Re: Update 7.6.0.55 fails - untrusted signer

Vadim_Paladi · ‎08-31-2016

Tried to download it several times today with same result.

"Content760Pkg.zip is not signed by a trusted signer"

No changes have been made to client and server.

toddg1 · ‎08-31-2016

I don't have a solution - but I think there is work being done to address this.

A question, which browser were you using? Did you try a different browser? I know many folks have been able to download this package successfully - and I have heard some rumblings that the "signing" problem is in the browser having been updated in a way that isn't compatible.

Just a thought - if you haven't tried Firefox or Chrome - it might be worth a try?

I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

toddg1 · ‎08-31-2016

Hello - we are aware of a problem where an out of date certificate is on the download server that is causing this problem. We are working to get this corrected as soon as possible.

I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

toddg1 · ‎09-01-2016

Hi - this problem was fixed yesterday afternoon. Can you please try again now? Please post your results if you can

I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Vadim_Paladi · ‎09-01-2016

Still same result.

HPRSExecutionManager[SoftwareManager Task (ae24f372-3862-4d4d-a8ec-5e5a5a240dee)] ERROR c.h.u.s.p.SwmProcessingModule - Caught an unexpected Exception
com.hp.uca.swm.exception.SwmDownloadFileException: java.lang.SecurityException: G:\ProgramData\HP\RS\DATA\swm\LANDINGZONE\Content760Pkg\Content760Pkg.zip is not signed by a trusted signer
at com.hp.uca.swm.apackage.PackageDownloader.verifySignature(PackageDownloader.java:233) ~[swm.jar:na]
at com.hp.uca.swm.apackage.PackageDownloader.download(PackageDownloader.java:142) ~[swm.jar:na]
at com.hp.uca.swm.packages.SwmDownloader.download(SwmDownloader.java:329) ~[swm.jar:na]
at com.hp.uca.swm.packages.SwmDownloader.downloadPkgAndDepPkgs(SwmDownloader.java:258) ~[swm.jar:na]
at com.hp.uca.swm.packages.SwmDownloader.downloadPackage(SwmDownloader.java:142) ~[swm.jar:na]
at com.hp.uca.swm.processingmodules.SwmProcessingModule.handleRequest(SwmProcessingModule.java:64) ~[swm.jar:na]
at com.hp.uca.taskcontroller.processingmodules.AbstractProcessingModule.processModule(AbstractProcessingModule.java:122) [taskcontroller.jar:na]
at com.hp.uca.taskcontroller.processingmodules.SimpleProcessingModule.handleRequest(SimpleProcessingModule.java:38) [taskcontroller.jar:na]
at com.hp.uca.taskcontroller.processingmodules.AbstractProcessingModule.processModule(AbstractProcessingModule.java:122) [taskcontroller.jar:na]
at com.hp.uca.taskcontroller.threads.ProcessingModuleEngine.run(ProcessingModuleEngine.java:26) [taskcontroller.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_60]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]

toddg1 · ‎09-02-2016

HI All,

Customers do not have to do anything unusual to recover from a failure. The next time their 7.6.0 client checks for updates – whether by schedule, or by hand-triggering – the certificate bundle will download and be processed.

It is likely the user(s) reporting problems are trying to download the CLU2 package, which is already visible as ‘available’ in the SWM screen, without clicking on the “check for updates” button.

Please click on the "Check for Updates" button - and then this new certificate should be brought to your system.

The cert update procedure is part of the check-for-updates step, not part of the download-a-package step.

Here is what you will see in the logs as part of a successful check-for-updates execution:

31 Aug 2016 15:47:02.888 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO com.hp.uca.swm.common.DownloadFile - Attempting to download https://services.isee.hp.com/SWM/certs/certs.zip to C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

31 Aug 2016 15:47:03.560 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO com.hp.uca.swm.common.DownloadFile - Successfully downloaded https://services.isee.hp.com/SWM/certs/certs.zip to C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

31 Aug 2016 15:47:03.607 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO c.h.u.a.DigitalSignatureVerifier - C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip is signed by verisign-class3-codesigning-2010-ca

31 Aug 2016 15:47:03.622 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO c.h.u.accounts.IRSAccountInfoManager - Imported 1-AddTrust_External_CA_Root-2000-2020.cer into keystore from C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

...

31 Aug 2016 15:47:03.810 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO c.h.u.accounts.IRSAccountInfoManager - Imported 5-hpca2ssG2_ie.cer into keystore from C:\ProgramData\HP\RS\DATA\ucacore\certs\certs.zip

31 Aug 2016 15:47:03.857 HPRSExecutionManager[SoftwareManager Task (c815d70e-6ffa-4632-8fdf-5aa90cb4152a)] INFO c.hp.uca.swm.manifest.SwmGetCatalog - Total# of parsed packages : 44

Once that is complete, the CLU downloads correctly.

I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Vadim_Paladi · ‎09-02-2016

Thanks! That works.

Amr_Koptan · ‎02-22-2017

Hello Toddg1

Thanks alot for the instructions you provided , the refresh brought new Manifest items to be updated but i received a new error which i have absolutely no clue about, it says in the logs :

22 Feb 2017 14:36:47.132 HPRSExecutionManager[SoftwareManager Task (29983a5e-1cd8-44fa-8abf-be82a47eb90d)] ERROR c.h.u.s.p.SwmProcessingModule - Caught an unexpected Exception

com.hp.uca.swm.exception.SwmDownloadFileException: MD5 checksum (2d88c9564a8cf729182135c454bd1e43) of package LocalHelpPkg (7.7.0.42) doesn't match the checksum (760825e4d31490f683b46d8545ded104) specified in package catalog

do you have any idea what this is ? thanks

toddg1 · ‎02-22-2017

Asking the team about this - stay tuned

I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Amr_Koptan · ‎02-22-2017

Thank you very much appreciate your assistance a lot

Amr

toddg1 · ‎02-22-2017

We are not able to reproduce this - perhaps something got munged during the download. Have you tried going to the Software Management tab in Insight RS and manually downloading to see if that works?

I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Amr_Koptan · ‎02-22-2017

Hello Todd

well i can see from the logs that the download is successful for all the packages but the MD5 checksum is the problem in most of them, before the update packages used to download and install without issues this happened only after the 7.7.0.0020 update, all packages fail the same way

amr

toddg1 · ‎02-22-2017

Ok - back from the team:

It sounds to me like his SWM manifest file is out of date.

“Check for Updates”, then try again.

Please go to the Software Updates page and manually: "Check for updates" which will download the "manifest file" that is being validated as part of the MD5 check.

If this doesn't work - we may need to ask that you open a support case, but hopefully this is it!

I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Amr_Koptan · ‎02-22-2017

Well Todd this is exactly what i tried to do but unfortunately i always get the same result, looks like this matter needs to get escalated with a case,
thank you very much for your assistance and precious time, quite appreciated
Amr

toddg1 · ‎02-22-2017

Ok - just double-checking. You did press the "check for updates" button:

and THEN manually download the file again?

I work for HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Amr_Koptan · ‎02-22-2017

Yes that's exactly what i did, in the logs i can see that the file was downloaded to its intended folder successfully but when the hash is compared the checksum issue aborts the update and i get a red X.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Update 7.6.0.55 fails - untrusted signer

Update 7.6.0.55 fails - untrusted signer