Failed to sign package; error was: 2148204810
In this article, we will be reviewing an error that can occur when trying to publish third-party software updates to WSUS.
Topics covered in this article:
Determine if You are Affected
If you are affected by this error, you will see the following error(s) in the PatchMyPC.log or SoftwareDistribution.log
An error occurred while publishing an update to WSUS: Failed to sign package; error was: 2148204810
PublishPackage(): Operation Failed with Error: Failed to sign package; error was: 2148204810
This error generally will occur when the software update is being timestamped, but the WSUS Signing Certificate is not trusted on the WSUS Server.
Note: Error code 2148204810 translates to A certificate chain could not be built to a trusted root authority.
Check if the WSUS Signing Certificate is Trusted
On the WSUS Server, open certlm.msc from a Run prompt. In the WSUS certificate store, double click your WSUS Signing Certificate and click the Certification Authority tab.
The most common root cause for error 2148204810 is the WSUS Signing Certificate is not trusted at the root level for the CA the issued the certificate.
You will need to determine why the root certificates are not trusted on the server. It’s possible automatic root certificate updates were disabled via GPO.
Known Issue when Using Sectigo Code-Signing Certificate
We have worked with customers using a WSUS code-signing certificate issued from Sectigo. There’s a known issue where if you don’t have the latest Sectigo Root CA and Code Signing certificates imported, you will receive this error after May 30, 2020.
Please review the following article from Sectigo for information about this issue:
Is the WSUS Signing Certificate Expired?
Another possible reason you may receive Failed to sign package; error was: 2148204810 is the WSUS Signing Certificate may be expired.