When you try to install a Microsoft System Center Data Protection Manager 2006 agent or a System Center Data Protection Manager 2007 agent on a computer, you experience the following symptoms:

• If you try to deploy the agent to a particular computer from Data Protection Manager 2006 or from Data Protection Manager 2007, the installation of the agent stops responding (hangs) when the installation is at 93 percent.
• If you try to manually install the agent on a particular computer, you receive a message that prompts you to confirm that you want to install an unsigned driver.
  
  Note To manually install the Data Protection Manager agent on a computer, run the MsdpmCloneAgent.msi program on that computer.
• If you try to use Microsoft Systems Management Server (SMS) or similar software to install the agent, the installation stops responding (hangs). Additionally, it is reported that the MSI service is still running and is waiting for the installation to be completed.

This problem occurs if root certificates that are contained in the Trusted Publishers container or in the Trusted Root Certification Authority container have expired or are not installed. In this scenario, the Data Protection Manager agent appears to be an unsigned driver. Therefore, the driver signing policy on the affected computer generates a warning message.

To resolve this issue, determine whether any certificates in the Trusted Publishers container or in the Trusted Root Certification Authority container have expired. To do this, follow these steps:

1. Click Start, click Run, type certmgr.msc, and then click OK.
2. Expand Trusted Root Certification Authorities, and then click Certificates.
3. Double-click a certificate, and then click the Certification Path tab. The following information will appear in the Certificate status box if the certificate has not expired:
   This certificate is OK.
4. Repeat step 3 for each certificate in this container.
5. Expand Trusted Publishers, and then click Certificates.
   
   Note The Trusted Publishers container may be empty. In this situation, skip steps 5 and 6.
6. Repeat step 3 for each certificate in this container.

Additionally, compare the certificates that are installed in these containers to those that are installed on a computer on which you can install the Data Protection Manager agent successfully. This may help you determine whether one or more certificates are missing from the affected computer.

If the missing or the expired certificate is from your organization, contact the administrator who manages the certification authority to renew or to install the appropriate root certificate.

If the missing or the expired certificate is a Windows root certificate, follow the steps in following Microsoft Knowledge Base article to resolve the issue:

To work around this issue, configure the driver signing policy to allow for the installation of unsigned drivers.

For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base: