SDCS:SA 6.0 or SCSP Client Edition 6.0 comes with a new feature that can verify digital signatures of executable files. During installation it validates Microsoft Windows Installer executables to make sure they are genuine files distributed by Microsoft. If they have valid signatures SDCS:SA 6.0 or SCSP Client Edition 6.0 installer would proceed with installation but if it cannot validate the digital signatures it will rollback installation with non-specific error message. This condition can be confirmed by reviewing of SDCS:SA 6.0 or SCSP Client Edition 6.0 installation log as well as by a utility from Microsoft / Sysinternal called sigcheck.exe. It is available for download from Microsoft download website.
Where msiexec.exe is a Microsoft Windows Installer file that SDCSS/SCSP 6.0 validates during installation.
There are 2 possible reasons digital signatures validation could fail:
1. Microsoft Windows Installer files are tampered with or corrupted as such digital signatures differ from what is stated in Microsoft digital certificates.
2. Microsoft digital certificates associated to Microsoft Windows Installer files are missing from the system. The digital certificates are commonly located in C:\Windows\system32\catroot and C:\Windows\system32\catroot2 folders. One scenarios known to Symantec is that some older Windows XP Embedded custom images may not contain these digital signatures and SDCSS/SCSP 6.0 would not install on such OS images. One possible solution to this problem is to install the same or new version of Microsoft Windows installer and it would correct such situation. SDCSS/SCSP 6.0 should install completely after Microsoft Windows Installer is reinstalled.
Note: Some executable files for example, driver files, contain digital signatures embedded within the driver files themselves. The other method is known as catalog signing and in such method digital signatures of files are provided in catalog files located in C:\Windows\system32\catroot and C:\Windows\system32\catroot2 folders.