WinVerifyTrust Errors Within the Dell Data Security Console -Logs

Summary: The device may not properly register, when installing the Encryption Management Agent on a device.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Affected Products:

  • Dell Encryption Enterprise
  • Dell Encryption Personal
  • Dell Software-based Full Disk Encryption
  • Dell Self-Encrypting Drive Management
  • Dell BitLocker Manager
  • Dell Endpoint Security Suite Enterprise

Affected Operating Systems:

  • Windows

During device registration or activation, an error may be seen in the DellAgent.log files of:

exception validating trust for executing assembly - WinVerifyTrust returned 0x800b0109
Or
E Agent : exception validating trust for entry assembly - WinVerifyTrust returned 0x80096005 for signature index 1

These errors are stating that the signing certificate that is used for the Dell Encryption Management Agent is not able to be properly validated through either CRL or cross-signature checks.

Cause

Not Applicable

Resolution

Microsoft offers the ability to automatically update all trusted certificate authorities. This functionality has a group policy object that is tied to it that may be disabled in an environment.

This policy object can be found at:

  • Computer Configuration > Administrative Templates > System > Internet Communication Management and click Internet Communication Settings > Turn off Automatic Root Certificates Update

Setting this policy to Enabled prevents Windows Update from pulling Microsoft-validated root certificate authorities. Setting this policy to Disabled allows for Microsoft-validated root certificate authorities to automatically be updated through Windows Update.

This policy object within Group Policy is present by default in Windows 10 version 1511 (November 2015 update) or later. For Operating Systems before this release, a Windows Update is required for this process to function properly. These OS-specific updates can be found at Microsoft's KB article 2813430, here:

https://support.microsoft.com/en-us/help/2813430 This hyperlink is taking you to a website outside of Dell Technologies.

If disabling this policy is not possible within your environment, manually adding the following Certificates allow for the signature validation to pass. As of Dell Encryption 10.0 or Dell Endpoint Security Suite Enterprise 2.0, the current Root Certificates that are required are:

  • Verisign Root Authority
thumbprint: 3679ca35668772304d30a5fb873b0fa77bb70d54
  • DigiCert HA Root
Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

Dell Encryption, Dell Endpoint Security Suite Enterprise
Article Properties
Article Number: 000123249
Article Type: Solution
Last Modified: 20 May 2024
Version:  9
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.