Azure site Recovery replication for Windows 2008 R2 server fails with: “Installation of mobility agent has failed as SHA-2 code signing is not supported on the current Microsoft Windows Server 2008 R2 Standard OS version”

As much as Windows Server 2008 R2 has come to end of support, I still periodically come across them when working with clients and one of the common scenarios I’ve had to deal with is attempting to replicate them from an on-premise network to Microsoft Azure with Azure Site Recovery. Below is an issue that I’ve seen quite a few times so I’d like to write this quick blog post to describe the problem and the steps to remediate.

Problem

You’re trying to replicate an on-premise Windows 2008 R2 server that has Service Pack 1 installed to Azure with Azure Site Recovery:

46

However, the installation of the mobility service fails:

45

The specific Error Details for the server are as follow:

—————————————————————————————————————————-

Error Details

Installing Mobility Service and preparing target

·

· Error ID

78007

· Error Message

The requested operation did not complete.

· Provider error

Provider error code: 95560 Provider error message: Installation of mobility agent has failed as SHA-2 code signing is not supported on the current Microsoft Windows Server 2008 R2 Standard OS version. Provider error possible causes: For successful installation, mobility service requires SHA-2 support as SHA-1 is deprecated from September 2019. Provider error recommended action: Update your Microsoft Windows Server 2008 R2 Standard operating system with the following KB articles and then retry the operation. Servicing stack update (SSU) https://support.microsoft.com/en-us/help/4490628 SHA-2 update https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update Learn more (https://aka.ms/asr-os-support)

· Possible causes

Check the provider error for more details.

· Recommendation

Resolve the issue as recommended in the provider error details.

· Related links

o https://support.microsoft.com/en-us/help/4490628

o https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update

o https://aka.ms/asr-os-support

· First Seen At

7/22/2021, 9:28:00 PM

—————————————————————————————————————————-

44

The Error Details provides the suggestion to download and install KB4490628 but when you attempt to do so, the installation wizard indicates the update is already installed on the server:

https://support.microsoft.com/en-us/help/4490628

AMD64-all-windows6.1-kb4490628-x64_d3de52d6987f7c8bdc2c015dca69eac96047c76e.msu

43

Solution

I’ve come across the following 2 scenarios for this:

  1. The update KB4490628 indicated above has been installed
  2. The update KB4490628 indicated above has not been installed

Regardless of which of the above scenario applies to the problematic server, the first step is to download the following KB4474419 update and install it:

2019-09 Security Update for Windows Server 2008 R2 for x64-based Systems (KB4474419)

AMD64-all-windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu

42

41

Once the update has been installed and the server has been restarted, proceed to try installing the suggested KB. If it had already been installed then it will not continue but if it hasn’t, it will proceed, complete and not require a restart.

With the above completed, the Microsoft Azure Site Recovery Mobility Service/Master Target Server should now install successfully and the Enable replication job should complete successfully:

40

With the required updates installed, the deployment of the Mobility Service agent should succeed and the replication job should complete:

Hope this helps anyone who may be encountering this issue.