Insight Remote Support
cancel
Showing results for 
Search instead for 
Did you mean: 

Update 7.6.0.55 fails - untrusted signer

SOLVED
Go to solution
Vadim_Paladi
Occasional Advisor

Update 7.6.0.55 fails - untrusted signer

Tried to download it several times today with same result.

"Content760Pkg.zip is not signed by a trusted signer"

No changes have been made to client and server.

15 REPLIES
toddg1
HPE Pro

Re: Update 7.6.0.55 fails - untrusted signer

I don't have a solution - but I think there is work being done to address this.

A question, which browser were you using?  Did you try a different browser? I know many folks have been able to download this package successfully - and I have heard some rumblings that the "signing" problem is in the browser having been updated in a way that isn't compatible.

Just a thought - if you haven't tried Firefox or Chrome - it might be worth a try?

I am an HPE employee.
toddg1
HPE Pro

Re: Update 7.6.0.55 fails - untrusted signer

Hello - we are aware of a problem where an out of date certificate is on the download server that is causing this problem.  We are working to get this corrected as soon as possible.

I am an HPE employee.
toddg1
HPE Pro

Re: Update 7.6.0.55 fails - untrusted signer

Hi - this problem was fixed yesterday afternoon.  Can you please try again now?  Please post your results if you can

I am an HPE employee.
Vadim_Paladi
Occasional Advisor

Re: Update 7.6.0.55 fails - untrusted signer

Still same result.

HPRSExecutionManager[SoftwareManager Task (ae24f372-3862-4d4d-a8ec-5e5a5a240dee)] ERROR c.h.u.s.p.SwmProcessingModule - Caught an unexpected Exception
com.hp.uca.swm.exception.SwmDownloadFileException: java.lang.SecurityException: G:\ProgramData\HP\RS\DATA\swm\LANDINGZONE\Content760Pkg\Content760Pkg.zip is not signed by a trusted signer
 at com.hp.uca.swm.apackage.PackageDownloader.verifySignature(PackageDownloader.java:233) ~[swm.jar:na]
 at com.hp.uca.swm.apackage.PackageDownloader.download(PackageDownloader.java:142) ~[swm.jar:na]
 at com.hp.uca.swm.packages.SwmDownloader.download(SwmDownloader.java:329) ~[swm.jar:na]
 at com.hp.uca.swm.packages.SwmDownloader.downloadPkgAndDepPkgs(SwmDownloader.java:258) ~[swm.jar:na]
 at com.hp.uca.swm.packages.SwmDownloader.downloadPackage(SwmDownloader.java:142) ~[swm.jar:na]
 at com.hp.uca.swm.processingmodules.SwmProcessingModule.handleRequest(SwmProcessingModule.java:64) ~[swm.jar:na]
 at com.hp.uca.taskcontroller.processingmodules.AbstractProcessingModule.processModule(AbstractProcessingModule.java:122) [taskcontroller.jar:na]
 at com.hp.uca.taskcontroller.processingmodules.SimpleProcessingModule.handleRequest(SimpleProcessingModule.java:38) [taskcontroller.jar:na]
 at com.hp.uca.taskcontroller.processingmodules.AbstractProcessingModule.processModule(AbstractProcessingModule.java:122) [taskcontroller.jar:na]
 at com.hp.uca.taskcontroller.threads.ProcessingModuleEngine.run(ProcessingModuleEngine.java:26) [taskcontroller.jar:na]
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_60]
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_60]
 at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]

toddg1
HPE Pro
Solution

Re: Update 7.6.0.55 fails - untrusted signer

HI All,

Customers do not have to do anything unusual to recover from a failure. The next time their 7.6.0 client checks for updates – whether by schedule, or by hand-triggering – the certificate bundle will download and be processed.

 

It is likely the user(s) reporting problems are trying to download the CLU2 package, which is already visible as ‘available’ in the SWM screen, without clicking on the “check for updates” button.

 Please click on the "Check for Updates" button - and then this new certificate should be brought to your system.

The cert update procedure is part of the check-for-updates step, not part of the download-a-package step.

 Here is what you will see in the logs as part of a successful check-for-updates execution:

 

31 Aug 2016 15:47:02.888 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO  com.hp.uca.swm.common.DownloadFile - Attempting to download https://services.isee.hp.com/SWM/certs/certs.zip to C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

31 Aug 2016 15:47:03.560 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO  com.hp.uca.swm.common.DownloadFile - Successfully downloaded https://services.isee.hp.com/SWM/certs/certs.zip to C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

31 Aug 2016 15:47:03.607 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO  c.h.u.a.DigitalSignatureVerifier - C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip is signed by verisign-class3-codesigning-2010-ca

31 Aug 2016 15:47:03.622 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO  c.h.u.accounts.IRSAccountInfoManager - Imported 1-AddTrust_External_CA_Root-2000-2020.cer into keystore from C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

...

31 Aug 2016 15:47:03.810 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO  c.h.u.accounts.IRSAccountInfoManager - Imported 5-hpca2ssG2_ie.cer into keystore from C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

31 Aug 2016 15:47:03.857 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO  c.hp.uca.swm.manifest.SwmGetCatalog - Total# of parsed packages : 44

 

 

Once that is complete, the CLU downloads correctly.

I am an HPE employee.
Vadim_Paladi
Occasional Advisor

Re: Update 7.6.0.55 fails - untrusted signer

Thanks! That works.

Amr_Koptan
Occasional Advisor

Re: Update 7.6.0.55 fails - untrusted signer

Hello Toddg1

Thanks alot for the instructions you provided , the refresh brought new Manifest items to be updated but i received a new error which i have absolutely no clue about, it says in the logs :

22 Feb 2017 14:36:47.132 HPRSExecutionManager[SoftwareManager Task (29983a5e-1cd8-44fa-8abf-be82a47eb90d)] ERROR c.h.u.s.p.SwmProcessingModule - Caught an unexpected Exception

com.hp.uca.swm.exception.SwmDownloadFileException: MD5 checksum (2d88c9564a8cf729182135c454bd1e43) of package LocalHelpPkg (7.7.0.42) doesn't match the checksum (760825e4d31490f683b46d8545ded104) specified in package catalog

do you have any idea what this is ? thanks 

toddg1
HPE Pro

Re: Update 7.6.0.55 fails - untrusted signer

Asking the team about this - stay tuned

I am an HPE employee.
Amr_Koptan
Occasional Advisor

Re: Update 7.6.0.55 fails - untrusted signer

Thank you very much appreciate your assistance a lot

Amr

toddg1
HPE Pro

Re: Update 7.6.0.55 fails - untrusted signer

We are not able to reproduce this - perhaps something got munged during the download.  Have you tried going to the Software Management tab in Insight RS and manually downloading to see if that works?

I am an HPE employee.
Amr_Koptan
Occasional Advisor

Re: Update 7.6.0.55 fails - untrusted signer

Hello Todd

well i can see from the logs that the download is successful for all the packages but the MD5 checksum is the problem in most of them, before the update packages used to download and install without issues this happened only after the 7.7.0.0020 update, all packages fail the same way

amr
toddg1
HPE Pro

Re: Update 7.6.0.55 fails - untrusted signer

Ok - back from the team:

 

It sounds to me like his SWM manifest file is out of date.

“Check for Updates”, then try again.

Please go to the Software Updates page and manually: "Check for updates" which will download the "manifest file" that is being validated as part of the MD5 check.

If this doesn't work - we may need to ask that you open a support case, but hopefully this is it!

I am an HPE employee.
Amr_Koptan
Occasional Advisor

Re: Update 7.6.0.55 fails - untrusted signer

Well Todd this is exactly what i tried to do but unfortunately i always get the same result, looks like this matter needs to get escalated with a case,
thank you very much for your assistance and precious time, quite appreciated
Amr
toddg1
HPE Pro

Re: Update 7.6.0.55 fails - untrusted signer

Ok - just double-checking.  You did press the "check for updates" button:


and THEN manually download the file again?

I am an HPE employee.
Amr_Koptan
Occasional Advisor

Re: Update 7.6.0.55 fails - untrusted signer

Yes that's exactly what i did, in the logs i can see that the file was downloaded to its intended folder successfully but when the hash is compared the checksum issue aborts the update and i get a red X.