Purpose
When attempting to download a package (automatically or manually) from the Package Library in PDQ Deploy you receive the following error, or similar, "Package Failed Authenticode Verification".
Resolution
The error is caused by the Microsoft Authenticode signature failing to be verified on the package being downloaded from the Package Library.
Causes and resolutions for this failure can include the following:
- Ensure the root certificates are installed (see the KB article mentioned above). Since root certificates are installed from Windows Update, ensure the PDQ console computer is fully patched with all root certificate updates.
- The two Trusted Root certificates specifically needed for Package downloads are:
- Baltimore CyberTrust Root
- ISRG Root X1
- The two Trusted Root certificates specifically needed for Package downloads are:
- Ensure the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate does not exist or is set with a DWORD value of 0 (a setting of "1" will prevent new root CA updates on the PDQ console computer).
Ensure the "State" value in the following registry location on your PDQ server is set with a hex value of "23c00" (This value corresponds to the Internet Explorer security setting Check for publisher's certificate Revocation and Check for signatures on downloaded programs).
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
Ensure nothing is corrupting the file(s) being downloaded, such as an edge device/antivirus, and try the download again.
In other cases not covered by the above, the error message will contain additional information that should narrow down the possible cause.
See Also
Article - Recommended Antivirus/Antimalware Exclusions for PDQ Products