If applying Windows Updates is not an option (which is often the case in air-gapped industrial control system environments), PTC suggests a second path. The error message states: "If unable to apply Windows updates, contact support for instructions on installing root certificates".
If the error changes to "KEPServerEX is not trusted," it confirms the root certificate was not successfully added to the "Trusted Root Certification Authorities" store. www.ptc.com If you'd like to troubleshoot further, let me know: version of Windows are you using? Is the machine completely offline KEPServerEX version are you trying to install? If applying Windows Updates is not an option
: Industrial control rooms, SCADA networks, and manufacturing floors are frequently kept entirely offline for cybersecurity reasons. Because the host OS cannot reach the Windows Update servers, it fails to dynamically update its certificate revocation lists (CRLs) or missing root hints. Because the host OS cannot reach the Windows
The installer relies on specific public key infrastructure (PKI) certificates to verify its security signature before extracting files. Windows Server 2008 R2
Legacy platforms—such as Windows 7, Windows Server 2008 R2, or unpatched Windows 10/Server 2016 builds—lack the newer Certificate Authority (CA) public keys needed to validate recent Kepware builds. Solution 1: Run Windows Updates (Online Machines)
One user on the PTC Community discovered a crucial nuance about how the installer's check works. They found that while the installer could see a certificate that was pushed via , it could not use it. The solution was to manually re-install the same root CA into the "Registry" physical store for the "Trusted Root Certification Authorities." To do this:
Click and allow the system to download and install all critical security updates. Restart the machine and run the Kepware installer again.