This is the Windows Server Update Services support team blog. We cover all things relating to WSUS and Windows Update.
I was talking to my buddy Clifton Hughes today and he mentioned an interesting issue that we've seen a couple times concerning an error you get when trying to publishing updates to WSUS via System Center Update Publisher. In this particular case, when you try to publish an update you would get the following error in the UpdatesPublisher.log:
Publish: : Exception occurred during publishing: Verification of file signature failed for file: \\<serverName>\UpdateServicesPackages\<AppName_abf10b91-bfa6-44ff-aa54-099e4bf1487d\a7f3d4b2-02b6-4f0c-ab9b-e38c8de9c3f0_1.cab
You may also see this error:
"Exception occurred during publishing: Verification of the signature failed for fil" for each of the updates attempted.
To resolve this one, add the self-signed WSUS certificate to the Trusted Publishers Store and the Trusted Root Certification Authorities store on the Update Publisher machine as follows:
1. Click Start, click Run, type MMC in the text box, and then click OK to open the Microsoft Management Console (MMC).
2. Click File, click Add/Remove Snap-in, click Add, click Certificates, click Add, select Computer account, and then click Next.
3. Select Another computer, type the name of the update server or click Browse to find the update server computer, click Finish, click Close, and then click OK.
4. Expand Certificates (update server name), expand WSUS, and then click Certificates.
5. In the results pane, right-click the desired certificate, click All Tasks, and then click Export.
6. In the Certificate Export Wizard, use the default settings to create an export file with the name and location specified in the wizard. This file must be available to the update server before proceeding to the next step.
7. Right-click Trusted Publishers, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.
8. If a self-signed certificate is used, such as WSUS Publishers Self-signed, right-click Trusted Root Certification Authorities, click All Tasks, and then click Import. Complete the Certificate Import Wizard using the exported file from step 6.
9. Right-click Certificates (update server name), click Connect to another computer, enter the computer name for the Updates Publisher computer, and click OK.
10. If Updates Publisher is remote from the update server, repeat steps 7 through 9 to import the certificate to the certificate store on the Updates Publisher computer.
Once you do this you should be good to go.
A special thanks to Clifton Hughes and Vinay Pamnani for doing all the leg work in tracking this down and getting it documented.
J.C. Hornbeck | Manageability Knowledge Engineer
You're a life saver. Quick and easy to follow.
Thank you very much! This solved my problem too.
where is the microsoft documentation on NON-selfsigned certs...domain certs and PFX...ABSOLUTELY ridiculous...