Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Own signed updates. Error 800b0004. Digital Signatures not trusted

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 02-26-2008
Matthias Kracht
 

Posts: n/a
Own signed updates. Error 800b0004. Digital Signatures not trusted
We have published own created updates using wsus. The updates was
automatically signed by an certificate, which was created explicit for the
server. The root certificate is published on the computer as "trusted root".
Now we have digital signature errors on some computers(Windows Vista) like
the following:

2008-02-26 18:13:38:942 1020 cf4 DnldMgr BITS job
{92E46536-BB95-468B-8C4A-4129FAF413B3} completed successfully
2008-02-26 18:13:39:021 1020 cf4 Misc Validating signature for
C:\Windows\SoftwareDistribution\Download\4c04a18e4 68da1078fbeccdba67fe55f\15702aee91a845bedac5f000da d241cacef96f77:
2008-02-26 18:13:39:036 1020 cf4 Misc Microsoft signed: No
2008-02-26 18:13:39:036 1020 cf4 Misc Trusted Publisher: No
2008-02-26 18:13:39:036 1020 cf4 Misc WARNING: Digital Signatures on file
C:\Windows\SoftwareDistribution\Download\4c04a18e4 68da1078fbeccdba67fe55f\15702aee91a845bedac5f000da d241cacef96f77 are not trusted: Error 0x800b0004
2008-02-26 18:13:39:036 1020 cf4 DnldMgr WARNING: File failed
postprocessing, error = 800b0004
2008-02-26 18:13:39:036 1020 cf4 DnldMgr Failed file: URL =
'http://server.local.net/Content/77/15702AEE91A845BEDAC5F000DAD241CACEF96F77.cab',
Local path =
'C:\Windows\SoftwareDistribution\Download\4c04a18e 468da1078fbeccdba67fe55f\15702aee91a845bedac5f000d ad241cacef96f77'
2008-02-26 18:13:39:036 1020 cf4 DnldMgr Error 0x800b0004 occurred while
downloading update; notifying dependent calls.

Now the question is: Which kind of error is it? I tried to validate the
signing of the file using "signtool /verify" and it was successful.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 02-26-2008
PA Bear [MS MVP]
 

Posts: n/a
Re: Own signed updates. Error 800b0004. Digital Signatures not trusted
Forwarded to WSUS newsgroup
(microsoft.public.windows.server.update_services) via crosspost as a
convenience to OP.

On the web:
http://www.microsoft.com/communities... date_services

In your newsreader:
news://msnews.microsoft.com/microsof...pdate_services
--
~PA Bear

Matthias Kracht wrote:
> We have published own created updates using wsus. The updates was
> automatically signed by an certificate, which was created explicit for the
> server. The root certificate is published on the computer as "trusted
> root".
> Now we have digital signature errors on some computers(Windows Vista) like
> the following:
>
> 2008-02-26 18:13:38:942 1020 cf4 DnldMgr BITS job
> {92E46536-BB95-468B-8C4A-4129FAF413B3} completed successfully
> 2008-02-26 18:13:39:021 1020 cf4 Misc Validating signature for
> C:\Windows\SoftwareDistribution\Download\4c04a18e4 68da1078fbeccdba67fe55f\15702aee91a845bedac5f000da d241cacef96f77:
> 2008-02-26 18:13:39:036 1020 cf4 Misc Microsoft signed: No
> 2008-02-26 18:13:39:036 1020 cf4 Misc Trusted Publisher: No
> 2008-02-26 18:13:39:036 1020 cf4 Misc WARNING: Digital Signatures on file
> C:\Windows\SoftwareDistribution\Download\4c04a18e4 68da1078fbeccdba67fe55f\15702aee91a845bedac5f000da d241cacef96f77
> are not trusted: Error 0x800b0004 2008-02-26 18:13:39:036 1020 cf4 DnldMgr
> WARNING: File failed
> postprocessing, error = 800b0004
> 2008-02-26 18:13:39:036 1020 cf4 DnldMgr Failed file: URL =
> 'http://server.local.net/Content/77/15702AEE91A845BEDAC5F000DAD241CACEF96F77.cab',
> Local path =
> 'C:\Windows\SoftwareDistribution\Download\4c04a18e 468da1078fbeccdba67fe55f\15702aee91a845bedac5f000d ad241cacef96f77'
> 2008-02-26 18:13:39:036 1020 cf4 DnldMgr Error 0x800b0004 occurred while
> downloading update; notifying dependent calls.
>
> Now the question is: Which kind of error is it? I tried to validate the
> signing of the file using "signtool /verify" and it was successful.


Reply With Quote
  #3 (permalink)  
Old 02-26-2008
Harry Johnston [MVP]
 

Posts: n/a
Re: Own signed updates. Error 800b0004. Digital Signatures not trusted
PA Bear [MS MVP] wrote:

> Forwarded to WSUS newsgroup
> (microsoft.public.windows.server.update_services) via crosspost as a
> convenience to OP.


Actually it sounds like a digital certificates issue - I don't know which
newsgroup would be most suitable. One of the Vista groups perhaps?

If it really is specific to the way WSUS verifies certificates, I think the OP
may be on their own; I don't know of anybody else who has tried to do this before.

>> We have published own created updates using wsus. The updates was
>> automatically signed by an certificate, which was created explicit for the
>> server. The root certificate is published on the computer as "trusted root".
>> Now we have digital signature errors on some computers(Windows Vista) like
>> the following:


What mechanism did you use to publish the certificate to the client computers?
Have you doublechecked that the certificate is present? Have you tried copying
the file to the client and examining the certificate via Windows Explorer?

Harry.
Reply With Quote
  #4 (permalink)  
Old 02-27-2008
Matthias Kracht
 

Posts: n/a
Re: Own signed updates. Error 800b0004. Digital Signatures not tru
The computers are located at an active directory. The sign certificate was
created by a microsoft certification authority, which is a part of the active
directory. So automatically the root certificate of the certification
authority will be published for the computers using active directory.
The root certificate of the certification authority is installed at the
computer(I checked this using the mmc console and the certificate plugin for
the local computer context).
The explorer grant this certificate as valid. I tried this verification step
also at the systemcontext and everything is fine.
The big problem is on some computers it works and on another computer it
doesn't work.
It's really comlex to understand the verification process of wsus.

I added the sign certificate to the "trusted publishers" on the computers,
which has the problems. That solved the issue.
But the question is: Why it works on some computers without this step? Or
which parameter or setting is wrong on this computers, where it crash.

"Harry Johnston [MVP]" wrote:

> PA Bear [MS MVP] wrote:
>
> > Forwarded to WSUS newsgroup
> > (microsoft.public.windows.server.update_services) via crosspost as a
> > convenience to OP.

>
> Actually it sounds like a digital certificates issue - I don't know which
> newsgroup would be most suitable. One of the Vista groups perhaps?
>
> If it really is specific to the way WSUS verifies certificates, I think the OP
> may be on their own; I don't know of anybody else who has tried to do this before.
>
> >> We have published own created updates using wsus. The updates was
> >> automatically signed by an certificate, which was created explicit for the
> >> server. The root certificate is published on the computer as "trusted root".
> >> Now we have digital signature errors on some computers(Windows Vista) like
> >> the following:

>
> What mechanism did you use to publish the certificate to the client computers?
> Have you doublechecked that the certificate is present? Have you tried copying
> the file to the client and examining the certificate via Windows Explorer?
>
> Harry.
>

Reply With Quote
  #5 (permalink)  
Old 02-27-2008
Harry Johnston [MVP]
 

Posts: n/a
Re: Own signed updates. Error 800b0004. Digital Signatures not tru
Matthias Kracht wrote:

> The big problem is on some computers it works and on another computer it
> doesn't work.


Try to locate the common distinguishing factor.

Harry.
Reply With Quote
  #6 (permalink)  
Old 02-29-2008
Matthias Kracht
 

Posts: n/a
Re: Own signed updates. Error 800b0004. Digital Signatures not tru
How? I have no idea how to find this differences.
Do you have an idea?


"Harry Johnston [MVP]" wrote:

> Matthias Kracht wrote:
>
> > The big problem is on some computers it works and on another computer it
> > doesn't work.

>
> Try to locate the common distinguishing factor.
>
> Harry.
>

Reply With Quote
  #7 (permalink)  
Old 03-01-2008
Harry Johnston [MVP]
 

Posts: n/a
Re: Own signed updates. Error 800b0004. Digital Signatures not tru
Matthias Kracht wrote:

> How? I have no idea how to find this differences.
> Do you have an idea?


Nothing specific. You could try making a list of those machines on which it
works or those on which it doesn't (whichever is smaller) and look for common
factors - which part of the network they're on, what software they have
installed, when they were installed, that sort of thing.

It sounded from your first message as though all Vista machines were failing and
all WinXP machines succeeding, but I take it this isn't the case. Are all the
failing machines running Vista? In that case you could ignore the WinXP
machines and just compare the Vista machines that work with those that don't.
You might also want to ask in one of the Vista newsgroups and see if anyone has
experienced any similar problems with digital signatures.

Harry.
Reply With Quote
  #8 (permalink)  
Old 03-05-2008
Harry Johnston [MVP]
 

Posts: n/a
Re: Own signed updates. Error 800b0004. Digital Signatures not tru
Matthias Kracht wrote:

> I added the sign certificate to the "trusted publishers" on the computers,
> which has the problems. That solved the issue.
> But the question is: Why it works on some computers without this step?


Actually this may be a bigger worry than I thought - according to what
documentation I can find WUA shouldn't accept certificates unless they're in the
Trusted Publishers store. So it's the computers where the update is working
that aren't functioning properly, not the ones where it isn't.

Have you checked on one of the computers where the updates were being accepted
to see whether the certificate was already in the Trusted Publishers store?
Perhaps it wound up there as a side-effect of something else you were doing on
those computers?

You can look at the computer store by starting mmc, adding the Certificates
snapin and selecting Computer Account.

If you can verify that you're seeing locally created updates accepted by WUA
without the certificate being in Trusted Publishers, please contact me directly
as this would warrant further investigation.

Harry.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
mailto not trusted even when click from trusted site with IE7 & Vi Eric microsoft.public.windows.vista.mail 11 06-03-2008 19:01
Digital signatures assure the authenticity of the FY2009 budget Paul Security News 0 02-05-2008 16:30
Digital signatures assure the authenticity of the FY2009 budget Paul Security News 0 02-04-2008 23:00
mailto not trusted even when click from trusted site with IE7 & Vi Eric microsoft.public.windows.vista.general 7 05-05-2007 18:27
Missing digital signatures for hkcmde.exe igfxtray.exe igfxpers.exe Michael Chare microsoft.public.windows.vista.general 5 03-25-2007 21:11




All times are GMT +1. The time now is 03:35.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120