- Veeam Support Knowledge Base
- Veeam Agent for Microsoft Windows deployment fails with “Failed to call RPC function 'PckgCheckSignature'
Veeam Agent for Microsoft Windows deployment fails with “Failed to call RPC function 'PckgCheckSignature'
Get weekly article updates
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Oops! Something went wrong.
Please, try again later.
Challenge
When adding a computer to a protection group, the Veeam Agent for Microsoft Windows deployment begins and then fails with the following error:
Info [UploadManager] Checking windows package 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' signature on host 'HOSTNAME'
Error Failed to call RPC function 'PckgCheckSignature': Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid..
Error Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid Error --tr:Failed to call DoRpc. CmdName: [PckgCheckSignature].Cause
This error occurs because the certificates used to sign the Veeam Agent for Microsoft Windows installer package cannot be validated by the remote machine. This occurs when the Certification Authority (CA) certificate is not installed in the Trusted Root Certification Authority store on the machine where Veeam Agent for Microsoft Windows is being deployed. Such CA certificates are usually located in Trusted Root Certification Authorities of the default Microsoft Windows installation and are updated as a part of the Microsoft Windows update.
Solution
The certificates must be checked on the machine where Veeam Agent for Microsoft Windows is failing to deploy.
To resolve this issue, review the list of Trusted Certificates and install any missing trusted root or intermediate certificates in the certificate store of the target computer OS.
- Root certificates must be installed in the Trusted Root Certification Authorities.
- Intermediate certificates must be installed in the Intermediate Certification Authorities.
Note
Starting with Veeam Backup & Replication 12.3.2, a new certificate from Entrust is being used to sign the Veeam_B&R_Endpoint_x64.msi installer and other DLL files. This change in the certificate authority may cause some systems, which have not previously experienced this issue, to encounter certificate trust or installation errors.
More Information
To verify which CA certificate is needed to validate a signed MSI installer, use the SigCheck utility from SysInternals to retrieve information about the certificate chain the MSI was signed with.
For example, to view the certificate chain of the Veeam Agent for Microsoft Windows version installer, run the following command on the Veeam Backup & Replication server:
sigcheck64.exe -a -i -h "C:\ProgramData\Veeam\Agents\vaw\Veeam_B&R_Endpoint_x64.msi"Expand to view Example Output
Sigcheck v2.90 - File version and signature viewer Copyright (C) 2004-2022 Mark Russinovich Sysinternals - www.sysinternals.com c:\programdata\veeam\agents\vaw\Veeam_B&R_Endpoint_x64.msi: Verified: Signed File date: 9:15 PM 5/28/2025 Signing date: 5:12 PM 5/28/2025 Catalog: c:\programdata\veeam\agents\vaw\Veeam_B&R_Endpoint_x64.msi Signers: Veeam Software Group GmbH Cert Status: Valid Valid Usage: Code Signing Cert Issuer: Entrust Extended Validation Code Signing CA - EVCS2 Serial Number: 6D CA 74 1E C2 59 17 C3 4D AB CA 27 7C 79 65 2B Thumbprint: 343685B0154F71C9D843334AC44292AE49AB81DE Algorithm: sha256RSA Valid from: 12:05 PM 10/10/2024 Valid to: 12:05 PM 10/10/2027 Entrust Extended Validation Code Signing CA - EVCS2 Cert Status: Valid Valid Usage: Code Signing Cert Issuer: Entrust Code Signing Root Certification Authority - CSBR1 Serial Number: 35 AF B7 7B 9D 34 1F 6A FC 8F 84 46 AB 31 35 2B Thumbprint: B52063CECFFAFA24B57993B8EFE7FB1E4D6D56BC Algorithm: sha512RSA Valid from: 3:19 PM 5/7/2021 Valid to: 7:59 PM 12/29/2040 Entrust Code Signing Root Certification Authority - CSBR1 Cert Status: Valid Valid Usage: Code Signing, Timestamp Signing Cert Issuer: Entrust Root Certification Authority - G2 Serial Number: 4E 40 E4 37 54 ED E6 8C 00 00 00 00 51 D3 94 7F Thumbprint: B337B8FDB56ECB58BF5DBCF8C22C320107535A02 Algorithm: sha256RSA Valid from: 11:43 AM 5/7/2021 Valid to: 12:13 PM 11/7/2030 Entrust.net Cert Status: Valid Valid Usage: Client Auth, Code Signing, EFS, Email Protection, IPSEC Tunnel, IPSEC User, Server Auth, Timestamp Signing Cert Issuer: Entrust Root Certification Authority - G2 Serial Number: 4A 53 8C 28 Thumbprint: 8CF427FD790C3AD166068DE81E57EFBB932272D4 Algorithm: sha256RSA Valid from: 1:25 PM 7/7/2009 Valid to: 1:55 PM 12/7/2030 Counter Signers: Entrust Timestamp Authority - TSA2 Cert Status: Valid Valid Usage: Timestamp Signing Cert Issuer: Entrust Time Stamping CA - TS2 Serial Number: 00 C5 14 F6 C9 51 75 AE FE 76 01 DB B9 15 19 46 BA Thumbprint: FCEE38777E70BF6905C3D4E53885718C52D44D52 Algorithm: sha512RSA Valid from: 3:15 PM 1/22/2025 Valid to: 3:15 PM 1/18/2030 Entrust Time Stamping CA - TS2 Cert Status: Valid Valid Usage: Timestamp Signing Cert Issuer: Entrust Code Signing Root Certification Authority - CSBR1 Serial Number: 25 BC 2B F3 29 CA 10 7F 1E A9 BA 88 85 D4 9D 3B Thumbprint: 78491BAB39CF2D94D23D219C0D1EB279B16C61DB Algorithm: sha512RSA Valid from: 3:22 PM 5/7/2021 Valid to: 7:59 PM 12/29/2040 Entrust Code Signing Root Certification Authority - CSBR1 Cert Status: Valid Valid Usage: Code Signing, Timestamp Signing Cert Issuer: Entrust Root Certification Authority - G2 Serial Number: 4E 40 E4 37 54 ED E6 8C 00 00 00 00 51 D3 94 7F Thumbprint: B337B8FDB56ECB58BF5DBCF8C22C320107535A02 Algorithm: sha256RSA Valid from: 11:43 AM 5/7/2021 Valid to: 12:13 PM 11/7/2030 Entrust.net Cert Status: Valid Valid Usage: Client Auth, Code Signing, EFS, Email Protection, IPSEC Tunnel, IPSEC User, Server Auth, Timestamp Signing Cert Issuer: Entrust Root Certification Authority - G2 Serial Number: 4A 53 8C 28 Thumbprint: 8CF427FD790C3AD166068DE81E57EFBB932272D4 Algorithm: sha256RSA Valid from: 1:25 PM 7/7/2009 Valid to: 1:55 PM 12/7/2030 Company: n/a Description: n/a Product: n/a Prod version: n/a File version: n/a MachineType: n/a Binary Version: n/a Original Name: n/a Internal Name: n/a Copyright: n/a Comments: n/a Entropy: 7.461 MD5: 4842560C711F70BAE64372F1C63E0634 SHA1: F570AB258613EBB92529477219A6CE79019D5797 PESHA1: F570AB258613EBB92529477219A6CE79019D5797 PE256: 4AF103A6BF6150932890B70EF7FE101CCB8C3D61BA2661341B55F91F40B32237 SHA256: 4AF103A6BF6150932890B70EF7FE101CCB8C3D61BA2661341B55F91F40B32237 IMP: n/a
If this KB article did not resolve your issue or you need further assistance with Veeam software, please create a Veeam Support Case.
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please, try again later.
You have selected too large block!
Please try select less.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Verify your email to continue your product download
We've sent a verification code to:
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please, try again later.