1-800-691-1991 | 9am - 8pm ET
EN

Veeam Agent for Microsoft Windows deployment fails with “Failed to call RPC function 'PckgCheckSignature'

KB ID: 2566
Product: Veeam Backup & Replication 11, Veeam Backup & Replication 10, Veeam Backup & Replication 9.5, Veeam Agent for Microsoft Windows 5.0, Veeam Agent for Microsoft Windows 4.0
Published: 2018-04-06
Last Modified: 2021-08-24

Challenge

When adding a computer to a protection group, the Veeam Agent for Microsoft Windows deployment begins and then fails with the following error:
 
Info [UploadManager] Checking windows package 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' signature on host 'HOSTNAME'
Error Failed to call RPC function 'PckgCheckSignature': Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid..
Error Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid Error --tr:Failed to call DoRpc. CmdName: [PckgCheckSignature].

Cause

This error occurs because the certificates used to sign the Veeam Agent for Microsoft Windows installer package cannot be validated by the remote machine. This occurs when the Certification Authority (CA) certificate is not installed in the Trusted Root Certification Authority store on the machine where Veeam Agent for Microsoft Windows is being deployed. Such CA certificates are usually located in Trusted Root Certification Authorities of the default Microsoft Windows installation and are updated as a part of the Microsoft Windows update.

Solution

To resolve this issue, you must install the trusted root or intermediate certificate in the certificate store of the target computer OS.

Note that the certificate name hints to where it must be stored:

  • Root certificates must be installed in Trusted Root Certification Authorities.
  • Intermediate certificates must be installed in Intermediate Certification Authorities.

Download and Install Missing Certificates

These steps must be performed on the machine where Veeam Agent for Microsoft Windows is failing to deploy.

  1. From the DigiCert certificate page, download the .crt file for the following Certificates:
  2. Double-click each of the downloaded .crt files.

  3. Click Install Certificate

  4. Select Local Machine and click Next

  5. Click Browse and place the certificates into the following stores:
    • 'DigiCert EV Code Signing CA (SHA2)' goes in [Intermediate Certification Authorities]
    • 'DigiCert High Assurance EV Root CA' goes in [Trusted Root Certification Authorities]
    • 'DigiCert Assured ID Root CA' goes in [Trusted Root Certification Authorities]

More Information

Note: Veeam Agent for Microsoft Windows version 3.0 and earlier were signed using root certificates from a different CA. Use the Sigcheck utility to determine which certificate is needed and install the correct root certificate.

To verify which CA certificate is needed to validate a signed msi installer, use the SigCheck utility from SysInternals to retrieve information about the certificate chain the msi was signed with.

For example, to view the certificate chain of the Veeam Agent for Microsoft Windows version 5.0 installer, run the following command on the Veeam Backup & Replication server:

sigcheck64.exe -a -i -h "C:\ProgramData\Veeam\Agents\vaw\Veeam_B&R_Endpoint_x64.msi"
Expand to view Example Output

Sigcheck v2.80 - File version and signature viewer Copyright (C) 2004-2020 Mark Russinovich

Sysinternals - www.sysinternals.com

c:\programdata\veeam\agents\vaw\Veeam_B&R_Endpoint_x64.msi:         Verified:       Signed         Signing date:   2:22 PM 2/3/2021         Signing date:   2:22 PM 2/3/2021         Catalog:        c:\programdata\veeam\agents\vaw\Veeam_B&R_Endpoint_x64.msi         Signers:            Veeam Software Group GmbH                 Cert Status:    Valid                 Valid Usage:    Code Signing                 Cert Issuer:    DigiCert EV Code Signing CA (SHA2)                 Serial Number:  0F 6F 90 B4 1A F2 33 C6 4E 0A F6 F8 B3 E5 6D 26                 Thumbprint:     43C940341257F3390612124531304E471905C80F                 Algorithm:      sha256RSA                 Valid from:     5:00 PM 2/27/2019                 Valid to:       5:00 AM 2/17/2022    DigiCert EV Code Signing CA (SHA2)                 Cert Status:    Valid                 Valid Usage:    Code Signing  Cert Issuer:    DigiCert High Assurance EV Root CA                 Serial Number:  03 F1 B4 E1 5F 3A 82 F1 14 96 78 B3 D7 D8 47 5C  Thumbprint:     60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3                 Algorithm:      sha256RSA                 Valid from:     5:00 AM 4/18/2012                 Valid to:       5:00 AM 4/18/2027  DigiCert                 Cert Status:    Valid                 Valid Usage:    Client Auth, Code Signing, Email Protection, Server Auth, Timestamp Signing  Cert Issuer:    DigiCert High Assurance EV Root CA                 Serial Number:  02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77  Thumbprint:     5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25                 Algorithm:      sha1RSA                 Valid from:     5:00 PM 11/9/2006                 Valid to:       5:00 PM 11/9/2031         Counter Signers:            DigiCert Timestamp 2021                 Cert Status:    Valid                 Valid Usage:    Timestamp Signing                 Cert Issuer:    DigiCert SHA2 Assured ID Timestamping CA                 Serial Number:  0D 42 4A E0 BE 3A 88 FF 60 40 21 CE 14 00 F0 DD                 Thumbprint:     E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3                 Algorithm:      sha256RSA                 Valid from:     5:00 PM 12/31/2020                 Valid to:       5:00 PM 1/5/2031            DigiCert SHA2 Assured ID Timestamping CA                 Cert Status:    Valid                 Valid Usage:    Timestamp Signing                 Cert Issuer:    DigiCert Assured ID Root CA                 Serial Number:  0A A1 25 D6 D6 32 1B 7E 41 E4 05 DA 36 97 C2 15                 Thumbprint:     3BA63A6E4841355772DEBEF9CDCF4D5AF353A297                 Algorithm:      sha256RSA                 Valid from:     5:00 AM 1/7/2016                 Valid to:       5:00 AM 1/7/2031            DigiCert                 Cert Status:    Valid                 Valid Usage:    Client Auth, Code Signing, Email Protection, Server Auth, Timestamp Signing                 Cert Issuer:    DigiCert Assured ID Root CA                 Serial Number:  0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39                 Thumbprint:     0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43                 Algorithm:      sha1RSA                 Valid from:     5:00 PM 11/9/2006                 Valid to:       5:00 PM 11/9/2031         Signing date:   2:22 PM 2/3/2021         Company:        n/a         Description:    n/a         Product:        n/a         Prod version:   n/a         File version:   n/a         MachineType:    n/a

KB ID: 2566
Product: Veeam Backup & Replication 11, Veeam Backup & Replication 10, Veeam Backup & Replication 9.5, Veeam Agent for Microsoft Windows 5.0, Veeam Agent for Microsoft Windows 4.0
Published: 2018-04-06
Last Modified: 2021-08-24

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you for your interest in Veeam products!
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.