This article applies as of PRTG 22
Solving an invalid signature of PRTG Server.exe
If you suddenly cannot start PRTG Server.exe anymore after a new installation of PRTG (for example, an update) because of an invalid signature, check the security settings in the environment in which you are running PRTG. The error message PRTG Webserver could not be started properly. Signature of C:\Program File(x86)\PRTG Network Monitor\64 bit\PRTG Server.exe is not valid. can hint at an issue with the certificate authority (CA) verification.
This CA issue can result in the following:
- PRTG services cannot start.
- The PRTG setup cannot be executed.
- Remote probes cannot update.
Note: The exact path in the error message depends on the directory and Windows version on the computer where you have installed PRTG. For a 32-bit Windows system, the error message would be Signature of C:\Program File(x86)\PRTG Network Monitor\32 bit\PRTG Server.exe is not valid.
Digital signatures and security requirements
In certain IT environments, security requirements do not allow you to download any updates from the internet. In this case, it might not be possible to verify the digital signature that is associated with the application PRTG Server.exe, for example. You have to manually apply updates to avoid this issue.
First, try to install the following root certificates from DigiCert. The first root certificate is sufficient in most cases, but in some cases you will also need the second one. Import these certificates into the Trusted Root Certificates of the PRTG core server system and also of remote probe systems:
- DigiCert Assured ID Root CA
Valid until: 10/Nov/2031
Serial #: 0C:E7:E0:E5:17:D8:46:FE:8F:E5:60:FC:1B:F0:30:39
Thumbprint: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
- DigiCert SHA2 Assured ID Code Signing CA
Valid until: 22/Oct/2028
Serial #: 04:09:18:1B:5F:D5:BB:66:75:53:43:B5:6F:95:50:08
Thumbprint: 92C1588E85AF2201CE7915E8538B492F605B80C6
Notes
- Import the certificates via Microsoft Management Console (MMC) into the certificate store of the local system. Otherwise, the certificates might be valid for the current user account only.
- Windows Server 2003 does not support SHA-2 certificates out of the box. For details, see Updating PRTG on Windows 2003 fails because of invalid certificate. What can I do?
- One of our customers who got the invalid signature message applied the latest Microsoft Root certificates to the system. This made the Trust CA able to verify the digital signature of the PRTG executable file, so PRTG was allowed to start again. If you have similar security settings in your data center, check the CA verification and try updating your root certificates.
Other reasons for an invalid PRTG signature
If pinpointing the invalid signature issue to your security requirements does not help you to start PRTG, roll back to the version of PRTG previous to the update and get PRTG up and running again as soon as possible.
If the previous version works properly, try to reproduce your issue with exactly the same security settings on a spare test system or virtual machine (for example, use the PRTG freeware edition for this test). This approach ensures that this is not a one-off incident on the current PRTG host.
If the same issue happens again on the test machine, right-click PRTG Server.exe in the 64-bit or 32- bit subfolder of the PRTG program directory, open Properties, and send us a screenshot of the Signature part. This way, we can check the signature for PRTG delivered by Paessler and suggest other solution steps that are specific to your situation.
More
Add comment