cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
jessay
Level 7
Report Inappropriate Content
Message 1 of 4

ePO 5.3.1 Master Repository Update fails

Jump to solution
ePO 5.3.1 Master Repository Update fails

Operate an EPO 5.3.1 server

When manually or executing server task Update Repository I receive the following error

"Update Master Repository (Failed to verify site catalog, no repository public key matches signature)

First attempt at resolving issue I performed the software catalog rebuild which yielded no success

Second attempt at resolving issue I copied keys from keystore stopped services relocated keys to keystore_Backup started services created new keys and still yielded no success

When reviewing the EpoApSvr logs I see the following errors

NAISIGN        "No 1024bit key matching (Encrypted string here) found while verifying cab signature"

NAISIGN         "No 2048bit key matching (Encrypted string here) found while verifying cab signature"

NAISIGN         "Signature present but no key found to verify signature"

SITEMGR        "VerifyCatalogSignature: Catalog file *\filepath\*.tmp\000000000\catalog.z is corrupt or    failed signature validation.  File has been tampered with, corrupt, or was signed by unknown source"

SITEMGR        "VerifyCatalogSignature:  Failed to verify signature of catalog file *\filepath\catalog.z"

 

So I need to figure out what keys I need to make and I am guessing that process should create a new signature to go with it so I can finally get my repo updates again instead of manually having to download daily dats etc.

 

The latest attempts I executed to try and resolve this was the following

I have attempted the following rebuilds

KB86253

Rebuilt the sm2048servername/smservername keys

backing up/deleting restarting application server

 

KB53736

Renamed DB/Software directory

imported original windows.zip linux.zip mac.zip then imported all the modules

 

I think whatever certificates are relied on are somehow corrupted

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: ePO 5.3.1 Master Repository Update fails

Jump to solution

In the server settings, security keys, you will see the repository key hashes listed.  Does that hash exist that it is looking for?  Are you pulling from another epo server or McAfee site?  Do you have any other epo servers?  If so, check their key hashes for the repo keys.  If any of them match, export the public key and import it into epo.  Don't export the key pair and import it, or it will overwrite your current master repo key.

The only way to regenerate the keys is to remove the sm keys and restart the epo services, as you said you have tried.  After doing that, you may have to completely rebuild the master repository. 

If none of that works, please open a ticket with McAfee so we can assist further.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

3 Replies
bbk
Level 8
Report Inappropriate Content
Message 2 of 4

Re: ePO 5.3.1 Master Repository Update fails

Jump to solution

Are you using a proxy?

Since when did the problem start?

jessay
Level 7
Report Inappropriate Content
Message 3 of 4

Re: ePO 5.3.1 Master Repository Update fails

Jump to solution

Problems have existed for some time now and due to work executed by someone no longer here and did not take a snapshot after making several changes.  I have fixed all but 2 outstanding issues, this one and one other I believe I can rebuild to correct.  No proxy is being used and I believe either a cert was deleted that should not have been or someone corrupted

The errors I consistently see when I execute either manually or via scheduled task is

Downloaded file catalog.z successfully in session 1, size=12345, SHA1 hash=1234567890QAZWSXEDC etc

No 1024bit key matching 1234567890QAZWSXEDC(fake string to provide example)= found while verifying cab signature

No 2048bit key matching QAAZWwerdvcdEDDDX= found while verifying cab signature

Signature present but no key found to verify signature

Is there a way to rebuild the key/generate new signature and key to resolve that error?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: ePO 5.3.1 Master Repository Update fails

Jump to solution

In the server settings, security keys, you will see the repository key hashes listed.  Does that hash exist that it is looking for?  Are you pulling from another epo server or McAfee site?  Do you have any other epo servers?  If so, check their key hashes for the repo keys.  If any of them match, export the public key and import it into epo.  Don't export the key pair and import it, or it will overwrite your current master repo key.

The only way to regenerate the keys is to remove the sm keys and restart the epo services, as you said you have tried.  After doing that, you may have to completely rebuild the master repository. 

If none of that works, please open a ticket with McAfee so we can assist further.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator