Hello,
We have an older Windows 7 environment on which we are unable to deploy the WAPT agent using our GPO (which works on newer machines). The error is clearly:
"Unable to check digital signature of executable C:\users\...\AppData\Local\Temp\waptagent.exe".
With an "Exception $0040210C $00405702".
We suspected a problem with the client's SSL/TLS layer version (the schannel under Win7 uses SSL 2, but not TLS), but simply enabling TLS 1.2 in the registry doesn't solve the problem...
Our WAPT is version 2.4.0.14080.
What have we missed? Or is Win7 too outdated for WAPT?
Thank you for your answers.
Signature verification failed for waptdeploy.exe
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Good morning,
In version 2.4, waptdeploy verified the Authenticode signature of the waptagent.exe executable, confirming that the executable's signer was indeed Tranquil IT
But this poses problems with machines not connected to the internet, or whose CAs are not up to date.
In subsequent versions, we disabled this by default. (We already check integrity using the hash.)
You can add the following to the GPO command line:
In version 2.4, waptdeploy verified the Authenticode signature of the waptagent.exe executable, confirming that the executable's signer was indeed Tranquil IT
But this poses problems with machines not connected to the internet, or whose CAs are not up to date.
In subsequent versions, we disabled this by default. (We already check integrity using the hash.)
You can add the following to the GPO command line:
Code: Select all
--disablechecksignature=1Tranquil IT
