Share via

Failed to download content id 16829879. Error: Invalid certificate signature

Shanker Kumar 51 Reputation points
2021-04-09T12:10:47.403+00:00

While trying to download third party updates for DELL, we get the below mentioned error 

Failed to download content id 16829879. Error: Invalid certificate signature

We are on CB 2010 with Hotfix 4594177 installed, please suggest if we have any fix for this error/

Microsoft Security | Intune | Configuration Manager | Updates
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Simon Ren-MSFT 40,346 Reputation points Microsoft External Staff
    2021-04-12T07:38:45.487+00:00

    Hi,

    Thanks for posting in Microsoft MECM Q&A forum.

    1.When you use Configuration Manager manages the certificate option, a new certificate of type Third-party WSUS Signing is created in the Certificates node under Security in the Administration workspace. Please help check whether the certificate status is BLOCKED or UNBLOCKED status from SCCM console (\Administration\Overview \Security\Certificates). If the certificate is blocked, then there is a chance of failure in the publishing process.

    2.If possible, please reboot of the site server to have a try.

    Similar thread for your reference: Invalid certificate signature Error 0x800b0004 0x80073633 when Downloading Updates

    Thanks for your time.
     
    Best regards,
    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Simon Ren-MSFT 40,346 Reputation points Microsoft External Staff
    2021-04-13T02:18:42.65+00:00

    Hi,

    Thanks for your reply.

    1.Please help check the SMS_ISVUPDATES_SYNCAGENT.log and wsyncmgr.log to see if there is any further information about the issue.

    2.Maybe it's a known issue listed by the official document:

    Configuration Manager has a new version for the catalog cab file format. The new version includes the certificates for the vendor's binary files. These certificates are added to the Certificates node under Security in the Administration workspace once you approve and trust the catalog.

    You can still use the older catalog cab file version as long as the download URL is https and the updates are signed. The content will fail to publish because the certificates for the binaries aren't in the cab file and already approved. You can work around this issue by finding the certificate in the Certificates node, unblocking it, then publish the update again. If you're publishing multiple updates signed with different certificates, you'll need to unblock each certificate that is used.

    For more information, please refer to:
    SCCM third-party updates known issues
    SCCM Enable third-party updates

    Thanks for your time.

    Best regards,
    Simon
    If the response is helpful, please click "Accept Answer" and upvote it.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.