• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 

Failed to sign package; error was: 2149122455 - Impacts all packages

Started by willudo, April 10, 2019, 09:44:42 AM

Previous topic - Next topic

willudo

Hello PatchMyPC team :)

Working with the Enterprise catalog and trying to do an initial sync and publish to WSUS. I'm getting the following error for every package that is processed:

"An error occurred while publishing an update to WSUS: Failed to sign package; error was: 2149122455"

Googling had similar issues that pointed to a mismatch of WSUS shares and file paths. I have confirmed that those exist and are correct on my server.

Looking for the specific error code - 2149122455 - brought up even less information, save for one reference to a proxy error. My server is behind a web proxy and I've set the proxy settings - downloads for the packages work just fine so I believe that's setup properly.

This was tried with a WSUS-generated certificate, and a Publishing Service-generated self-signed certificate - no change in errors either way.

I also tried assigning the service to run as my SCCM service account in case it was something permission based - no change in errors there either.

Issue existed with 1.2.5.0 build, 1.2.5.4 preview build, and still exists as of the 1.3.0.0 builds (Just updated yesterday).

Logging level is set to Debug and I'm happy to provide them via email/private message if that would help :)

Thanks in advance!

-Will





Justin Chalfant (Patch My PC)

2149122455 = Proxy authentication required (407).

Can you try to set the proxy at the SYSTEM level as described here? https://patchmypc.com/forum/index.php?topic=2673.0 to see if that helps?


Quote from: willudo on April 10, 2019, 09:44:42 AM
Hello PatchMyPC team :)

Working with the Enterprise catalog and trying to do an initial sync and publish to WSUS. I'm getting the following error for every package that is processed:

"An error occurred while publishing an update to WSUS: Failed to sign package; error was: 2149122455"

Googling had similar issues that pointed to a mismatch of WSUS shares and file paths. I have confirmed that those exist and are correct on my server.

Looking for the specific error code - 2149122455 - brought up even less information, save for one reference to a proxy error. My server is behind a web proxy and I've set the proxy settings - downloads for the packages work just fine so I believe that's setup properly.

This was tried with a WSUS-generated certificate, and a Publishing Service-generated self-signed certificate - no change in errors either way.

I also tried assigning the service to run as my SCCM service account in case it was something permission based - no change in errors there either.

Issue existed with 1.2.5.0 build, 1.2.5.4 preview build, and still exists as of the 1.3.0.0 builds (Just updated yesterday).

Logging level is set to Debug and I'm happy to provide them via email/private message if that would help :)

Thanks in advance!

-Will

willudo

Thanks for that Justin!

Just followed the instructions - pretty straightforward but still no luck. I'm guessing that the fact that our proxy requires authentication to be passed through means that this won't be an option for us.

Let me make a request to our network team to white-list that DNS name and exempt it from our proxy. If that works, I'll post back here just to capture the knowledge :)

-Will

willudo

Just an update - still working with our network team on getting the appropriate exceptions. We've tried a few things but no luck yet. I'll post back here once we figure out exactly what configuration had to be applied on the network side in hopes that it might expedite the process for anyone else in a more secure environment :)

Ted Chiueh

Hi Justin,

I will be working with you on the issue here as Will is transitioning to another project which consumes majority of his time. I'm seeing another error starting on 5/2 below:

An error occurred while publishing an update to WSUS: Failed to sign package; error was: 2149122451

Based on the error lookup, it states that it is a "Forbidden (403)". Please let me know what you think as we continue with troubleshooting the issue. Thank you!

Justin Chalfant (Patch My PC)

Have you configured the proxy at the SYSTEM level https://patchmypc.com/forum/index.php?topic=2673.0?


Quote from: Ted Chiueh on May 15, 2019, 02:25:34 PM
Hi Justin,

I will be working with you on the issue here as Will is transitioning to another project which consumes majority of his time. I'm seeing another error starting on 5/2 below:

An error occurred while publishing an update to WSUS: Failed to sign package; error was: 2149122451

Based on the error lookup, it states that it is a "Forbidden (403)". Please let me know what you think as we continue with troubleshooting the issue. Thank you!

Ted Chiueh

Yes, I've followed the steps recommended below from the previous post on 4/10/2019:

1.   Open command prompt as Administrator
2.   Launch Internet Explorer as SYSTEM using command line: psexec.exe -s -i "C:\Program Files\internet explorer\iexplore.exe"
3.   In Internet Explorer > Settings > Connections > LAN Settings > Enable "Use a proxy server for your LAN and configure the IP Address and Port and click OK and close IE

Justin Chalfant (Patch My PC)

Can you email us a request now? https://patchmypc.com/technical-support

We can jump on a remote session to review this a little more via remote control.

Quote from: Ted Chiueh on May 15, 2019, 04:07:41 PM
Yes, I've followed the steps recommended below from the previous post on 4/10/2019:

1.   Open command prompt as Administrator
2.   Launch Internet Explorer as SYSTEM using command line: psexec.exe -s -i "C:\Program Files\internet explorer\iexplore.exe"
3.   In Internet Explorer > Settings > Connections > LAN Settings > Enable "Use a proxy server for your LAN and configure the IP Address and Port and click OK and close IE


willudo

Just to close this out - Ted and I got on a call with Justin this morning.

It doesn't seem that we're going to be able to get out to http://timestamp.digicert.com/ without some serious firewall exceptions from our network team. We were able to work around that issue within the PatchMyPC Publishing Service to allow us to download packages without being timestamped for the time being, while we wait for a full exemption of our SCCM box to the appropriate web URLs. From what we can tell, a proxy with authentication just won't work with WSUS, even though we can get the digicert site to load fine in IE launched as System as noted above.

If you have similar issues, reach out to support and they'll provide you with the *temporary* workaround. You shouldn't go without signing forever :)

Thanks again Justin and team!

-Will