SVM Patching Plugin is installed with an elevated admin account but it fails to load when a web page is refreshed. It displays a '"An error occurred while loading the SVM Plugin" related to signature checksum.
SVM Patching Plugin is installed with an elevated admin account but it fails to load when a web page is refreshed. Internet Explorer displays '"An error occurred while loading the SVM Plugin" related to signature checksum failure.
This issue occurs because the root certificate of Thawte and Verisign are not installed or are not updated correctly on the local system. There could be some security settings on your system or in your browser settings that prevent the install/update of root certificates from these vendors.
There could be something blocking the CRL check for these certs.
Steps To Reproduce
Under Patching/Configuration/WSUS/System Center (Disconnected) you get an error message saying "Digital signature could not be verified"
The option 'Configure Upstream Server' is disabled for configuration.
When you hover your mouse over the message "An error occurred while loading the SVM Plugin" additional information on the specific error shows:
Unable to verify checksum signature: 12029 Unable to verify checksum signature: 12038 Unable to verify checksum signature: 12045 Unable to verify checksum signature: 12057
Replace with the correct ones, or install from scratch, the following certificates in the Trusted Root Certification Authority store (MMC/...Certificates/Computer Account) Here are a few ways to do this:
1. You can download the certificates yourself from the vendors' websites or you can download the certs attached to this article.
Certificate Names (there might be more added, check CRL-related articles in the community too):
Thawte Extended Validation SSL CA
Thawte Primary Root CA
VeriSign Class 3 Public Primary Certification Authority - G5
This should be safe to do and it may release all Clients at once to perform CRL validation. This helps with CRL validation not only to load SVM's patching plugin, but it's also required for Agents connections and Daemon as well. This workaround is a prerequisite and it shall be considered in all cases.
on Feb 25, 201910:52 AM - edited on Sep 16, 201902:49 PM by RDanailov