This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
m25487
Contributor
‎2022-03-23 06:17 AM
Jump to solution

Create own MSI Installer Verification of installation package failed (trac.defaults)

Hi there,

we have configured Remote Access VPN Client to disable the "always_connect" setting.
With the VPN Configuration Utility I integrate the trac.defaults file and thus create a new MSI installation file.
When importing the .msi file I get a "signature error" which I can skip, but at the latest during deployment I get a verification error.

When upgrading the client from E80.20 to E80.25, the trac.defaults file is overwritten and thus our "always_connect" (false) setting is lost.
Therefore I am forced to upload my own MSI file with integrated trac.defaults.

package_error.png

 

 

 

 

Is there a way to disable signature verification?
Or is there another way to include a separate trac.defaults file with an upgrade?
Or is there a possibility that the trac.defaults file will not be overwritten during a client upgrade.

Thanks.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-03-24 08:08 AM
In response to m25487
Jump to solution

Not as far as I know.
I recommend a TAC case.

View solution in original post

0 Kudos
11 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-03-23 07:35 AM
Jump to solution

sk172567: "Failed (Signature error)" message in SmartEndpoint, when the user fails to upload EPS.msi...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2022-03-23 07:39 AM
Jump to solution

What version/JHF of management are we talking about?

0 Kudos
m25487
Contributor
‎2022-03-23 08:06 AM
In response to PhoneBoy
Jump to solution

R81.10 (81.10.9600.402)

0 Kudos
PhoneBoy
Admin
Admin
‎2022-03-23 08:28 AM
In response to m25487
Jump to solution

Did you apply sk172567?
If that didn't work, it might be worth a TAC case.

0 Kudos
m25487
Contributor
‎2022-03-23 08:35 AM
In response to PhoneBoy
Jump to solution

Updated the Console to R81.10 (81.10.9600.404) same error message appears.
I will set up a fresh win 10 and install the console. I will report.

0 Kudos
m25487
Contributor
‎2022-03-24 02:42 AM
In response to m25487
Jump to solution

2 different Win 10 installations with the same problem.
Is there a possibility that the VPN Configuration Utility destroys the signature when creating the MSI file? According to the SK article, should the utility also work for Endpoint Security Client?

0 Kudos
PhoneBoy
Admin
Admin
‎2022-03-24 08:08 AM
In response to m25487
Jump to solution

Not as far as I know.
I recommend a TAC case.

0 Kudos
m25487
Contributor
‎2022-03-24 08:29 AM
In response to PhoneBoy
Jump to solution

OK. i opened a TAC case.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-03-31 07:00 AM
In response to m25487
Jump to solution

And what was the solution ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
m25487
Contributor
‎2022-03-31 07:18 AM
In response to G_W_Albrecht
Jump to solution

Case ist still pending by checkpoint. I'll report as soon as I have more information

m25487
Contributor
‎2022-04-13 12:51 AM
In response to m25487
Jump to solution

Reply from the TAC Support.

Customer: Hi there,
thanks for the enlightenment.
So that I understand correctly: Upgrading the client via the SmartEndpoint Console is only possible if the MSI file is downloaded directly from the Checkpoint server.
As I understand it correctly, the trac.defaults file is automatically overwritten when the client is upgraded. This is works as designed and cannot be prevented.

TAC Support: This is correct.

Regarding this statement: "As soon as the MSI file is changed/created, the client must be upgraded via SCCM/GPO." ---> Technically yes, we can dispatch this file to hosts separately but for large businesses SCCM/GPO are probably the most convenient and recommended.

As soon as the MSI file is changed/created, the client must be upgraded via SCCM/GPO.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events