Control Compliance Suite (CCS)
The ‘Automatic Update Install’ job fails for CCS version 12.6.x with an error message on CCS Console.
A new signing certificate will be used for all CCS files signed after March 2021. Any updates / QF released after this date will require an updated ‘Symantec.CSM.AssemblyVerifier.dll’. This file contains the updated CCS certificate information necessary to validate the certificate for newly released files.
Possible error messages:
Digital signature verification failed for Update on Application Server (host = Hostname)
Digital signature verification failed for Patch Assessment Content Update on Application Server (host = hostname)
CCS v12.6.x Application Server/Console
CCS v12.6.x Managers
UPDATED July 1, 2023 with the release of SCU 2023-1:
IMPORTANT NOTE: Starting in SCU 2023-1, the Assembly Verifier files will be included in the SCU release and are applied automatically when you apply SCU 2023-1 or newer SCU releases on the Application Server and remote managers.
UPDATED May 18th, 2023 for manual installation only
To resolve this issue, apply the following Hotfix 10109 before you install any CCS product or content update.
HF_10109_CCS_12.6.x_PU.zip
NOTE: For steps to apply this Hotfix, refer to the ReadMe_HF_10109_CCS_12.6.x.pdf document that is included in the HF_10109_CCS_12.6.x_PU.zip package in the Download Files section of this KB article.
NOTE: In the ReadMe_HF_10109_CCS_12.6.x.pdf document, it shows 1 assembly verifier going into the Application Server folder, 1 file into the Directory Support Service, and 1 file into the DPS folder.
Hotfix 10109 File Information:
HF_10109_CCS_12.6.x_PU.zip
File Name |
MD5 |
SHA2 |
Symantec.CSM.AssemblyVerifier.dll |
553b9cadb809044c8279dcaf30a4d2d9 |
1535ee07b7fd771a750e22cb0b4c37d37e38c7e2c48b0e74dab89615caa74825 |
symantec.csm.assemblyverifier.x64.dll |
3f55d25eea5ddbca8af13b4d61c05864 |
e43613afe2004339281d6b7310597b7823564c1340334e099b0786dd2f72503c |
symantec.csm.assemblyverifier.x86.dll |
2c1c2ad26dbe90ce71fab6d6d36d627b |
aaba701e0c8d5f49526413bef1ff574eb5b019a26acc7a01d8234c7aac6638a9 |
In Step 4 of the Readme, it shows as.
4. Back up the following files, and then replace them with the updated version of these files that are available in zip file:
File Name | Location |
Symantec.CSM.AssemblyVerifier.dll | <InstallDir>\Symantec\CCS\Reporting and Analytics\Application Server |
Symantec.CSM.AssemblyVerifier.x64.dll | <InstallDir>\Symantec\CCS\Reporting and Analytics\Directory Support Server |
Symantec.CSM.AssemblyVerifier.x86.dll | <InstallDir>\Symantec\CCS\Reporting and Analytics\ DPS |
This makes it look like only the one DLL should be updated in the 1 folder when all 3 files should be updated in each of those folders.
So change that step 4 to look like this.
4. Back up the following files, and then replace them with the updated version of these files that are available in zip file:
File Name | Location |
Symantec.CSM.AssemblyVerifier.dll | <InstallDir>\Symantec\CCS\Reporting and Analytics\Application Server |
Symantec.CSM.AssemblyVerifier.x64.dll | |
Symantec.CSM.AssemblyVerifier.x86.dll |
File Name | Location |
Symantec.CSM.AssemblyVerifier.dll | <InstallDir>\Symantec\CCS\Reporting and Analytics\Directory Support Server |
Symantec.CSM.AssemblyVerifier.x64.dll | |
Symantec.CSM.AssemblyVerifier.x86.dll |
File Name | Location |
Symantec.CSM.AssemblyVerifier.dll | <InstallDir>\Symantec\CCS\Reporting and Analytics\DPS |
Symantec.CSM.AssemblyVerifier.x64.dll | |
Symantec.CSM.AssemblyVerifier.x86.dll |