Good morning, I have just installed a SCCM 2007 server and have begun configuring my secondary sites. I had just done an install at our sister company a few weeks back and it went flawless, but not so much this time around. Many of my secondary sites are CONSTANTLY getting the following error: SMS_DESPOOLER 4406: SMS Despooler received an instruction and package file from site XXX that contains either software distribution data or inter-site replication data, however either the signature on the package or the hash algorithm ID used for the signature is not valid, the despooler will delete the instruction and the package file. On one secondary server last night alone it occured at 2:41AM, 4:02 AM, 5:17 AM, 6:17 AM, 9:17 AM etc. Another one had it occur at similar times...no 2:41 but 4:02 AM, 5:17, 6:17, 9:17. Any idea what could be happening here? I have done many searches and not come up with much of anything. Thanks in advance.

Maybe the sites were not able to exchange keys. See http://technet.microsoft.com/en-us/library/bb693690.aspx

Thank you for the reply! I actually run through those steps every time I add a secondary site as it usually cuts down on a lot of the time that it takes for the new secondary site to become available for configuration. DESPOOL log looks like this every time there is an error (site code has been replaced with XXX and the long public key number has been replaced with ZZZ): Sort 1 despooler instructions by file time SMS_DESPOOLER 23/11/2009 10:36:41 AM 43140 (0xA884) Found ready instruction 2yrimXXX.sni SMS_DESPOOLER 23/11/2009 10:36:41 AM 43140 (0xA884) Used 0 out of 3 despooling threads SMS_DESPOOLER 23/11/2009 10:36:41 AM 43140 (0xA884) Created a new despooling thread 9BC0 SMS_DESPOOLER 23/11/2009 10:36:41 AM 43140 (0xA884) Waiting for the next instruction.... SMS_DESPOOLER 23/11/2009 10:36:41 AM 43140 (0xA884) Waiting for ready instruction file.... SMS_DESPOOLER 23/11/2009 10:36:41 AM 43140 (0xA884) Verifying signature for instruction D:\SCCM\inboxes\despoolr.box\receive\ds_l0a7x.ist of type MICROSOFT|SMS|MINIJOBINSTRUCTION|REPORTING SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::CPublicKeyLookup("XXX") SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::CPublicKeyLookup("XXX") Initializing to file: D:\SCCM\inboxes\hman.box\pubkey\XXX.pkc SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::GetNextKey() Getting Iteration: 2 SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::GetNextKey() Checking D:\SCCM\inboxes\hman.box\pubkey\XXX.pkc for Key0 SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::GetNextKey() No Match Found, Trying D:\SCCM\inboxes\hman.box\pubkey\XXX.pkp SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::GetNextKey() Found Key: ZZZ SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) Begin to calculate signature on D:\SCCM\inboxes\despoolr.box\receive\ds_l0a7x.pkg using hash algorithm ID 0x8003 SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) Cannot use public key ZZZ to verify package signature from site XXX (Win32 error = 2148073478) SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::GetNextKey() Getting Iteration: 3 SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::GetNextKey() Checking D:\SCCM\inboxes\hman.box\pubkey\XXX.pkp for Key1 SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::GetNextKey() Found Key: SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) Cannot use public key ZZZ to verify package signature from site XXX (Win32 error = 2148073478) SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::GetNextKey() Getting Iteration: 9999 SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) CPublicKeyLookup::CPublicKeyLookup("XXX") SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) Delete the instruction (D:\SCCM\inboxes\despoolr.box\receive\ds_l0a7x.ist) from site XXX, the signature is bad. SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) STATMSG: ID=4406 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DESPOOLER" SYS=XXXXXX SITE=XXX PID=41012 TID=39872 GMTDATE=Mon Nov 23 15:36:41.486 2009 ISTR0="XXX" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_DESPOOLER 23/11/2009 10:36:41 AM 39872 (0x9BC0) Waiting for ready instruction file.... SMS_DESPOOLER 23/11/2009 10:36:46 AM 43140 (0xA884) Waiting for ready instruction file.... SMS_DESPOOLER 23/11/2009 10:41:46 AM 43140 (0xA884) Waiting for ready instruction file.... SMS_DESPOOLER 23/11/2009 10:46:46 AM 43140 (0xA884) Any further ideas would be greatly appreciated.

Cannot use public key ZZZ to verify package signature from site XXX (Win32 error = 2148073478) SMS_DESPOOLER 2148073478 translates to "Invalid Signature", so there's something wrong with the keys. Have you tried copying the CT4 and CT5 files to the corresponding sites for a second time?

Cannot use public key ZZZ to verify package signature from site XXX (Win32 error = 2148073478) SMS_DESPOOLER 2148073478 translates to "Invalid Signature", so there's something wrong with the keys. Have you tried copying the CT4 and CT5 files to the corresponding sites for a second time? I have done this 4 or 5 times on the secondary site that I am currently focusing on, but in every case within a couple of hours the error would re-occur. It is happening on 6 of the 10 secondary sites I currently have setup. Is there any way to completely discard the current keys and regenerate new ones?

Can I simply disable secure key exchange between sites in SCCM to avoid this error? Our SCCM implementation is used on the local intranet ONLY so there really isn't any need to require it. Also, I assume these public keys are held somewhere in AD...any way to clear/refresh them in there in case some old SMS keys are still being held?

Keys are written automatically to AD if the schema has been extended and AD publishing is enabled for the sites. ConfigMgr should refresh them automatically. You could try disabling "secure key exchange" if it solves the issue.

Thanks for your help Torsten, I have disabled the secure key exchange requirement from the primary site and all secondary sites and the errors have stopped. I think this is safe as SCCM in our environment is INTERNAL only and will remain that way.

Do you uncheck all three options under "Specify settings for publishing and secure key exchange", or just "Require secure key exchange between sites"? I have unchecked just the bottom and continue to get: SMS Despooler received an instruction and package file from site MIN that contains either software distribution data or inter-site replication data, however either the signature on the package or the hash algorithm ID used for the signature is not valid, the despooler will delete the instruction and the package file. I have tried manually copying the keys and that has not helped as well. I have 3 other sites and this is the only one with these problems. Thanks!