Environment

• App Control Server: 8.7.8, 8.8.6, 8.9.4+
• Microsoft Windows Server: All Supported Versions

Symptoms

• Package Generation is disabled immediately after uploading new Agent Host Package Installer.
• Airgapped or otherwise limited Internet access.
• ServerLog.bt9 entries similar to:

  (6516 PackageGeneration) SignatureQuery::ValidateCertificate: File[C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi] did not pass verification Error[800B010A] Chain[0] Element[-1]
  (6516 PackageGeneration) SignatureQuery::ValidateCertificateOnFile: File[C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi] did not match certificate Error[800B010A]
  (6516 PackageGeneration) TestParityHostFile certificate validation failed: 0x800B010A
  (6516 PackageGeneration) Deleted invalid host package file C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi
  ...
  (6516 PackageGeneration) TestParityHostFile cannot open C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi, error: 2
  (6516 PackageGeneration) HostGroupStorage::GenerateWindowsPackages: Host files not correctly signed, turning off package generation
  

Cause

Resolution

1. Download and transfer the USERTrust RSA Root Certificate to the application server.
2. Log in to the application server as the Carbon Black Service Account.
3. Extract & open the .cer file. Click Install Certificate.
4. In the Import Wizard choose: Local Machine > Place all certificates in the following store > Browse > Trusted Root Certification Authorities > OK > Next > Finish.
5. After the import completes, re-run the HostPackageInstaller_VERSION executable locally to replace any deleted files.
6. Verify Package Generation remains Enabled.

Additional Notes

• If the certificates used for the Agent Installers changes in the future the process may need to be repeated.
• If the steps above do not resolve the issue, please follow the guidance here.

Related Content