Veeam Agent for Microsoft Windows deployment fails with “Failed to call RPC function 'PckgCheckSignature'

Challenge

When a computer is being added to protection group, Veeam Agent for Microsoft Windows deployment starts and  fails with the following:
 

Info [UploadManager] Checking windows package 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' signature on host 'HOSTNAME'
Error Failed to call RPC function 'PckgCheckSignature': Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid..
Error Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid Error --tr:Failed to call DoRpc. CmdName: [PckgCheckSignature].

Cause

The certificate which is used to sign the Veeam Agent installation package is not installed in the Trusted Root Certification Authority store on the client computer.

Solution

For SHA256

1. Download DigiCert Assured ID Root CA here (right click on Download button - save as)
2. Double click the downloaded .srt file
3. Click Install Certificate
4. Choose Local Machine and click on Next
5. Place the certificate into Trusted Root Certification Authorities by clicking the Browse button.

For SHA1

1. Download R1 GlobalSign Root Certificate (Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C) from here
2. Double click the downloaded .srt file
3. Click Install Certificate
4. Choose Local Machine and click on Next
5. Place the certificate into Trusted Root Certification Authorities by clicking the Browse button.
6. Download Code Signing SHA-1 G3 Intermediate Certificate (Thumbprint F1E7B6C0C10DA9436ECC04FF5FC3B6916B46CF4C) from here
7. Double click the downloaded .srt file
8. Click Install Certificate
9. Choose Local Machine and click on Next
10. Place the certificate into Intermediate Certification Authorities by clicking the Browse button.