SCCM prerequisite file check is one of the important steps before the kick start of an actual upgrade of SCCM/ConfigMgr 2012 to CB. Here is the list of things you wanted to look into if you are just starting the upgrade of SCCM ConfigMgr 2012 to CB 1606. While performing the actual upgrade process, you “really” don’t want to stuck with some issues and don’t want to miss the timelines of the SCCM upgrade.
To avoid these delays in SCCM CB upgrade process, I would suggest completing the prerequisite download step few days before the actual upgrade. We received the following error, and SCCM CB upgrade wizard didn’t complete successfully. As you can see the error in the following picture, Prerequisite Downloads – Use previously downloaded files– An error has occurred while attempting to download or verify required prerequisite components and setup cannot continue. Review the configmgrsetup.log file for further details.
We reviewed the configmgrsetup.log file, and it was giving us two errors related to Authenticode Signature. I found some clues about the similar issue in the following thread a Reddit thread. But, I was not very sure which was the certificate which was mentioned in the thread.
ERROR: Failed to verify 'F:\Sources\CB\Prereq\SQLSysClrTypes.msi' Authenticode Signature ERROR: File Signature check failed for F:\Sources\CB\Prereq\SQLSysClrTypes.msi ERROR: Failed to verify F:\Sources\CB\Prereq\SharedManagementObject.msi' Authenticode signature ERROR: File Signature check failed for F:\Sources\CB\Prereq\ SharedManagementObject.msi.msi
We were using the same prerequisite files for all the hierarchy, and those set of files worked for a couple of other primaries and CAS. But one primary was giving us loads of trouble. Started comparing the certs of CAS and Primary servers and found that one particular cert was missing from the problematic SCCM/ConfigMgr primary server. Following is the cert name which was missing from the SCCM primary server – “Microsoft Root Certificate Authority 2011“. We imported the certificate from the working SCCM CAS server and exported it to the primary server’s Local computer – Trusted Root Certification Authorities and that helped to resolve the Authenticode Signature issue.