topic Re: Update 7.6.0.55 fails - untrusted signer in Insight Remote Support

Update 7.6.0.55 fails - untrusted signer

Vadim_Paladi — Wed, 31 Aug 2016 13:31:01 GMT

Tried to download it several times today with same result.

"Content760Pkg.zip is not signed by a trusted signer"

No changes have been made to client and server.

Re: Update 7.6.0.55 fails - untrusted signer

toddg1 — Wed, 31 Aug 2016 13:36:54 GMT

I don't have a solution - but I think there is work being done to address this.

A question, which browser were you using? Did you try a different browser? I know many folks have been able to download this package successfully - and I have heard some rumblings that the "signing" problem is in the browser having been updated in a way that isn't compatible.

Just a thought - if you haven't tried Firefox or Chrome - it might be worth a try?

Re: Update 7.6.0.55 fails - untrusted signer

toddg1 — Wed, 31 Aug 2016 17:10:29 GMT

Hello - we are aware of a problem where an out of date certificate is on the download server that is causing this problem. We are working to get this corrected as soon as possible.

Re: Update 7.6.0.55 fails - untrusted signer

toddg1 — Thu, 01 Sep 2016 12:30:17 GMT

Hi - this problem was fixed yesterday afternoon. Can you please try again now? Please post your results if you can

Re: Update 7.6.0.55 fails - untrusted signer

Vadim_Paladi — Fri, 02 Sep 2016 06:17:30 GMT

Still same result.

HPRSExecutionManager[SoftwareManager Task (ae24f372-3862-4d4d-a8ec-5e5a5a240dee)] ERROR c.h.u.s.p.SwmProcessingModule - Caught an unexpected Exception
com.hp.uca.swm.exception.SwmDownloadFileException: java.lang.SecurityException: G:\ProgramData\HP\RS\DATA\swm\LANDINGZONE\Content760Pkg\Content760Pkg.zip is not signed by a trusted signer
at com.hp.uca.swm.apackage.PackageDownloader.verifySignature(PackageDownloader.java:233) ~[swm.jar:na]
at com.hp.uca.swm.apackage.PackageDownloader.download(PackageDownloader.java:142) ~[swm.jar:na]
at com.hp.uca.swm.packages.SwmDownloader.download(SwmDownloader.java:329) ~[swm.jar:na]
at com.hp.uca.swm.packages.SwmDownloader.downloadPkgAndDepPkgs(SwmDownloader.java:258) ~[swm.jar:na]
at com.hp.uca.swm.packages.SwmDownloader.downloadPackage(SwmDownloader.java:142) ~[swm.jar:na]
at com.hp.uca.swm.processingmodules.SwmProcessingModule.handleRequest(SwmProcessingModule.java:64) ~[swm.jar:na]
at com.hp.uca.taskcontroller.processingmodules.AbstractProcessingModule.processModule(AbstractProcessingModule.java:122) [taskcontroller.jar:na]
at com.hp.uca.taskcontroller.processingmodules.SimpleProcessingModule.handleRequest(SimpleProcessingModule.java:38) [taskcontroller.jar:na]
at com.hp.uca.taskcontroller.processingmodules.AbstractProcessingModule.processModule(AbstractProcessingModule.java:122) [taskcontroller.jar:na]
at com.hp.uca.taskcontroller.threads.ProcessingModuleEngine.run(ProcessingModuleEngine.java:26) [taskcontroller.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_60]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]

Re: Update 7.6.0.55 fails - untrusted signer

toddg1 — Fri, 02 Sep 2016 14:26:20 GMT

HI All,

Customers do not have to do anything unusual to recover from a failure. The next time their 7.6.0 client checks for updates – whether by schedule, or by hand-triggering – the certificate bundle will download and be processed.

It is likely the user(s) reporting problems are trying to download the CLU2 package, which is already visible as ‘available’ in the SWM screen, without clicking on the “check for updates” button.

Please click on the "Check for Updates" button - and then this new certificate should be brought to your system.

The cert update procedure is part of the check-for-updates step, not part of the download-a-package step.

Here is what you will see in the logs as part of a successful check-for-updates execution:

31 Aug 2016 15:47:02.888 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO com.hp.uca.swm.common.DownloadFile - Attempting to download https://services.isee.hp.com/SWM/certs/certs.zip to C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

31 Aug 2016 15:47:03.560 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO com.hp.uca.swm.common.DownloadFile - Successfully downloaded https://services.isee.hp.com/SWM/certs/certs.zip to C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

31 Aug 2016 15:47:03.607 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO c.h.u.a.DigitalSignatureVerifier - C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip is signed by verisign-class3-codesigning-2010-ca

31 Aug 2016 15:47:03.622 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO c.h.u.accounts.IRSAccountInfoManager - Imported 1-AddTrust_External_CA_Root-2000-2020.cer into keystore from C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

...

31 Aug 2016 15:47:03.810 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO c.h.u.accounts.IRSAccountInfoManager - Imported 5-hpca2ssG2_ie.cer into keystore from C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

31 Aug 2016 15:47:03.857 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO c.hp.uca.swm.manifest.SwmGetCatalog - Total# of parsed packages : 44

Once that is complete, the CLU downloads correctly.

Re: Update 7.6.0.55 fails - untrusted signer

Vadim_Paladi — Fri, 02 Sep 2016 15:11:11 GMT

Thanks! That works.

Re: Update 7.6.0.55 fails - untrusted signer

Amr_Koptan — Wed, 22 Feb 2017 13:08:33 GMT

Hello Toddg1

Thanks alot for the instructions you provided , the refresh brought new Manifest items to be updated but i received a new error which i have absolutely no clue about, it says in the logs :

22 Feb 2017 14:36:47.132 HPRSExecutionManager[SoftwareManager Task (29983a5e-1cd8-44fa-8abf-be82a47eb90d)] ERROR c.h.u.s.p.SwmProcessingModule - Caught an unexpected Exception

com.hp.uca.swm.exception.SwmDownloadFileException: MD5 checksum (2d88c9564a8cf729182135c454bd1e43) of package LocalHelpPkg (7.7.0.42) doesn't match the checksum (760825e4d31490f683b46d8545ded104) specified in package catalog

do you have any idea what this is ? thanks

Re: Update 7.6.0.55 fails - untrusted signer

toddg1 — Wed, 22 Feb 2017 13:20:49 GMT

Asking the team about this - stay tuned

Re: Update 7.6.0.55 fails - untrusted signer

Amr_Koptan — Wed, 22 Feb 2017 13:22:31 GMT

Thank you very much appreciate your assistance a lot

Amr

Re: Update 7.6.0.55 fails - untrusted signer

toddg1 — Wed, 22 Feb 2017 18:23:44 GMT

We are not able to reproduce this - perhaps something got munged during the download. Have you tried going to the Software Management tab in Insight RS and manually downloading to see if that works?

Re: Update 7.6.0.55 fails - untrusted signer

Amr_Koptan — Wed, 22 Feb 2017 18:44:00 GMT

Hello Todd

well i can see from the logs that the download is successful for all the packages but the MD5 checksum is the problem in most of them, before the update packages used to download and install without issues this happened only after the 7.7.0.0020 update, all packages fail the same way

amr

Re: Update 7.6.0.55 fails - untrusted signer

toddg1 — Wed, 22 Feb 2017 20:34:27 GMT

Ok - back from the team:

It sounds to me like his SWM manifest file is out of date.

“Check for Updates”, then try again.

Please go to the Software Updates page and manually: "Check for updates" which will download the "manifest file" that is being validated as part of the MD5 check.

If this doesn't work - we may need to ask that you open a support case, but hopefully this is it!

Re: Update 7.6.0.55 fails - untrusted signer

Amr_Koptan — Wed, 22 Feb 2017 20:40:22 GMT

Well Todd this is exactly what i tried to do but unfortunately i always get the same result, looks like this matter needs to get escalated with a case,
thank you very much for your assistance and precious time, quite appreciated
Amr

Re: Update 7.6.0.55 fails - untrusted signer

toddg1 — Wed, 22 Feb 2017 20:47:00 GMT

Ok - just double-checking. You did press the "check for updates" button:

and THEN manually download the file again?

Re: Update 7.6.0.55 fails - untrusted signer

Amr_Koptan — Wed, 22 Feb 2017 20:58:15 GMT

Yes that's exactly what i did, in the logs i can see that the file was downloaded to its intended folder successfully but when the hash is compared the checksum issue aborts the update and i get a red X.