WinVerifyTrust Errors Within the Dell Data Security Console -Logs

Shrnutí: The device may not properly register, when installing the Encryption Management Agent on a device.

Tento článek se vztahuje na Tento článek se nevztahuje na Tento článek není vázán na žádný konkrétní produkt. V tomto článku nejsou uvedeny všechny verze produktu.
Podívejte se na další zdroje

Příznaky

Affected Products:

  • Dell Encryption Enterprise
  • Dell Encryption Personal
  • Dell Software-based Full Disk Encryption
  • Dell Self-Encrypting Drive Management
  • Dell BitLocker Manager
  • Dell Endpoint Security Suite Enterprise

Affected Operating Systems:

  • Windows

During device registration or activation, an error may be seen in the DellAgent.log files of:

exception validating trust for executing assembly - WinVerifyTrust returned 0x800b0109
Or
E Agent : exception validating trust for entry assembly - WinVerifyTrust returned 0x80096005 for signature index 1

These errors are stating that the signing certificate that is used for the Dell Encryption Management Agent is not able to be properly validated through either CRL or cross-signature checks.

Příčina

Not Applicable

Řešení

Microsoft offers the ability to automatically update all trusted certificate authorities. This functionality has a group policy object that is tied to it that may be disabled in an environment.

This policy object can be found at:

  • Computer Configuration > Administrative Templates > System > Internet Communication Management and click Internet Communication Settings > Turn off Automatic Root Certificates Update

Setting this policy to Enabled prevents Windows Update from pulling Microsoft-validated root certificate authorities. Setting this policy to Disabled allows for Microsoft-validated root certificate authorities to automatically be updated through Windows Update.

This policy object within Group Policy is present by default in Windows 10 version 1511 (November 2015 update) or later. For Operating Systems before this release, a Windows Update is required for this process to function properly. These OS-specific updates can be found at Microsoft's KB article 2813430, here:

https://support.microsoft.com/en-us/help/2813430 This hyperlink is taking you to a website outside of Dell Technologies.

If disabling this policy is not possible within your environment, manually adding the following Certificates allow for the signature validation to pass. As of Dell Encryption 10.0 or Dell Endpoint Security Suite Enterprise 2.0, the current Root Certificates that are required are:

  • Verisign Root Authority
thumbprint: 3679ca35668772304d30a5fb873b0fa77bb70d54
  • DigiCert HA Root
Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Dotčené produkty

Dell Encryption, Dell Endpoint Security Suite Enterprise
Vlastnosti článku
Číslo článku: 000123249
Typ článku: Solution
Poslední úprava: 20 kvě 2024
Verze:  9
Najděte odpovědi na své otázky od ostatních uživatelů společnosti Dell
Služby podpory
Zkontrolujte, zda se na vaše zařízení vztahují služby podpory.