So, you’re moving a client from Deployment A to Deployment B.
The masthead.afxm from Deployment B needs to be copied to Server A’s wwwrootbes/Uploads folder.
On Deployment A you need to issue the action to the client to swap to the Deployment B masthead. This downloads masthead.afxm, which was obtained from Deployment B and copied to Deployment A’s wwwrootbes/Uploads folder.
One potential complication is if the client, or any of its parent relays, is configured to perform Direct Downloads. As the URL in the Task references http://localhost, if the client (or its parent relay) is configured for Direct Downloads it would be checking for a webserver running on port 52311 - which will not exist on the client, and on a Relay would not contain the masthead file. Ensure the client is not attempting Direct Downloads before running the masthead switch fixlet.
The error about an invalid signature is not on the Download, that’s on the signature of the Action itself. I’ve seen that occur when the client was trying to evaluate the action from one deployment, while its ActionSite.afxm referenced a different deployment - the action it downloads from the server cannot be authenticated against the certificate in the ActionSite.afxm. This could be possible if you have successfully replaced the ActionSite.afxm, but have not restarted the client; or if, through DNS aliases or HOSTS file manipulation, you have a client from one deployment trying to connect to a root server or relay on another deployment.
Note with the Masthead Switch action, you often will not get a result in the action status - because once the client switches to the new deployment, it can no longer report status to the old one. You have to check the new deployment to see whether the client has actually appeared there.