cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ePO Repository pull fails with error

Jump to solution

Hi, 

Trying to pull repository from Master ePO to Slave ePO. Using ePO 5.10 Update 6

I get the following error:

2/4/20 12:00:10 PMStarted: Pulling content from Master-EPO to Current branch
2/4/20 12:00:23 PMRepository Pull from site Master-EPO complete, no warnings
2/4/20 12:00:23 PMUpdate DAT from Master-EPO (Failed to verify site catalog, no repository public key matches signature.)

 

If I check EpoApSvr.log I see the following:

20200204120023 I #05568 INETMGR Downloaded file catalog.z successfully in session 1, size=4980, SHA1 hash=BD981B98EDC9CDA4354386AE64BD024A8CA3F239, SHA256 hash=79BCED364FB73943E9EA5728C3C816E6BCF93F7EAD8BBA25B22733B6BE8C674C.
20200204120023 I #05568 NAISIGN No 1024-bit key matching 4+eW6ZyF5UPEjaGJjDFze2O0YSM= found while verifying cab signature
20200204120023 I #05568 NAISIGN No 2048-bit key matching 2dsKSf0sI/FIYwv76/2mHDQq8+8TYcUwbr1GDB4GlcE= found while verifying cab signature
20200204120023 E #05568 NAISIGN CabSign.cpp(995): Signature present but no key found to verify signature
20200204120023 I #05568 SITEMGR Catalog file C:\Windows\TEMP\naiB3C2.tmp\00000000\catalog.z is corrupt or failed signature validation. File has been tampered with, corrupt, or was signed by unknown source
20200204120023 E #05568 SITEMGR SiteMgrHelper.cpp(2115): Failed to verify signature of catalog file C:\Windows\TEMP\naiB3C2.tmp\00000000\catalog.z
20200204120023 E #05568 SITEMGR Mirror.cpp(240): Error 0xfffffde0 verifying catalog file

 

What I have tried:

Rebuilt the sm2048servername/smservername keys
Removed and re-imported Security keys from Master ePO into Slave ePO
Removed and recreated Pull Task
Removed and recreated Source Site
Followed KB82581 and found nothing strange

The Keys from EpoApSvr.log isn't present in the Master ePO either, so I'm not sure where to find them.

If I download DAT file manually and add it to Master Repository on Slave ePO I works...

Im all out of ideas, please help!
//Tobbe

1 Solution

Accepted Solutions
Highlighted

Re: ePO Repository pull fails with error

Jump to solution

I managed to get this to work using another approach.

I removed the Slave ePO and installed an Agent Handler instead and connected all nodes to the Master ePO.

This works for the environment I am working in at the moment, so I will not spend any more time on trying to fix the issue.

 

But to answer your question:  I got key error in the Slave ePO.

View solution in original post

20 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 21

Re: ePO Repository pull fails with error

Jump to solution

Go through KB82581 to ensure you have imported the right keys or haven't missed a step.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: ePO Repository pull fails with error

Jump to solution

Hi, 

I have done that....several times to be really sure.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 21

Re: ePO Repository pull fails with error

Jump to solution

This says something is not right with the key still.

Signature present but no key found to verify signature

On the master server you are pulling from, you went to local master repository key pairs and exported the key pair and imported it into slave server?  Did you export both the 1024 and 2048 bit keys?

In the db\keystore directory, you should have extra sm key files with the name of the master epo server.  

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: ePO Repository pull fails with error

Jump to solution

I don't have extra SM keys, but I do have extra RP-keys from Master Server. I also have them in security keys. However, none of the keys on either server corresponds to the keys mentioned in the log file.

Yes, I exported both 1024 and 2048 keys.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 21

Re: ePO Repository pull fails with error

Jump to solution

These are the key hashes it is looking for with both the keys.  If you find those hashes, those are the ones that you need to import.

20200204120023 I #05568 NAISIGN No 1024-bit key matching 4+eW6ZyF5UPEjaGJjDFze2O0YSM= found while verifying cab signature
20200204120023 I #05568 NAISIGN No 2048-bit key matching 2dsKSf0sI/FIYwv76/2mHDQq8+8TYcUwbr1GDB4GlcE= found while verifying cab signature

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: ePO Repository pull fails with error

Jump to solution

Yeah, that's what I figured too. But none of these are present in either ePO.

 

Highlighted

Re: ePO Repository pull fails with error

Jump to solution

Is there a way to reset those keys?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 21

Re: ePO Repository pull fails with error

Jump to solution

On the master, no.  Get a screenshot of the keys in the master and slave servers under security keys, but blank out server names.  I just want to see the hashes.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: ePO Repository pull fails with error

Jump to solution

From slave:

 

slave.jpg

From Master

master.jpg

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community