Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Package Generation Disabled Due To Missing Certificate

App Control: Package Generation Disabled Due To Missing Certificate


  • App Control Server: 8.7.8, 8.8.6, 8.9.4+
  • Microsoft Windows Server: All Supported Versions


  • Package Generation is disabled immediately after uploading new Agent Host Package Installer.
  • Airgapped or otherwise limited Internet access.
  • ServerLog.bt9 entries similar to:
    (6516 PackageGeneration) SignatureQuery::ValidateCertificate: File[C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi] did not pass verification Error[800B010A] Chain[0] Element[-1]
    (6516 PackageGeneration) SignatureQuery::ValidateCertificateOnFile: File[C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi] did not match certificate Error[800B010A]
    (6516 PackageGeneration) TestParityHostFile certificate validation failed: 0x800B010A
    (6516 PackageGeneration) Deleted invalid host package file C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi
    (6516 PackageGeneration) TestParityHostFile cannot open C:\Program Files (x86)\Bit9\Parity Server\hostpkg\ParityHostAgent.msi, error: 2
    (6516 PackageGeneration) HostGroupStorage::GenerateWindowsPackages: Host files not correctly signed, turning off package generation


The application server is unable to validate necessary certificates against the remote Certificate Authority and the relevant Code Signing certificate is missing from Trusted Root Certification Authorities on the application server.


  1. Download and transfer the USERTrust RSA Root Certificate to the application server.
  2. Log in to the application server as the Carbon Black Service Account.
  3. Extract & open the .cer file. Click Install Certificate.
  4. In the Import Wizard choose: Local Machine > Place all certificates in the following store > Browse > Trusted Root Certification Authorities > OK > Next > Finish.
  5. After the import completes, re-run the HostPackageInstaller_VERSION executable locally to replace any deleted files.
  6. Verify Package Generation remains Enabled.

Additional Notes

  • If the certificates used for the Agent Installers changes in the future the process may need to be repeated.
  • If the steps above do not resolve the issue, please follow the guidance here.

Related Content

Labels (1)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Creation Date: