1 Reply Latest reply on Oct 22, 2015 5:36 PM by kellytice

    Publishing 3rd party apps to the WSUS Server Failed!

    ljcabrad

      I just installed Patch Manager v2.1 on our WSUS Server. Under Software Publishing, when i tried to publish Acrobat 10.0 package to our WSUS server, it gives me an message stating: "Failed to publish Acrobat 10.0 Update. Verification of file signature failed for file. Wanted to know what this message means and any solutions to resolving it. I attached a screenshot on the message i am getting. Thanks for the help in advance.

        • Re: Publishing 3rd party apps to the WSUS Server Failed!
          kellytice

          Typically this is because the certificate which WSUS uses to sign the updates as they are published to WSUS is not in all the right places.

           

          You may be able to run the Server Publishing Setup Wizard from within the Software Publishing node in Patch Manager to read that cert from the WSUS server and distribute it to the proper certificate stores on the WSUS and Patch Manager servers.

           

           

          If you prefer or need to use the more manual way:

           

          • Go to the WSUS server.
          • Run MMC and add the Certificates snap-in and choose "computer account"
          • When that opens, if you have already created a certificate in the past for 3rd party patching, it will be under the \WSUS certificate store.  If you get properties on it you will likely see an error on the properties page saying it is not trusted.
          • Export that cert from the \WSUS store to a .CER file.  Generally, you can just take the defaults on the export wizard and drop it to a file.  You may want to look at the Properties on that cert in the \WSUS store so that you can note the serial number of that cert for later reference.

           

          • On the WSUS server, you will want to make sure that a copy of that certificate (which you can verify is the same by checking the serial number) is under both the Trusted Publishers and Trusted Root Certification Authorities certificate stores.  If it is not there in one of those stores, then Import it using the .CER file you exported a couple of steps ago.
          • On the Patch Manager server you will want to make sure that cert is in those same two stores (Trusted Publishers / Trusted Root Certification Authorities).

           

          So, at the end you will have the cert in 3 different stores on the WSUS server and 2 stores on the Patch Manager server, and you can verify that they are all the same by checking the serial number.  Once that is true that error should go away.