SCCM ConfigMgr Prerequisite Check Error Failed to Verify Authenticode Signature Configuration Manager MEMCM? SCCM prerequisite file check is one of the important steps before the kick start of an actual upgrade of SCCM/ConfigMgr 2012 to CB. Here is the list of things you want to look into if you are starting the upgrade of SCCM ConfigMgr 2012 to CB 1606.
While performing the actual upgrade process, you “really” don’t want to be stuck with some issues and don’t want to miss the timelines of the SCCM upgrade.
To avoid these delays in the SCCM CB upgrade process, I suggest completing the prerequisite download step a few days before the actual upgrade. We received the following error, and the SCCM CB upgrade wizard didn’t complete successfully.
Prerequisite Download Issues
As you can see, the error in the following picture, Prerequisite Downloads – Use previously downloaded files- An error has occurred while attempting to download or verify required prerequisite components, and setup cannot continue. Review the configmgrsetup.log file for further details.
We reviewed the configmgrsetup.log file, and it gave us two errors related to Authenticode Signature. I found some clues about a similar issue in the following thread a Reddit thread. But, I was not sure which was the certificate mentioned in the thread.
ERROR: Failed to verify 'F:\Sources\CB\Prereq\SQLSysClrTypes.msi' Authenticode Signature ERROR: File Signature check failed for F:\Sources\CB\Prereq\SQLSysClrTypes.msi ERROR: Failed to verify F:\Sources\CB\Prereq\SharedManagementObject.msi' Authenticode signature ERROR: File Signature check failed for F:\Sources\CB\Prereq\ SharedManagementObject.msi.msi
Fix SCCM ConfigMgr Prerequisite Check Error Failed
We were using the same prerequisite files for all the hierarchy, and those sets of files worked for a couple of other primaries and CAS. But one primary was giving us loads of trouble. I started comparing the certs of CAS and Primary servers and found that one particular cert was missing from the problematic SCCM/ConfigMgr primary server.
Following is the cert name missing from the SCCM primary server – “Microsoft Root Certificate Authority 2011”. We imported the certificate from the working SCCM CAS server. We exported it to the primary server’s Local computer – Trusted Root Certification Authorities and that helped resolve the Authenticode Signature issue.
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
