Re: wsusscn2.cab signature verification failure
Posted: 14.11.2016, 18:48
Interesting comments in this and the other thread -- I'll have to pay more attention to the round-robin DNS answers and the IP of the remote load balancing server.
For what it's worth, I'm consistently getting two different responses that vary by the ETag response header. Given the load-balancing, the response bounces back and forth between one that seems good and one that seems bad.
Bad one, which I get most of the time:
ETag: W/"9e7be538b53ad21:0"
Good one:
ETag: W/"fb5afe38b53ad21:0"
Otherwise, the rest of the headers in the response are mostly static. When I get a bad file, the crypto error that is returned from the authenticode infrastructure is: CRYPT_E_BAD_MSG 0x8009200D / -2146885619.
Based on the comments here, I may try changing more parameters of the manual download process, including manual DNS queries.
For what it's worth, I'm consistently getting two different responses that vary by the ETag response header. Given the load-balancing, the response bounces back and forth between one that seems good and one that seems bad.
Bad one, which I get most of the time:
ETag: W/"9e7be538b53ad21:0"
Good one:
ETag: W/"fb5afe38b53ad21:0"
Otherwise, the rest of the headers in the response are mostly static. When I get a bad file, the crypto error that is returned from the authenticode infrastructure is: CRYPT_E_BAD_MSG 0x8009200D / -2146885619.
Based on the comments here, I may try changing more parameters of the manual download process, including manual DNS queries.