800xA 6.1 SCC issue with Certificate/ Timestamp
Hello,
while trying to get to deploy functions in SCC (after clicking on configure system) I'm getting this error on one of the VMs that we have in the cloud. I've never seen this issue in a past. I have checked certificates, looks like all are valid and played with time, however with no success.
Is there anyone who can advise?
Thank you in advance,
Michael Bik
Asked 7 days ago
Answers
0
Ensure the below prerequisite on all the node,
Internet Security Settings for Digital Signature Validation Perform the following steps on all 800xA nodes: 1. Go to Control Panel. 2. On All Control Panel Items, select Internet Options. 3. In the Internet Properties, click Advanced tab. 4. Scroll to Security and under Security clear the Check for publisher’s certificate revocation check box. 5. Click Apply and OK.
Error Screenshot will definitely help here.
Internet Security Settings for Digital Signature Validation Perform the following steps on all 800xA nodes: 1. Go to Control Panel. 2. On All Control Panel Items, select Internet Options. 3. In the Internet Properties, click Advanced tab. 4. Scroll to Security and under Security clear the Check for publisher’s certificate revocation check box. 5. Click Apply and OK.
Error Screenshot will definitely help here.
Answered 7 days ago
0
Hello, I inserted the screenshot directly in the text, but obviously this doesn't work. I attached the screenshot now.
This checkbox was checked during the installation which went fine in the past. Unchecked now/ restarted the agent and whole system however it didn't solve the issue.
Thank you,
Michael.
This checkbox was checked during the installation which went fine in the past. Unchecked now/ restarted the agent and whole system however it didn't solve the issue.
Thank you,
Michael.
Answered 7 days ago
0
Check the cloud computer's Trusted Root Certificate store.
Since 6.0 all files on the System 800xA media are signed with a certificate from, I believe DigiCert or VeriSign, to be able to prove the media to be genuine and not tampered with. Since 6.1 the System Installer does not accept media lacking signatures. A warning is then lit up.
Here the certificate verification process seem to have halted, somehow. Verify that the computer clocks are correct and that the Trusted Root Certificate store is OK (compare with another computer where installation succeeded).
mmc.exe > Add snap-in > Certificates [Local Computer] > Trusted Root Certificates
One reason for the System Installer not being able to verify the media is if the Local Security Policy "Turn Off Automatic Root Certificate Updates" has been enabled, locally or via GPO.
Below is a closure comment from a similar support case we've had:
Case Closure Description:
The following certificates are missing:
· BaltimoreCyberTrustRoot
· DigiCertAssuredIDRootCA
· DigiCertSHA2AssuredIDCodeSigningCA
· VeriSign Universal Root Certification Authority
· VerizonGlobalRootCA
As the mechanism to load Root Certificates is a Microsoft Windows function to load from Crypt32.dll
and that Microsoft uses this file to update certificates via Windows Update (and also ABB QSU’s).
There is a description by Microsoft how to install the root certificates.
Case could be closed.
Since 6.0 all files on the System 800xA media are signed with a certificate from, I believe DigiCert or VeriSign, to be able to prove the media to be genuine and not tampered with. Since 6.1 the System Installer does not accept media lacking signatures. A warning is then lit up.
Here the certificate verification process seem to have halted, somehow. Verify that the computer clocks are correct and that the Trusted Root Certificate store is OK (compare with another computer where installation succeeded).
mmc.exe > Add snap-in > Certificates [Local Computer] > Trusted Root Certificates
One reason for the System Installer not being able to verify the media is if the Local Security Policy "Turn Off Automatic Root Certificate Updates" has been enabled, locally or via GPO.
Below is a closure comment from a similar support case we've had:
Case Closure Description:
The following certificates are missing:
· BaltimoreCyberTrustRoot
· DigiCertAssuredIDRootCA
· DigiCertSHA2AssuredIDCodeSigningCA
· VeriSign Universal Root Certification Authority
· VerizonGlobalRootCA
As the mechanism to load Root Certificates is a Microsoft Windows function to load from Crypt32.dll
and that Microsoft uses this file to update certificates via Windows Update (and also ABB QSU’s).
There is a description by Microsoft how to install the root certificates.
Case could be closed.
Add new comment