This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SVM Patching Plugin Not Loading Correctly [Solved]

Summary

SVM Patching Plugin is installed with an elevated admin account but it fails to load when a web page is refreshed. It displays a '"An error occurred while loading the SVM Plugin" related to signature checksum.

Symptoms

SVM Patching Plugin is installed with an elevated admin account but it fails to load when a web page is refreshed. Internet Explorer displays '"An error occurred while loading the SVM Plugin" related to signature checksum failure.

Cause

This issue occurs because the root certificate of Thawte and Verisign are not installed or are not updated correctly on the local system. There could be some security settings on your system or in your browser settings that prevent the install/update of root certificates from these vendors. 

There could be something blocking the CRL check for these certs.

Steps To Reproduce

Under Patching/Configuration/WSUS/System Center (Disconnected) you get an error message saying "Digital signature could not be verified"

The option 'Configure Upstream Server' is disabled for configuration.

When you hover your mouse over the message "An error occurred while loading the SVM Plugin" additional information on the specific error shows:

Unable to verify checksum signature: 12029
Unable to verify checksum signature: 12038
Unable to verify checksum signature: 12045
Unable to verify checksum signature: 12057

Resolution

Replace with the correct ones, or install from scratch, the following certificates in the Trusted Root Certification Authority store (MMC/...Certificates/Computer Account)
Here are a few ways to do this:

1. You can download the certificates yourself from the vendors' websites or you can download the certs attached to this article.

Certificate Names (there might be more added, check CRL-related articles in the community too):

2. You can export them from a computer certificates store where you have SVM loading the plugin.
3. You can request them from Flexera Customer Support Center.

Workaround

In the event you have a Proxy server which may be blocking the certificate validation requests of your clients, you may white-list the following entries:

This should be safe to do and it may release all Clients at once to perform CRL validation. This helps with CRL validation not only to load SVM's patching plugin, but it's also required for Agents connections and Daemon as well. This workaround is a prerequisite and it shall be considered in all cases.

on ‎Feb 25, 2019 10:52 AM - edited on ‎Sep 16, 2019 02:49 PM by Level 7 Flexeran

clrplugin.dll certs.zip
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Sep 16, 2019 02:49 PM
Updated by:
Level 7 Flexeran