Digest Mismatch Due To Download URL Being Filtered by Firewall or Web Filter
If you received an error message in the PatchMyPC.log similar to the one shown below when publishing a third-party update this article should help.
Digest of the downloaded update doesn’t match the digest from the catalog: Hash from catalog [0Io0A82tYc06ybySLZ1osB5VYzY=] doesn’t match downloaded update hash of [YQMfSKsyclBqVjGnvRdBuoCCcvY=]
This error appears to be a known error. Please see our KB article https://patchmypc.com/digest-mismatch-download-filtered for the resolution.
Topics covered in this article:
Why the Hash Check?
Whenever we download an update file from a vendor’s website to publish to WSUS/SCCM, we validate the hash of the current binary downloaded matches the original hash within the catalog metadata. This check ensures that if a binary is compromised or changed on the vendors websites, we will not publish the software update. We have a deep dive into our security validation process here.
Review Download Failures from Firewall Rules for Previous Synchronizations
We store the last download response code and domain for currently enabled products. This can be helpful when reviewing download failures for currently enabled products.
The download history can be found on a CSV file in: %InstallDir%\PatchMyPC-DownloadHistory.csv
Here’s an example of the data included in the PatchMyPC-DownloadHistory.csv file. You can use the domain column to create firewall exceptions based on the products enabled and failing to download.
Resolution to this Specific Hash Check Failure
If you received the error message above that links our to this article, that means the hash check failed, and the downloaded file size was less than 100 kb.
When the downloaded file is less than 100 kb in size, this almost always correlates to a web filter or firewall blocking the download from the server that is running our publishing service.
Step 1 – Open the PatchMyPC.log from the publishing service.
Step 2 – Copy the download URL from the PatchMyPC.log for any updates receiving this hash error.
Step 3 – Paste the download URL into a web browser on the same server running the publishing service and check if you receive an error that a web filter is blocking the download.
Step 4 – You will need to get exceptions created for any downloads receiving this hash error for “digest mismatch download filtered“.
A full list of possible domains used for products in our catalog can be found at https://patchmypc.com/list-of-domains-used-for-downloads-in-patch-my-pc-update-catalog