my desktop and everything was copied up to the SCE server without any problems. I set Acrobat 9 to download to the licensed clients, however, they are failing with error code: 0x800B0003. I know this is an indication that there is something wrong with the certificate trust chain. I went to the computers and confirmed the certificates were still installed in the trusted publishers certificate store. I also tried deleting the certificates and re-importing them. I have also tried following all of the suggested methods listed here: http://support.microsoft.com/kb/822798/. I have tried deleting and re-adding the client to the SCE console (including clearing out the SoftwareDistribution folder). Nothing seems to be working. I found a year old post saying that there is a bug in Server 2003 where it cannot verify the digital signature of large files (one cab file by itself is over 600MB). I followed the instructions I found on a site and downloaded hotfix KB888303. When I tried to run the hotfix it told me that the SP on my server 2003 box was greater than the SP being installed and the installation closed out.Can anyone offer any other suggestions to try? My setup is a Server 2003 Std. Edition x64 box running SCE 2007 with all security patches installed. The clients all appear to be fine, as they are continuing to check in and download other smaller software packages. One thing I did notice, was that if I look at the properties of the .CAB files that were created for the SCE software package on the server, I see a Digital signature tab. If I look at the properties on my XP box, I don't see the Digital Signature tab on the cab that includes the 600+MB data CAB file. Any suggestions or help would be greatly appreciated. I really don't want to go computer to computer installing this if I can help it. Thanks!Here is a sample of the log from a client with a failed Acrobat 9 installation on which I tried all of the troubleshooting steps listed above2009-04-2915:04:17:5221956234AULaunched new AU client for directive 'Download Progress', session id = 0x02009-04-2915:04:17:5682372a98Misc=========== Logging initialized (build: 7.2.6001.788, tz: -0400) ===========2009-04-2915:04:17:5682372a98Misc = Process: C:\WINDOWS\system32\wuauclt.exe2009-04-2915:04:17:5682372a98AUClntLaunched Client UI process2009-04-2915:04:17:6152372a98Misc=========== Logging initialized (build: 7.2.6001.788, tz: -0400) ===========2009-04-2915:04:17:6152372a98Misc = Process: C:\WINDOWS\system32\wuauclt.exe2009-04-2915:04:17:6152372a98Misc = Module: C:\WINDOWS\system32\wucltui.dll2009-04-2915:04:17:6152372a98CltUIAU client got new directive = 'Download Progress', serviceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, return = 0x000000002009-04-2915:04:17:6152372a98CltUIAU client creating default WU/WSUS UI plugin2009-04-2915:04:58:896195623cDnldMgrBITS job {6A12A10C-0BBC-4886-9643-97965DC392E7} completed successfully2009-04-2915:05:01:581195623cMiscValidating signature for C:\WINDOWS\SoftwareDistribution\Download\d9d031634b8ee6a13d519b4d74464959\c35565e5-c8a4-4316-bd81-ee25f73bad45_1.cab:2009-04-2915:05:01:581195623cMiscWARNING: Error: 0x800b0003 when verifying trust for C:\WINDOWS\SoftwareDistribution\Download\d9d031634b8ee6a13d519b4d74464959\c35565e5-c8a4-4316-bd81-ee25f73bad45_1.cab2009-04-2915:05:01:581195623cMiscWARNING: Digital Signatures on file C:\WINDOWS\SoftwareDistribution\Download\d9d031634b8ee6a13d519b4d74464959\c35565e5-c8a4-4316-bd81-ee25f73bad45_1.cab are not trusted: Error 0x800b00032009-04-2915:05:01:628195623cDnldMgrWARNING: File failed postprocessing, error = 800b00032009-04-2915:05:01:628195623cDnldMgrFailed file: URL = 'http://xxxx.nist.gov:8530/Content/6B/0CE6EB605468C8D7DB8059BB5C1078323F02E06B.cab', Local path = 'C:\WINDOWS\SoftwareDistribution\Download\d9d031634b8ee6a13d519b4d74464959\c35565e5-c8a4-4316-bd81-ee25f73bad45_1.cab'2009-04-2915:05:01:644195623cMiscValidating signature for C:\WINDOWS\SoftwareDistribution\Download\d9d031634b8ee6a13d519b4d74464959\c35565e5-c8a4-4316-bd81-ee25f73bad45_2.cab:2009-04-2915:05:01:659195623cMisc Microsoft signed: No2009-04-2915:05:01:659195623cMiscTrusted Publisher: Yes2009-04-2915:05:01:659195623cDnldMgrError 0x800b0003 occurred while downloading update; notifying dependent calls.2009-04-2915:05:01:6591956fd0AU>>## RESUMED ## AU: Download update [UpdateId = {A39EF05D-7414-4973-BB6C-9183D7623D63}]2009-04-2915:05:01:6591956fd0AU # WARNING: Download failed, error = 0x800B00032009-04-2915:05:01:6751956fd0AU#########2009-04-2915:05:01:6751956fd0AU## END ## AU: Download updates2009-04-2915:05:01:6751956fd0AU#############Matt

Hi Matt,Please try the following steps to verify the certificates on both SCE server and your remote console client:To verify that the SSL certificate has been configured on the WSUS website:1. Open IIS Manager on the Essentials server 2. Navigate to Web Sites\WSUS Administration 3. Right click on the WSUS Administration web site and select Properties 4. Select the Directory Security tab 5. In the Secure Communications section, click on View Certificate. 6. On the Details tab of the certificate, the Issuerproperty should be the name of the System Center Essentials server. The Thumbprint property should match what is in the SSLCertHash value in HKLM\Software\Microsoft\System Center Essentials\1.0\PolicySettings. This can be used to compare with the Thumbprint of the certificate on the client machine to verify that they are the same. To verify that the Code Signing certificate has been created on the System Center Essentials server, verify that the WSUS Publishers Self-signed certificate exists under WSUS\Certificates in the Local Computer certificate store. To do this: 1. Go to Start - Run - mmc.exe 2. When the MMC console opens, select File - Add/Remove Snap-in, then click on Add. 3. In the list of snap-ins, select Certificates and click on Add. 4. Select Computer account and click on Next, then select Local Computer and click on Finish. 5. Close the Snap-ins list and click Ok on the Add/Remove snap-in window. 6. In the Certificate console, expand the Certificates (Local Computer) tree and verify that the WSUS PublishersSelf-signed certificate exists under WSUS\Certificates. 7. On the Details tab of the certificate, the Issuer property should be WSUS Publishers Self-signed. The Thumbprint property should match what is in the WSSUCodeSigningCertHash value in HKLM\Software\Microsoft\System Center Essentials\1.0\PolicySettings. This can be used to compare with the Thumbprint of the certificate on the client machine to verify that they are the same. To verify that the Code Signing certificate has been configured on the Essentials server and on client computers, use the Certificates MMC console to verify that it exists under Trusted Root Certification Authorities, Trusted Publishers, and Third-Party Root Certification Authorities in the Local Computer certificate store. To do this: 1. Go to Start - Run - mmc.exe 2. When the MMC console opens, select File - Add/Remove Snap-in, then click on Add. 3. In the list of snap-ins, select Certificates and click on Add. 4. Select Computer account and click on Next, then select Local Computer and click on Finish. 5. Close the Snap-ins list and click Ok on the Add/Remove snap-in window 6. In the Certificate console, expand the Certificates (Local Computer) tree and verify that the following certificate is listed under Trusted Root Certification Authorities\Certificates, Trusted Publishers and Third-Party Root Certification Authorities: Issued To:WSUS Publishers Self-signedIssued By:WSUS Publishers Self-signedIntended Purpose :<All> 7. Verify that the Thumbprint properties on the above certificate matches the thumbprint on the WSUS Publishers Self-signed certificate under WSUS\Certificates in the certificate store on the Essentials server.

Hi Eric,Thank you very much for your reply. I followed all of the steps, and everything checked out. The thumbprint's matched up. The certificate and thumbprint matched up for the IIS site as well.I tried re-doing Acrobat 9 Pro, and ran into the same problem. However, I was able to configure other smaller software packages without any problems.

Hi Matt,If the size of a single installation file is larger than 500MB, the this problem will occur. Howerver, there is no workaround for this issue, I'd like to suggest you use SMS/SCCM to deploy the large size software

Thank you for your help Eric.