unnic_arcanane
Level 4

FileCopy : Error 24581 was returned by WinVerifyTrust. ( Windows 2008 R2 Server)

Hi,

InstallShield 2019 R2:

I use SHA256 Certificate to code sign the Data1.cab file and Setup.exe. When the installer is running on Windows 2008 R2 Server WITHOUT Internet Connection, I am getting the following error (during FileCopy):

Error 1330. A file that is required cannot be installed because the cabinet file C:\Users\Administrator\Desktop\MEVO_43.0.2.23_X64\Data1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt. Error 24581 was returned by WinVerifyTrust.

But this issue is not seen on later version of Servers like Windows 2012, Windows 2016 and WIndows 2019 even there is NO Internet connection.

The same package built using InstallShield 2018 is working fine on Windows 2008 R2 Server without Internet connection.

Is this an issue with Installshield 2019 R2? Will this be resolved if I upgrade to R3?

(Attached the error message and Windows Event Log entry)

Thanks
Unni

Labels (1)
0 Kudos
3 Replies
banna_k
Flexera
Flexera

@unnic_arcanane :

Looks like this issue is not related to Installshield, the problem is with that target system. Certificates are not available in the trusted root. It need to be resolved at the system level.

More information on this can be found at the below Microsoft community and forum pages.

https://answers.microsoft.com/nl-nl/windows/forum/all/error-24581-was-returned-by-winverifytrust/077...

https://social.msdn.microsoft.com/Forums/security/en-US/17861daa-dfd6-4348-bfde-d506b0316af7/quotver...

0 Kudos

The same ISM file when used with InstallShield 2018 and the setup package created using InstallShield 2018 don't have this issue.

If the build is made using Installshield 2019 R2, Installer throws error during FileCopy.

So, there is a difference between the build created from Installshield 2018 and 2019 R2.

Thanks.
0 Kudos

Hi @unnic_arcanane ,

Only the difference will be time stamp server configuration, moved to digicert from symantec as symantec is server is going to decommission.

You can verify this on the Digital Signature tab in the File properties in windows, by right clicking the executable and clicking on the properties. 

As well you can cross check the setting.xml configuration for the timestamp server configuration.

Apart from that everything is same like previous version.

 

See, the below KB article to rectify the error from digicert

https://knowledge.digicert.com/solution/SO29288.html

 

 

 

0 Kudos