VMware Workspace ONE Community
AnotherRandSA
Enthusiast
Enthusiast
‎08-08-2023 08:45 AM
Jump to solution

AirWatch Code Signing CA Expired

This morning I restarted our on-prem AirWatch server while diagnosing Tunnel issues. After the server came back online, only 4 VMware/AirWatch services began running, all others failed.

The failure reasons given in Event Viewer indicated there was a trust issue with the DLLs, so I checked the DLLs Digital Signatures and found the AirWatch Code Signing CA expired this morning (2023/08/08 6:20:45 AM).

It appears to be the same issue previously documented here: https://kb.vmware.com/s/article/82369

Labels (1)
Labels
0 Kudos
1 Solution

Accepted Solutions
troysp
Enthusiast
Enthusiast
‎08-08-2023 09:29 AM
Jump to solution

Same issue here.  Found this article but the zip file does not contain signtool.exe so the script fails for me.

 

SINST-176145 - Multiple Workspace ONE UEM application pools and services may not start once stopped ...

View solution in original post

21 Replies
troysp
Enthusiast
Enthusiast
‎08-08-2023 09:29 AM
Jump to solution

Same issue here.  Found this article but the zip file does not contain signtool.exe so the script fails for me.

 

SINST-176145 - Multiple Workspace ONE UEM application pools and services may not start once stopped ...

troysp
Enthusiast
Enthusiast
‎08-08-2023 09:41 AM
Jump to solution

Never mind, they updated the zip file and now it contains the correct files.  Went from version 4 to version 4.1.  LOL

AnotherRandSA
Enthusiast
Enthusiast
‎08-08-2023 09:43 AM
Jump to solution

I just downloaded the linked zip and it contains signtool.exe, FWIW.

0 Kudos
AnotherRandSA
Enthusiast
Enthusiast
‎08-08-2023 09:44 AM
Jump to solution

They're scrambling.

0 Kudos
troysp
Enthusiast
Enthusiast
‎08-08-2023 09:48 AM
Jump to solution

Yep

Tags (1)
0 Kudos
AnotherRandSA
Enthusiast
Enthusiast
‎08-08-2023 10:45 AM
Jump to solution

Certs updated OK using the signing utility. Services came back up. Still some problems in our install, but not sure if they're related to this specific issue.

0 Kudos
Rienus
Contributor
Contributor
‎08-09-2023 03:47 AM
Jump to solution

Has anyone else noticed that the dll's and executables for the horizon connection brokers are also signed with expiring certificates. these will expire on 12th of august

SHAUNCHAN
Contributor
Contributor
‎08-09-2023 09:45 AM
Jump to solution

we are currently running an older ver (soon to upgrade/update) but i feel like the patch is dead in the water for us old ver folks.

 

I have the UEMDllSigningUtility.zip > ran the PS .. no dice on our end.

 

hoping someone has some directions. (and of course i'm in the middle of renewing my support contract, so i can't even submit a tkt)

 

any direction from anybody, I really appreciate it.

 

 

 

 

0 Kudos
Phil_Helmling
VMware Employee
VMware Employee
‎08-09-2023 01:37 PM
Jump to solution

Shaunchan you should contact your local VMware partner or rep and ask to be put on the "do not block" support list. You will likely need to prove you are renewing and therefore entitled to the upgade, then upgrade.

0 Kudos
Adamfry
Enthusiast
Enthusiast
‎08-10-2023 12:31 AM
Jump to solution

Had the same, ran the DLL patch on DS and console servers and the Airwatch services on both are now all running but the console webpage is not loading (503 not available)


Going to fiddle and then raise a ticket if cannot sort it.  We are on 2102

0 Kudos
Adamfry
Enthusiast
Enthusiast
‎08-10-2023 02:09 AM
Jump to solution

Was an issue with application pool on IIS, needed to repair some IIS services and add on modules.  Console working again so going to check everything else.  Devices are checking in..

0 Kudos
SHAUNCHAN
Contributor
Contributor
‎08-10-2023 06:18 AM
Jump to solution

yes IIS POOL apps are not starting as well.... i'm on 2105.

 

Adam - can I DM  you my friend 🙂

0 Kudos
SHAUNCHAN
Contributor
Contributor
‎08-10-2023 06:20 AM
Jump to solution

@Phil_Helmling 

Yeh i've reached out to my acct rep: ghost replies as usual... 

 

 

0 Kudos
Adamfry
Enthusiast
Enthusiast
‎08-10-2023 06:31 AM
Jump to solution

Yeah no worries, will try and help if can. I did the DLL bits, no errors and the Airwatch services all started ok but had to get one of our geniuses to find/sort the IIS so will try and get a steer about that.

0 Kudos
Adamfry
Enthusiast
Enthusiast
‎08-10-2023 06:59 AM
Jump to solution

Did your DLL updater work without errors and services start again ?

 

Got this info back from colleague to fix IIS, hopefully helps:

I re-installed the IIS Rewrite Module, Visual C++ redistributable, and the .net core hosting bundle

 

Snapshot/backup of course 😉

0 Kudos
SHAUNCHAN
Contributor
Contributor
‎08-10-2023 07:30 AM
Jump to solution

@Adamfry 

 

when i rean the PS script, had a bunch of errors 😞

 

Pool app wise, Airwatch DS and the Airwatch did not start ....

 

 

0 Kudos
Rienus
Contributor
Contributor
‎08-10-2023 07:31 AM
Jump to solution

VMware states that there is no issue with horizon on this issue

Tags (1)
0 Kudos
Adamfry
Enthusiast
Enthusiast
‎08-10-2023 07:35 AM
Jump to solution

Hmmmmm, I think the ReadME said if you get errors try running the script again.  I guess until you get no errors but if you still get them then maybe have to be support if you can get a ticket raised 😞

0 Kudos
SHAUNCHAN
Contributor
Contributor
‎08-10-2023 07:41 AM
Jump to solution

@Adamfry 

Yeh, ran it a few times already.

 

maybe i'm not running it in the right root folder ? 

 

UPDATE: i just moved the script/folder to the "Airwatch 2105" folder....

i'm going to keep running it ... tons of errors but looks like i'm SOL atm

Preview file
90 KB
0 Kudos