Hi all,
I get this error when when looking for Windows bulletins ( Patching -> Windows -> Bulletins -> by Bulletin -> Check for Update ) . Looking in the Job Manager , I see "Error: Signature verification failed for: Post XML Update SQL" .
I'm using the latest version vCM 5.8.2 . I found another post here about that , that mentioned that KB 2050220 fixed the issue , however it is not working for me .
Do you have any other ideas what I could try ? Where would be the actual logs that might help me figure out what's wrong ?
Thank you.
Well , fixed it . Looked in the Debug info , and indeed it was related to KB 2050220 :
Level: Error
Time: 04-17-2016 10:53:43:460
Classname: clsPatchVerification
FuncName: VerifyPatch
Msg: (0) The downloaded file: C:\Program Files (x86)\VMware\VCM\Sum\Collector\SUM2_postxml.sql.cab does not have a VMware Configuration Manager trusted signature. Certificate IssuedTo: VMware, Inc. Certificate Issuer: DigiCert SHA2 Assured ID Code Signing CA
SourceDesc: UI
RequestId: Default
JobId:
JobMachineName:
The problem with the SQL added to KB is that it is old .. no longer reflecting the reality , as the certificate of the cab now has DigiCert SHA2 Assured ID Code Signing CA , and not DigiCert Assured ID Code Signing CA-1 as written in the SQL query attached to the KB.
Therefore we would have:
Original VMware KB :
SET QUOTED_IDENTIFIER ON
SET ANSI_NULLS ON
IF NOT EXISTS
(
SELECT *
FROM dbo.ecm_sysdat_certificate_configuration_settings_ui
WHERE configuration_name = 'DigiCert Assured ID Code Signing CA-1'
)
BEGIN
INSERT INTO dbo.ecm_sysdat_certificate_configuration_settings_ui
(
configuration_name,
configuration_description,
is_subject,
is_issuer,
is_configuration_allowed,
last_modified_by_id,
last_modified_datetime
)
VALUES
(
'DigiCert Assured ID Code Signing CA-1',
NULL,
0,
1,
1,
NULL,
NULL
)
END
GO
Correct :
SET QUOTED_IDENTIFIER ON
SET ANSI_NULLS ON
IF NOT EXISTS
(
SELECT *
FROM dbo.ecm_sysdat_certificate_configuration_settings_ui
WHERE configuration_name = 'DigiCert SHA2 Assured ID Code Signing CA'
)
BEGIN
INSERT INTO dbo.ecm_sysdat_certificate_configuration_settings_ui
(
configuration_name,
configuration_description,
is_subject,
is_issuer,
is_configuration_allowed,
last_modified_by_id,
last_modified_datetime
)
VALUES
(
'DigiCert SHA2 Assured ID Code Signing CA',
NULL,
0,
1,
1,
NULL,
NULL
)
END
GO
Well , fixed it . Looked in the Debug info , and indeed it was related to KB 2050220 :
Level: Error
Time: 04-17-2016 10:53:43:460
Classname: clsPatchVerification
FuncName: VerifyPatch
Msg: (0) The downloaded file: C:\Program Files (x86)\VMware\VCM\Sum\Collector\SUM2_postxml.sql.cab does not have a VMware Configuration Manager trusted signature. Certificate IssuedTo: VMware, Inc. Certificate Issuer: DigiCert SHA2 Assured ID Code Signing CA
SourceDesc: UI
RequestId: Default
JobId:
JobMachineName:
The problem with the SQL added to KB is that it is old .. no longer reflecting the reality , as the certificate of the cab now has DigiCert SHA2 Assured ID Code Signing CA , and not DigiCert Assured ID Code Signing CA-1 as written in the SQL query attached to the KB.
Therefore we would have:
Original VMware KB :
SET QUOTED_IDENTIFIER ON
SET ANSI_NULLS ON
IF NOT EXISTS
(
SELECT *
FROM dbo.ecm_sysdat_certificate_configuration_settings_ui
WHERE configuration_name = 'DigiCert Assured ID Code Signing CA-1'
)
BEGIN
INSERT INTO dbo.ecm_sysdat_certificate_configuration_settings_ui
(
configuration_name,
configuration_description,
is_subject,
is_issuer,
is_configuration_allowed,
last_modified_by_id,
last_modified_datetime
)
VALUES
(
'DigiCert Assured ID Code Signing CA-1',
NULL,
0,
1,
1,
NULL,
NULL
)
END
GO
Correct :
SET QUOTED_IDENTIFIER ON
SET ANSI_NULLS ON
IF NOT EXISTS
(
SELECT *
FROM dbo.ecm_sysdat_certificate_configuration_settings_ui
WHERE configuration_name = 'DigiCert SHA2 Assured ID Code Signing CA'
)
BEGIN
INSERT INTO dbo.ecm_sysdat_certificate_configuration_settings_ui
(
configuration_name,
configuration_description,
is_subject,
is_issuer,
is_configuration_allowed,
last_modified_by_id,
last_modified_datetime
)
VALUES
(
'DigiCert SHA2 Assured ID Code Signing CA',
NULL,
0,
1,
1,
NULL,
NULL
)
END
GO
Update - a KB on this was just published : https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=21449...