SetupApi.dev.log error message on driver install, but driver runs fine anyway... why?
Hello,
I am trying to run down the cause of the following warning/error message I see in my SetupApi.Dev.log file after I install a commercially signed driver.
! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)
! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
I see this error against all the files in the driver package, but the driver operation has so far been just fine.
I have checked the certificate chain for the driver (there are 3 certificates in the chain: a root, an intermediate, and the code signing certificate I purchased, all from Verisign/Symantec), and compared the root and intermediate certificates against ones
that are already installed on the machine where I installed the driver.
Using the MMC, I can see:
- the root certificate is located at: Console Root->Certificates-Current User->Trusted Root Certification Authorities->Certificate
- the intermediate certificate is located at: Console Root->Certificates-Current User->Intermediate Certification Authorities->Certificate
- the code signing certificate is located at: Console Root->Certificates-Current User->Trusted Publishers->Certificates
This all seems to make sense to me for as much as I've been able to research from the MSDN, so would there be some reason why this message shows up, yet the driver seems to install and operate correctly anyway?
I am using VS 2012 Pro on top of Windows 7 (x64) Pro SP1 to perform the driver build and code signing.
Thanks much in advance for reading this, and for any insight/advice you might have about this.
Geoff
Hi Pavel, Jason, and Bryan,
I apologize for not getting back to this sooner, I got side tracked with a different task for a few days...
I really appreciate your looking at my problem.
I did some more digging and contacted VeriSign/Symantec for some assistance and learned
I had a few things set up improperly with respect to my code signing certificate.
VeriSign pointed me to a few links to straighten out my code signing certificate's chain of trust on
my code-signing machine, and then they also pointed me to a couple links similar to the one
Bryan provided here for the cross-signing certificate I needed.
The links are provided below for reference (in case somebody else can make some use of them too)
1. Disable root cert, so my certificate's signing chain of trust shows up:
https://knowledge.verisign.com/support/code-signing-support/index?page=content&id=SO16958&actp=search&viewlocale=en_US
2. Get the correct intermediate certs insalled:
https://knowledge.verisign.com/support/code-signing-support/index?page=content&id=AR1739&actp=search&viewlocale=en_US
3. Get the correct X-signing cert from MSFT (same dert as the one Bryan provided in his link):
https://knowledge.verisign.com/support/code-signing-support/index?page=content&id=SO16763&actp=search&viewlocale=en_US
https://knowledge.verisign.com/support/code-signing-support/index?page=content&id=SO5820&actp=search&viewlocale=en_US
I'm building/signing this for Release, on a Windows 7 x64 platform. I am doing this using the
Windows 8 WDK and VS 2012 Professional. It's a nice combination, as it automates the driver
signing process.
My driver is a package of files, and is signed with a CAT file.
I wanted to be sure the files were signed correctly, so I ran "signtool" over each file in the package
to verify the signing is correct. I've included the output from one of the files here. Save the filename,
the output is identical for each file in the package.
The signing certificate chain shown below matches my code-signing certificate chain when I examine it
using the MMC-certificate snap-in.
The cross certificate chain shown below is identical to the output from the VS 2012 IDE. Note the MFST X-signing
certificate is in this chain from step 3 above, it's the second one from the top in the chain.
============================================
output from signtool verification of package
============================================
C:\Users\Me\Desktop\Driver\Package>signtool verify /v /kp /c mydriver.cat fileA.bin
Verifying: fileA.bin
File is signed in catalog: mydriver.cat
Hash of file (sha1): nnnnnnnnnnnnnnnnnnnnnnnnnnnn
Signing Certificate Chain:
Issued to: Class 3 Public Primary Certification Authority
Issued by: Class 3 Public Primary Certification Authority
Expires: Wed Aug 02 17:59:59 2028
SHA1 hash: A1DB6393916F17E4185509400415C70240B0AE6B
Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
Issued by: Class 3 Public Primary Certification Authority
Expires: Sun Nov 07 17:59:59 2021
SHA1 hash: 32F30882622B87CF8856C63DB873DF0853B4DD27
Issued to: VeriSign Class 3 Code Signing 2010 CA
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Expires: Fri Feb 07 17:59:59 2020
SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F
Issued to: My Company
Issued by: VeriSign Class 3 Code Signing 2010 CA
Expires: Thu Jan 15 17:59:59 2015
SHA1 hash: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The signature is timestamped: Tue Mar 05 15:25:53 2013
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: Thu Dec 31 17:59:59 2020
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: Symantec Time Stamping Services CA - G2
Issued by: Thawte Timestamping CA
Expires: Wed Dec 30 17:59:59 2020
SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Issued to: Symantec Time Stamping Services Signer - G4
Issued by: Symantec Time Stamping Services CA - G2
Expires: Tue Dec 29 17:59:59 2020
SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4
Cross Certificate Chain:
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 07:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
Issued by: Microsoft Code Verification Root
Expires: Mon Feb 22 13:35:17 2021
SHA1 hash: 57534CCC33914C41F70E2CBB2103A1DB18817D8B
Issued to: VeriSign Class 3 Code Signing 2010 CA
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Expires: Fri Feb 07 17:59:59 2020
SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F
Issued to: MyCompany
Issued by: VeriSign Class 3 Code Signing 2010 CA
Expires: Thu Jan 15 17:59:59 2015
SHA1 hash: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Successfully verified: fileA.bin
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
=========================================
As best as I can tell, this follows the kernel mode signing walkthrough doc, and assuming
VS 2012 is doing the signing correctly, the driver package should have been signed correctly.
The problem is, I still see the same error on the target machine.
I've tried manually installing the code signing certificate in the target's Trusted Publisher Store,
prior to installing the driver, but this does not keep the error from showing up.
I honestly have no clue why. If the driver package files check out OK with the signtool on the signing
machine, I'm at a loss for why the error shows up on the machine where I'm installing the driver.
One other thing that is different is the code signing certificate's certification path When I insepct
it on the target machine. It appears to have a different Root and (only one) intermediate certificate.
The Verisign folks said this is "OK" because different machines have different certificates. I'm not
sure I'm buying this statement. Does it make sense to you guys?
The folks at VeriSign also told me I do not need ANY of the certificates used in signing the driver to
be installed on the target machine. Does this make sense to you guys? I'm a little skeptical about
that assumption too, but I haven't found any information on line to confirm or negate it.
I'm really no further along in determining why I'm getting this error on my target machines.
Does anything here look out of place to you?
I'm half tempted to manually sign the driver package to is there's something going on inside the VS 2012
IDE that could be causing this.
Again, thanks for taking your time to read this.
Geoff
Similar Messages
-
I have tried to upgrade Painter 11 on my iMac running OS x 10.5.8 but get the error message : The following install step failed : run pre install script for Corel Painter11_SP1. Contact the software manufacturer for assistance "
I have contacted Corel and after several emails and one telephone call, they tell me , they cannot help but they think the problem could be with the OS.
Does anyone have any suggestions, please ?Could be many things, we should start with this...
"Try Disk Utility
1. Insert the Mac OS X Install disc, then restart the computer while holding the C key.
2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu at top of the screen. (In Mac OS X 10.4 or later, you must select your language first.)
*Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
3. Click the First Aid tab.
4. Select your Mac OS X volume.
5. Click Repair Disk, (not Repair Permissions). Disk Utility checks and repairs the disk."
http://docs.info.apple.com/article.html?artnum=106214
Then try a Safe Boot, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it completes.
(Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive.)
If perchance you can't find your install Disc, at least try it from the Safe Boot part onward. -
Untrusted Connection error message on home computer, but can connect fine from work
I have been connecting to this site for a while without problems (an online gradebook for son's school), but yesterday when I tried to log in from home machine, I got the "This connection is Untrusted" error message. However, I was able to log in without a problem from work today, but having the same problem at home again. Is it an indication that my home connection is somehow compromised? How do I check? Other sites seem to working fine.
It is usually better to install missing certificates by visiting another website that sends them then by making an exception.<br />
You can check the certificate chain on the working computer by clicking the Site Identity Button (favicon) on the location bar > More Information > View Certificate > Details and export missing intermediate certificates and import them on the other computer.
You can remove exceptions on the Servers tab in the Certificate Manager.
*Tools > Options > Advanced : Encryption: Certificates - View Certificates -
Error Message when uploading report but report works fine
Hello ,
I am facing a strange issue here, when i try to upload a report in Crystalreports.com using ODC there is an eeror message shown - " The Open Data URI does not appear to be valid one or the server is down.Do you want to Continue?"
When I click 'ok' the report uploads and when its run it works perfectly fine , it shows the parameters to choose and pulls the
right data.
Has anyone faced this ? and any idea why that error message appears although every report uploaded works perfectly fine?
Thankyou
dpaHi dpa,
The crystalreports.com server does some validation of that url to make sure it can be reached and that it returns some info to ensure it is an odc deployment.
It sounds like there is something particular about your url or odc deployment that is causing this validation to fail unnecessarily.
Could you enter a support ticket and supply the url that you are using so that we can test it out to find out what exactly the problem is?
Thanks
Steve -
Receiving "Unable to connect" error message for every site, but IE8 works fines
HP Pavilion , AMD Athlon X2 Dual, Core processor 3800+. 2Ghz, 1MB Ram, Windows XP Media edition 2002, Service Pack 3. Firefox Version 3.6.8
When starting Firefox, it always says "Unable to Connect". IE8 works fine.This is normally caused by a firewall blocking Firefox, for more details see [[Firefox cannot load websites but other programs can]].
-
I try to boot the old T2150CDT - error message "sector not found reading drive C"
Hi,
I came by one of these and am trying to fire it up, but I keep getting the message, "sector not found reading drive C". I get this message right after the windows 98 logo appears.
Problem is that I'm limited in what I can do, because I have no floppy drive and dos doesn't recognize the CD Rom drive (drivers missing); although I can hear it during boot up.
So I took the HDD out and pasted the windows 98 installation files into it; then tried to reinstall, but I again get the "sector not found reading drive C" message. Is the drive too large, (It's about 2.1 gigs.)
Would installing the correct drivers for the CD Rom allow me to install from a CD?
this usually works
Thanks,
johnAs far as I know the error message; sector not found reading drive C" appears because of these three different reasons:
- physical HDD fault
- corrupted HDD file system
- bad RAM
In first case you should try to format the whole HDD and should try to install the new OS.
If it will not help, the chances are that the HDD malfunctions and must be replaced. -
Can anyone help? I have been trying to install the new version of Itunes for ages my new iphone wont activate on the old version!! Keep getting the same error message - Hkey_local_machine\software\microsoft\windows\currentversion\run - Verify that you have sufficient access to that key, or contact your support personnel.
Please Help!!!!!That particular key can sometimes be hit by malware, liam, so just to be on the safe side I think we should try a malware scan first.
Try downloading and installing the free version of Malwarebytes AntiMalware. Update your MBAM definitions and then run a full scan of the PC. (Takes about 2 hour on my Lenovo.)
http://www.malwarebytes.org/mbam.php
Does the scan find any infections? If so, please paste the contents of the log file for the scan in a reply here so we can have a look -
I must re-install HDD, but when tried to install application DVD with iPhoto,there was a error message, could not instal it again,
I have LION 10.7.3.
How can install application DVD again?
thanks
DimitarI've asked the hosts to move this post to Lion.
Here is a better place for you Lion posts.
https://discussions.apple.com/community/mac_os/mac_os_x_v10.7_lion?view=discussi ons
What is HDD?
How to install most applications from DVD.
Place dvd in dvd drive.
Double click on dvd image if a folder didn't appear.
Double click on application icon in drive folder.
follow instructions.
Robert -
CC error message - Can't install to root -wanting to place cc aps on internal SSD
CC error message - Can't install to root -wanting to place cc aps on internal SSD. (I know that LR5 has to go on the Mac OS disk...)
but what about the rest of the aps?Johnmhannam have you adjusted the installation location within the Creative Cloud Desktop application? You can find more details at Install and update apps - https://helpx.adobe.com/creative-cloud/help/install-apps.html.
-
Error message 16 after install
I have error message 16 after installing Photoshop CC and LR 5. I've tried uninstalling and re-installing. I have a MacPro running Mavericks. Any ideas?
well, it was worth a try...Any other suggestions? It still isn't working.
-
Date format in log/error messages
Hi there,
Is there a way to change the date format in log/error messages in ttmesg.log & tterror.log files ?
In my log files, only the hour is specified but I wish I could get the day each single line has been logged.
Thanks in advance.
PS : I'm running TimesTen release 7.0.3 on a RedHat ES release 4Yes, you just need to add the option -showdate into the ttendaemon.options file.
</p>
Please check out the section on Modifying informational messages in the Operations Guide.
</p>
Simon -
2 error messages - failed to install extention 2.1 and output module 2.1
I just tried to update my Encore CS4 from the Master Suite. I have two error messages " failed to install extention Mgr. CS4 2.1 and failed to install output module update 2.1
Encore will load a new project and save but I can't do anything else like add files before it crashes. Any help please. - ArtThis might not apply with En CS4, but there were some issues on install, and on updates in Photoshop. It seems that MS had a bum MSI (Installer) version, and it caused a lot of PS installs and updates to fail. Do not recall any specific error messages. The cure there was to download and install the revised MSI module from the MS site. I would imagine that any MSI module would be heavily Windows version-specific. Take that as a warning to check any very carefully, before downloading and installing. MS is pretty good at having a ReadMe with installation instructions for each such download. It almost always contains the exact versions of Windows, that the file is for. Please read any installation instructions carefully.
This might be worth a look. I do not have a link to the exact page, but a search of the MS site should yield something. I'd search for "MSI," to start.
I just do not recall any issues with En and either installation (on proper systems with updated OS's) or with any updates.
Good luck, and please report your success.
Hunt -
Logging Error Message in Console [Servlet Error]-[Cannot find FacesContex]
Hi,
I am using Web Application with JSF . but when i log in into the web appl everthing is fine but in back end i mean the console of RAD Tool having some logging Error message:
SRVE0026E: [Servlet Error]-[Cannot find FacesContext]: javax.servlet.jsp.JspException: Cannot find FacesContext
at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java(Compiled Code))
at com.sun.faces.taglib.jsf_core.ViewTag.doStartTag(ViewTag.java(Compiled Code))
at org.apache.jsp._index._jspService(_index.java:86)
at com.ibm.ws.webcontainer.jsp.runtime.HttpJspBase.service(HttpJspBase.java(Compiled Code))
at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))
at com.ibm.ws.webcontainer.jsp.servlet.JspServlet$JspServletWrapper.service(JspServlet.java(Compiled Code))
at com.ibm.ws.webcontainer.jsp.servlet.JspServlet.serviceJspFile(JspServlet.java(Compiled Code))
at com.ibm.ws.webcontainer.jsp.servlet.JspServlet.service(JspServlet.java(Compiled Code))
So could you please help me find out the solution for this :
While i am using the code in jsp page:
<%@taglib uri="http://java.sun.com/jsf/html" prefix="h"%>
<%@taglib uri="http://www.ibm.com/jsf/html_extended" prefix="hx"%>
<%@taglib uri="http://java.sun.com/jsf/core" prefix="f"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<META http-equiv="Content-Style-Type" content="text/css">
<TITLE>Web App
<f:view>
<h:outputText value="#{dataInfo.info}"/>
</f:view>
</TITLE>
Suggest me the solution:
Regards,
PrabhatThis usually means that you call the JSF page the wrong way. Try something like http://hostname:port/servletcontextroot/faces/page.jspx
--olaf -
HT4623 Getting the error message "Unable to Install Update" when trying to install IOS update
Getting the error message "Unable to Install Update" when trying to install IOS update
Restore teh device.
-
When trying to download iTunes, I get an error message saying "the instaler encountered errors before iTunes could be configured. Errors occured during installation." But it gives me no more information as to what I can do. Help please?
Also I now can`t access any of my itunes library and am concerned that if I remove it from my computer I will lose everything as I have no option of accessing and therefore backing anything up. Any ideas?
Maybe you are looking for
-
Hi, just a few weeks ago I watched on my new iMac 5k Retina a long-ago-downloaded movie (iTunes content, HD, Billy Joel. Live at Shea Stadium). I had no issues watching it on the new wonderful display just a few weeks ago! Today I wanted to resume th
-
How to send photos embedded in email? It worked well on version 7.
I was able to imbed photos in an email easily on version 7. Version 11 does not allow me to do that without cutting and pasting each individual photo individually, one after another. What am I doing wrong? Thanks, Tom
-
Connecting new USB3.0 ext. h.d. to an older iMac
My iMac is 3 years old. It has 4 USB 2.0 ports and a Firewire800 port. I want to buy a new external h.d. to store some old files on, but all of the ext.h.d. that I have found seem to be USB 3.0. Is there a connector that I can use to connect a new U
-
Use of US-prepaid card with german iTunes account
I'm from Germany and vacationing in the US right now and I'm thinking about buying a pre-paid card for the iTunes Music store. I like the US-store much better (much bigger selection)and I was not able to set up a us account without a us credit card.
-
when I try to open creative play center I get an error message on my computer screen error signature ctplay2 .exe and play center disappears .have tried re installing to no avail any help appreciated thanks .