The Patch Assessment Scan fails on targets where latest digicert certificates are not installed.
The following entry in the WindowsDC log is found: Failed to initialize Patch Scanner Engine in the ‘C:\Program Files (x86)\Symantec\CCS\Reporting and Analytics\DPS\Control\Windows\PatchAssessment\WindowsPatchData.zip’
Failed during patch assessment. - Failed to initialize Patch Scanner Engine. Error: The operation identifier is not valid
Windows Patch Assessment is upgraded to support new version of Patch Scanner Engine. This updated engine utilizes the latest digicert certificates verify the integrity of the windowspatchdata.zip file. These certificates should be present on configured and up to date systems from Microsoft. Some systems deployed from old installation sources may not contain all required certificates.
This issue could also appear on systems:
Download the following Digicert certificates.
Agentless: For agentless data collection, you must install the digicert certificates on the computer where the Data Processing Service is running.
Agent-based: For agent-based data collection, you must install the digicert certificates on the computer where the Data Processing Service is running and all Agents.
You can use one of the following methods to resolve the issue.
Deploy the certificates using GPO (group policy).
For information on deploying digicert certificates using group policy, click the following link. https://technet.microsoft.com/en-us/library/cc770315
Install certificates manually using certificate manager.
If the certificates are not present, you must manually Install the certificates.