Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
m25487
Contributor
Jump to solution

Create own MSI Installer Verification of installation package failed (trac.defaults)

Hi there,

we have configured Remote Access VPN Client to disable the "always_connect" setting.
With the VPN Configuration Utility I integrate the trac.defaults file and thus create a new MSI installation file.
When importing the .msi file I get a "signature error" which I can skip, but at the latest during deployment I get a verification error.

When upgrading the client from E80.20 to E80.25, the trac.defaults file is overwritten and thus our "always_connect" (false) setting is lost.
Therefore I am forced to upload my own MSI file with integrated trac.defaults.

package_error.png

 

 

 

 

Is there a way to disable signature verification?
Or is there another way to include a separate trac.defaults file with an upgrade?
Or is there a possibility that the trac.defaults file will not be overwritten during a client upgrade.

Thanks.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Not as far as I know.
I recommend a TAC case.

View solution in original post

0 Kudos
11 Replies
G_W_Albrecht
Legend Legend
Legend
0 Kudos
PhoneBoy
Admin
Admin

What version/JHF of management are we talking about?

0 Kudos
m25487
Contributor

R81.10 (81.10.9600.402)

0 Kudos
PhoneBoy
Admin
Admin

Did you apply sk172567?
If that didn't work, it might be worth a TAC case.

0 Kudos
m25487
Contributor

Updated the Console to R81.10 (81.10.9600.404) same error message appears.
I will set up a fresh win 10 and install the console. I will report.

0 Kudos
m25487
Contributor

2 different Win 10 installations with the same problem.
Is there a possibility that the VPN Configuration Utility destroys the signature when creating the MSI file? According to the SK article, should the utility also work for Endpoint Security Client?

0 Kudos
PhoneBoy
Admin
Admin

Not as far as I know.
I recommend a TAC case.

0 Kudos
m25487
Contributor

OK. i opened a TAC case.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

And what was the solution ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
m25487
Contributor

Case ist still pending by checkpoint. I'll report as soon as I have more information

m25487
Contributor

Reply from the TAC Support.

Customer: Hi there,
thanks for the enlightenment.
So that I understand correctly: Upgrading the client via the SmartEndpoint Console is only possible if the MSI file is downloaded directly from the Checkpoint server.
As I understand it correctly, the trac.defaults file is automatically overwritten when the client is upgraded. This is works as designed and cannot be prevented.

TAC Support: This is correct.

Regarding this statement: "As soon as the MSI file is changed/created, the client must be upgraded via SCCM/GPO." ---> Technically yes, we can dispatch this file to hosts separately but for large businesses SCCM/GPO are probably the most convenient and recommended.

As soon as the MSI file is changed/created, the client must be upgraded via SCCM/GPO.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events