Microsoft specific Software Bulletins fail to download in the Patch Remediation Center (PRC) from the vendor site to the Symantec Management Platform (SMP) Server.
When checking following the URL in browser on SMP: https://download.microsoft.com the page displays: There is a problem with the website's security certificate:
Download failed for 'https://download.microsoft.com/download/6/7/8/678A5BB8-89DB-4129-9EA2-4595E90756A1/Windows8.1-KB3099406-x64.msu'
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
[System.Net.WebException @ Altiris.PatchManagementCore]
at Altiris.PatchManagementCore.Utilities.File.DownloadToStreamWithRetries(Uri uri, DownloadContext downloadContext)
at Altiris.PatchManagementCore.Utilities.File.Download(String fromUrl, String toDirectory, String toFileName, Boolean forceDownload, DownloadParameters miscDownloadParams)
The remote certificate is invalid according to the validation procedure.
[System.Security.Authentication.AuthenticationException @ System]
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
Exception logged from:
at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception, String footer)
at Altiris.NS.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
at Altiris.PatchManagementCore.Utilities.File.Download(String fromUrl, String toDirectory, String toFileName, Boolean forceDownload, DownloadParameters miscDownloadParams)
at Altiris.PatchManagementCore.Utilities.FileDownloader.Download()
at Altiris.PatchManagementCore.Utilities.FileDownloader.DoDownloadProcedure(Object data)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart(Object obj)
**CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=7.5.3153.0&language=en&module=N3FcVDJ0CeyLtrnoo0P7DtojtqbEnQqJLMgq1H1Y6Zw=&error=-626137224&build=**CEDUrlEnd**
-----------------------------------------------------------------------------------------------------
Date: 10/15/2015 9:07:06 PM, Tick Count: 669450662 (7.17:57:30.6620000), Host Name: SMPNAME, Size: 4.42 KB
Process: AtrsHost (10276), Thread ID: 20, Module: AtrsHost.exe
Priority: 1, Source: Altiris.PatchManagementCore.Utilities.File.Download
The Baltimore CyberTrust Root certificate required to hit the vendor's site may not be present on the NS or domain. Microsoft has changed from the GTE CyberTrust Global Root to the Baltimore CyberTrust Root for all public-facing HTTPs services.
Additionally, this may also be manually deleted or possibly removed by GPO or group policy targeting a specific Organizational Unit or Group.
Work through the following to resolve this issue: