TSSA: After upgrading to TSSA 8.9 SP4 patch1, windows patch analysis is failing with error - STDERR: Error: Encountered error 0x800710dd initializing scanner -

Version 26
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BladeLogic Server Automation Suite


    COMPONENT:

    TrueSight Server Automation


    APPLIES TO:

    TSSA 8.9 SP4 Patch1



    PROBLEM:

    After upgrading to TSSA 8.9 SP4 patch1, Windows patch analysis jobs fail with the following error:

    - Appserver: 8.9 SP4 patch1
    - Target agent: 8.9 SP4 patch1
    - Target OS: Windows server 2008 R2 SP1, 2012 R2 etc

    <job run log>
    Error    06/24/2018 13:14:20    STDERR: Error: Encountered error 0x800710dd initializing scanner - The operation identifier is not valid.Possible cause is: Signature verification certificates may not have been installed on this server. Re-run the patching job in debug mode and check log file AnalysisTrace.log for further details. Error: Unable to initialize analysis engine.Error: Analysis failed.
    Info    06/24/2018 13:14:20    Analyzer execution complete on server: <target> , exitCode: -3

    ...

    User-added image
     


    CAUSE:

    Missing certain PKI certificates on the Windows Target Server. New Shavlik content is SHA2-signed, whose signature verification requires certain PKI certificates to be present on the target.


    SOLUTION:

     

    This 9.3 SDK is SHA-2 signed and the error implies that certain required certificates are not present on the Target Server.


    Preferred Method of solving issue:

    A TSSA Compliance Template with remediation has been developed by BMC to automatically detect and resolve the issue. The template is attached as WindowsPatchCert.zip

    Please import the template according to the readme.txt file as version neutral, run discovery and compliance followed by remediation.

    P.S. Change the rule for Discovery based on your target agent version. The template attached is for 8.9.03 and has below rule:

    ??TARGET.OS?? = "Windows"  AND
    (  ??TARGET.AGENT_MAJOR_VERSION*?? = 8  AND
       ??TARGET.AGENT_MINOR_VERSION*?? <= 9  AND
       ??TARGET.AGENT_PATCH_VERSION*?? <= 3
    )


    If you are facing this issue in 8.9.04 patch1 then change it as below:

    ??TARGET.OS?? = "Windows"  AND
    (  ??TARGET.AGENT_MAJOR_VERSION*?? = 8  AND
       ??TARGET.AGENT_MINOR_VERSION*?? <= 9  AND
       ??TARGET.AGENT_PATCH_VERSION*?? <= 4
    )

    Alternate Method:

    Below are manual steps to resolve the issue on the Target Server:

    1) Copy the attached zip file ('certificates.zip' containing two certificate files) and extract it to a temp folder on target server
    2) Go to the target server, go to Start > Run > mmc.exe
    3) select File > Add/remove Snap-in
    4) Select Certificates from the list of available snap ins and add >> choose "Computer account" & next >> choose "Local computer" >> Finish & OK


    User-added image

    5) Under "Trusted Root Certification Authorities\Certificates", check for 'DigiCert Assured ID Root CA'
    If not there, please import it using the attached certificate file as screenshot.

    User-added image

    Then it should show as below:
    User-added image

    6) Under "Intermediate Certification Authorities\Certificates", check for 'DigiCert SHA2 Assured ID Code Signing CA'
    if not there, please import it using the attached certificate file as screenshot2
    User-added image


    Once the above steps have been completed, re-run the Windows Patch Analysis job and confirm the issue is resolved.


    If the issue persists even after applying the certs or this started happening after 17-JUL-2019, pease update the Windows Patch Catalog and re-run the analysis. The certificate Ivanti signed the patch metadata with expired on 17-JUL-2019.  Ivanti has since posted new metadata signed by a valid certificate.  Running a Catalog Update Job will pull the new metadata into the catalog and resolve the issue with the expired certificate.

     


    Article Number:

    000155145


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles