SCCM 2012 - R2 -CU3 - Client Installation Issue - Couldn't verify authenticode signature. Return code 0x80092026 &&  Failed to extract manifest cab file with error 0x80004005. Try next location

Hi All,

                   I am unable to install SCCM client on couple of machine.  I am seeing this issue for some of the clients so not sure on what is problem. Clients are windows 2008 R2 server. I verified the registry value for the trust  and it is showing up correctly. Any help would be much appreciated..

Infra detail

===========

SCCM 2012 R2 - CU3 server  , SQL-2012  remote , DP server -- All the servers are running Windows server 2012 R2.

I tried to push client to a collection of 10 computer - and 5 of them client got installed but the rest are failing with this error.

====================================

Couldn't verify 'C:\Windows\ccmsetup\ccmsetup.cab' authenticode signature. Return code 0x80092026 ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
A Fallback Status Point has not been specified.  Message with STATEID='316' will not be sent. ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
Failed to extract manifest cab file with error 0x80004005. Try next location. ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
Enumerated all 1 local DP locations but none of them is good. Fallback to MP. ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
GET 'HTTP://server1.com/CCM_Client/ccmsetup.cab' ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
Couldn't verify 'C:\Windows\ccmsetup\ccmsetup.cab' authenticode signature. Return code 0x80092026 ccmsetup 1/8/2015 4:02:04 PM 15208 (0x3B68)
CcmSetup failed with error code 0x80004005 ccmsetup 1/8/2015 4:02:04 PM 13828 (0x3604)

====================================

Regards,

Ren



 



  • Edited by Renjit Friday, January 09, 2015 9:17 PM typo
January 9th, 2015 9:15pm

0x80092026  "The cryptographic operation failed due to a local security option setting."

Is there anything special about the servers encountering the issue? GPOs, etc.?

You take a look at this thread - it may relate to the issue you are seeing:

https://social.technet.microsoft.com/Forums/en-US/1a580444-c980-4e59-bd4e-e15857026170/push-client-installation-authenticode-errors?forum=configmanagerdeployment

Jeff

Free Windows Admin Tool Kit Click here and download it now
January 9th, 2015 9:24pm

Hello,

Check if the following registry key is changed:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

This value corresponds to the Internet Explorer security setting "Check for publishers certificate Revocation" and "Check for signatures on downloaded programs". The default value is set to 23c00.

Check this article.

January 12th, 2015 5:51am

Thanks Jeff.

That link not specifically saying where and what we have to look. Here in my infra, I can deploy agents to other servers in the same server group  and all are identical. Not sure what is the reason for failure. Including the GPO, Security Settings everything is same. 

Looking for more option.

Ren


Free Windows Admin Tool Kit Click here and download it now
January 12th, 2015 4:31pm

@Dani,

     I checked these settings earlier and it didn't work. Looking for more option.

Regards,

Ren

January 12th, 2015 4:33pm

Maybe try to specify the sitecode in your client push properties?

A quick glance at some links showed that as a potential solution. . .

Jeff

Free Windows Admin Tool Kit Click here and download it now
January 12th, 2015 5:15pm

The site code is there in client push installation properties. 

Tried to do with a manual installation, given me the same error. 

Ren

January 12th, 2015 6:04pm
Any suggestions..?
Free Windows Admin Tool Kit Click here and download it now
January 13th, 2015 3:02pm

Since the issue is occurring only on some systems in the environment, I would focus investigation on those systems.  Double check and make sure all the client prerequisites are satisfied:

http://technet.microsoft.com/en-us/library/gg682042.aspx

Jeff

January 13th, 2015 3:27pm

Just to add on - The OS for failing servers are Windows 2003 & Windows 2008. Do we have any list of Pre-req for these OS?

Ren

Free Windows Admin Tool Kit Click here and download it now
January 13th, 2015 4:38pm

The OS for failing servers are Windows 2003 & Windows 2008. Do we have any list of Pre-req for these OS?

Sure: http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigClientReq
January 13th, 2015 4:45pm

@Torson, I have verified this link earlier.  The pre-req for the client is going downloaded during the client download time. Here it is failing before that. It is detects the package and failing right there..

Ren

Free Windows Admin Tool Kit Click here and download it now
January 13th, 2015 5:14pm



  • Proposed as answer by Renj1 12 hours 51 minutes ago
  • Edited by Renj1 12 hours 47 minutes ago
July 30th, 2015 3:02pm

This issue has been resolved. 

The solution for this issue -  Under software restriction policy --> Trusted Publishers -- Change the "Trusted publisher management" value to "Allow all administrators and users to manage user's own Trusted publishers".

Make this as a new policy and apply to only these two O

  • Marked as answer by Renjit 12 hours 48 minutes ago
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 3:05pm



  • Proposed as answer by Renj1 Thursday, July 30, 2015 7:00 PM
  • Edited by Renj1 Thursday, July 30, 2015 7:04 PM
July 30th, 2015 7:00pm

This issue has been resolved. 

The solution for this issue -  Under software restriction policy --> Trusted Publishers -- Change the "Trusted publisher management" value to "Allow all administrators and users to manage user's own Trusted publishers".

Make this as a new policy and apply to only these two O

  • Marked as answer by Renjit Thursday, July 30, 2015 7:03 PM
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 7:03pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics