Have you ever come to a situation when a Citrix SCOM Management Pack installation failed on the SCOM management server computer? After the product installation had started, it suddenly got aborted and the following error message was thrown:

The setup Wizard encountered an error
Error Type: ExePackage
Error Code: 0x800B010A or 0x80096005
Detailed Message:

Installation1

Installation2

What causes this error?

The reason for such behavior most likely lies in disabled automatic installation of trusted root certification authority certificates.

The Citrix SCOM Management Pack installation package is signed with our certificate, which might not be trusted on the target computer. Computers that are not connected to the Internet cannot automatically download these certificates.

In our case, the certificate (issued by VeriSign) which is used by a Citrix SCOM Management Pack has to be trusted. To achieve this, a root certificate in the certificate chain must be added to “Trusted Root Certification Authorities”.

How and where can I  check to see if certificates are missing?

In case certificates are missing, this should be checked in Certificate Manager in the Trusted Root Certification Authorities certificate group:

  • Class 3 Public Primary Certification Authority – G2.cer
  • VeriSign Class 3 Public Primary Certification Authority – G5.cer

Authority1

What is the solution or workaround?

In case automatic installation and upgrade of trusted root certification authority certificates are disabled (for security reasons), VeriSign certificates can be downloaded and imported manually.

For manual import, perform the below steps.

Obtain the certificate from the following location:
http://www.symantec.com/content/en/us/enterprise/verisign/roots/roots.zip

For Citrix SCOM Management Packs, the G2 and G5 certificates should be imported:

  • Class 3 Public Primary Certification Authority – G2.cer
  • VeriSign Class 3 Public Primary Certification Authority – G5.cer

Import Class 3 Public Primary Certification Authority – G2.cer

Authority2

Authority3

Perform the same steps for the VeriSign Class 3 Public Primary Certification Authority – G5.cer certificate if it is missing.

Verification

How do you verify if installation of VeriSign certificates resolves the problem? The easiest way is that you re-run Citrix SCOM Management Pack installation on the SCOM management server computer and check if the process completes successfully.

What to do if the provided solution did not resolve the issue?

In case that VeriSign certificates (G2 in G5) were missing on the computer and after a successful import the issue persists, a different reason for the issue should be identified.

  1. To verify the UTN-USERFirst-Object certificate, follow the below screen-shots. The certificate verification can be performed on the Citrix SCOM Management Pack or other product installation package.
comodo1 comodo2
comodo3 comodo4

Issue with COMODO SHA-1 Time Stamping

How to apply the “UTN-UserFirst-Object – Comodo Timestamping” certificate?

In case the issue with Comodo Timestamping and an invalid root “UTN-USERFirst-Object” certificate persists, follow the bellow steps to apply it as “Trusted Root Certificate Authority”.

The authority certificate used for content signing is available at the following location:
https://www.tbs-certificates.co.uk/FAQ/en/97.html

Perform these steps:

  1. Download and open the UTN-UserFirst-Object

UTN-UserFirst1

    2. Double-click the selected entry to open the certificate.

UTN-UserFirst2

3. Click Install Certificate and select the Trusted Root Certification Authorities certificate store during the import.

UTN-UserFirst3

 4. At the end, verify if certificate was installed successfully.

TimeStamp1 TimeStamp2
TimeStamp3 TimeStamp4

Successfully installed UTN-UserFirst-Object certificate

Important note

The issue with the “UTN-UserFirst-Object – Comodo Timestamping” certificate is not related only to Citrix SCOM Management Packs. It may also occur with other Citrix products.

 Citrix Mobilize Windows Banner 1_728x90-061715