Author Topic: Failed to sign package; error was: 2149122455 - Impacts all packages  (Read 473 times)

Offline willudo

  • Newbie
  • *
  • Posts: 4
    • View Profile
Hello PatchMyPC team :)

Working with the Enterprise catalog and trying to do an initial sync and publish to WSUS. I'm getting the following error for every package that is processed:

"An error occurred while publishing an update to WSUS: Failed to sign package; error was: 2149122455"

Googling had similar issues that pointed to a mismatch of WSUS shares and file paths. I have confirmed that those exist and are correct on my server.

Looking for the specific error code - 2149122455 - brought up even less information, save for one reference to a proxy error. My server is behind a web proxy and I've set the proxy settings - downloads for the packages work just fine so I believe that's setup properly.

This was tried with a WSUS-generated certificate, and a Publishing Service-generated self-signed certificate - no change in errors either way.

I also tried assigning the service to run as my SCCM service account in case it was something permission based - no change in errors there either.

Issue existed with 1.2.5.0 build, 1.2.5.4 preview build, and still exists as of the 1.3.0.0 builds (Just updated yesterday).

Logging level is set to Debug and I'm happy to provide them via email/private message if that would help :)

Thanks in advance!

-Will





Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 1832
    • View Profile
    • Patch My PC Support
Re: Failed to sign package; error was: 2149122455 - Impacts all packages
« Reply #1 on: April 10, 2019, 09:50:04 AM »
2149122455 = Proxy authentication required (407).

Can you try to set the proxy at the SYSTEM level as described here? https://patchmypc.com/forum/index.php?topic=2673.0 to see if that helps?


Hello PatchMyPC team :)

Working with the Enterprise catalog and trying to do an initial sync and publish to WSUS. I'm getting the following error for every package that is processed:

"An error occurred while publishing an update to WSUS: Failed to sign package; error was: 2149122455"

Googling had similar issues that pointed to a mismatch of WSUS shares and file paths. I have confirmed that those exist and are correct on my server.

Looking for the specific error code - 2149122455 - brought up even less information, save for one reference to a proxy error. My server is behind a web proxy and I've set the proxy settings - downloads for the packages work just fine so I believe that's setup properly.

This was tried with a WSUS-generated certificate, and a Publishing Service-generated self-signed certificate - no change in errors either way.

I also tried assigning the service to run as my SCCM service account in case it was something permission based - no change in errors there either.

Issue existed with 1.2.5.0 build, 1.2.5.4 preview build, and still exists as of the 1.3.0.0 builds (Just updated yesterday).

Logging level is set to Debug and I'm happy to provide them via email/private message if that would help :)

Thanks in advance!

-Will

Offline willudo

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Failed to sign package; error was: 2149122455 - Impacts all packages
« Reply #2 on: April 12, 2019, 05:24:32 PM »
Thanks for that Justin!

Just followed the instructions - pretty straightforward but still no luck. I'm guessing that the fact that our proxy requires authentication to be passed through means that this won't be an option for us.

Let me make a request to our network team to white-list that DNS name and exempt it from our proxy. If that works, I'll post back here just to capture the knowledge :)

-Will

Offline willudo

  • Newbie
  • *
  • Posts: 4
    • View Profile
Just an update - still working with our network team on getting the appropriate exceptions. We've tried a few things but no luck yet. I'll post back here once we figure out exactly what configuration had to be applied on the network side in hopes that it might expedite the process for anyone else in a more secure environment :)

Offline Ted Chiueh

  • Newbie
  • *
  • Posts: 2
    • View Profile
Hi Justin,

I will be working with you on the issue here as Will is transitioning to another project which consumes majority of his time. I'm seeing another error starting on 5/2 below:

An error occurred while publishing an update to WSUS: Failed to sign package; error was: 2149122451

Based on the error lookup, it states that it is a "Forbidden (403)". Please let me know what you think as we continue with troubleshooting the issue. Thank you!

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 1832
    • View Profile
    • Patch My PC Support
Have you configured the proxy at the SYSTEM level https://patchmypc.com/forum/index.php?topic=2673.0?


Hi Justin,

I will be working with you on the issue here as Will is transitioning to another project which consumes majority of his time. I'm seeing another error starting on 5/2 below:

An error occurred while publishing an update to WSUS: Failed to sign package; error was: 2149122451

Based on the error lookup, it states that it is a "Forbidden (403)". Please let me know what you think as we continue with troubleshooting the issue. Thank you!

Offline Ted Chiueh

  • Newbie
  • *
  • Posts: 2
    • View Profile
Yes, I've followed the steps recommended below from the previous post on 4/10/2019:

1.   Open command prompt as Administrator
2.   Launch Internet Explorer as SYSTEM using command line: psexec.exe -s -i "C:\Program Files\internet explorer\iexplore.exe"
3.   In Internet Explorer > Settings > Connections > LAN Settings > Enable "Use a proxy server for your LAN and configure the IP Address and Port and click OK and close IE

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 1832
    • View Profile
    • Patch My PC Support
Can you email us a request now? https://patchmypc.com/technical-support

We can jump on a remote session to review this a little more via remote control.

Yes, I've followed the steps recommended below from the previous post on 4/10/2019:

1.   Open command prompt as Administrator
2.   Launch Internet Explorer as SYSTEM using command line: psexec.exe -s -i "C:\Program Files\internet explorer\iexplore.exe"
3.   In Internet Explorer > Settings > Connections > LAN Settings > Enable "Use a proxy server for your LAN and configure the IP Address and Port and click OK and close IE


Offline willudo

  • Newbie
  • *
  • Posts: 4
    • View Profile
Just to close this out - Ted and I got on a call with Justin this morning.

It doesn't seem that we're going to be able to get out to http://timestamp.digicert.com/ without some serious firewall exceptions from our network team. We were able to work around that issue within the PatchMyPC Publishing Service to allow us to download packages without being timestamped for the time being, while we wait for a full exemption of our SCCM box to the appropriate web URLs. From what we can tell, a proxy with authentication just won't work with WSUS, even though we can get the digicert site to load fine in IE launched as System as noted above.

If you have similar issues, reach out to support and they'll provide you with the *temporary* workaround. You shouldn't go without signing forever :)

Thanks again Justin and team!

-Will
« Last Edit: May 16, 2019, 11:46:14 AM by Justin Chalfant »