This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Re: Problem with Installshield signing with Verisign?
Subscribe
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Jun 25, 2008
02:09 PM
Problem with Installshield signing with Verisign?
Here's my situation:
I have put together an installation project for a customer that requires device drivers and a service install on Windows XP and Windows Vista. All of my device drivers, binaries and the .msi are signed with a Verisign certificate.
In Windows XP, I am running into an odd situation...
I run the setup.exe on a totally clean Windows XP machine (nothing has ever been installed on it before, just the clean OS). I am running as an administrator on this PC.
1) With my ethernet connection disconnected, I set my IP to a valid static IP with a valid subnet mask but with a default gateway that is invalid along with a valid DNS server.
2) I restart the PC with the ethernet connection connected.
3) I install .NET framework 2.0 because it's required by my installation (via local .exe package)
4) I run my setup.exe
5) The install runs fine until I get an error message that says "Error 1920.Service [My Service Name] failed to start. Verify that you have sufficient privileges to start system services."
6) Retry doesn't work, and if you cancel I end up with a "Error: -1603 Fatal error during installation"
7) If I reinstall with a valid gateway, install is successful.
😎 If I reinstall without an Ethernet connection, the install is successful.
9) Once the install is installed once successfully, uninstall/reinstall under any condition will be successful.
This problem only occurs on a totally clean machine under these conditions.
One additional interesting point is that when running a packet sniffer while the setup.exe runs shows something from Verisign trying to access the outside...
I know this is a long and convoluted problem, but can anyone help me?
I have put together an installation project for a customer that requires device drivers and a service install on Windows XP and Windows Vista. All of my device drivers, binaries and the .msi are signed with a Verisign certificate.
In Windows XP, I am running into an odd situation...
I run the setup.exe on a totally clean Windows XP machine (nothing has ever been installed on it before, just the clean OS). I am running as an administrator on this PC.
1) With my ethernet connection disconnected, I set my IP to a valid static IP with a valid subnet mask but with a default gateway that is invalid along with a valid DNS server.
2) I restart the PC with the ethernet connection connected.
3) I install .NET framework 2.0 because it's required by my installation (via local .exe package)
4) I run my setup.exe
5) The install runs fine until I get an error message that says "Error 1920.Service [My Service Name] failed to start. Verify that you have sufficient privileges to start system services."
6) Retry doesn't work, and if you cancel I end up with a "Error: -1603 Fatal error during installation"
7) If I reinstall with a valid gateway, install is successful.
😎 If I reinstall without an Ethernet connection, the install is successful.
9) Once the install is installed once successfully, uninstall/reinstall under any condition will be successful.
This problem only occurs on a totally clean machine under these conditions.
One additional interesting point is that when running a packet sniffer while the setup.exe runs shows something from Verisign trying to access the outside...
I know this is a long and convoluted problem, but can anyone help me?
(4) Replies
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Jun 26, 2008
10:33 AM
I'm not certain if it's relevant to the issue, but the attempt to access the internet is quite possibly to check for a certificate revocation. If the DIFx support requires this check when there's an internet connection available, and perhaps caches known-checked certificates for some length of time, this might explain the behavior.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Jun 26, 2008
10:45 AM
I just made progress on this topic and found out if the service is unsigned, then everything works fine.
When the service is signed, it keeps trying to send SYN packets to crl.verisign.com.
Does anyone know of a way to fix this without having the service unsigned?
When the service is signed, it keeps trying to send SYN packets to crl.verisign.com.
Does anyone know of a way to fix this without having the service unsigned?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Jun 26, 2008
10:55 AM
The hostname crl.verisign.com's lends credence to the certificate revocation idea, as CRL stands for Certificate Revocation List. Beyond that we're out of my depth. Does checking the "Install unsigned driver files ..." option work around this if your driver is signed, or does it insist on verifying the signature if it's present?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
‎Jun 26, 2008
11:00 AM
Thanks for the replies.
All of my drivers have the "Install unsigned driver files ..." checked, but would it make sense if the drivers were signed that once my service is unsigned that everything works fine?
All of my drivers have the "Install unsigned driver files ..." checked, but would it make sense if the drivers were signed that once my service is unsigned that everything works fine?