I have put together an installation project for a customer that requires device drivers and a service install on Windows XP and Windows Vista. All of my device drivers, binaries and the .msi are signed with a Verisign certificate.
In Windows XP, I am running into an odd situation...
I run the setup.exe on a totally clean Windows XP machine (nothing has ever been installed on it before, just the clean OS). I am running as an administrator on this PC.
1) With my ethernet connection disconnected, I set my IP to a valid static IP with a valid subnet mask but with a default gateway that is invalid along with a valid DNS server. 2) I restart the PC with the ethernet connection connected. 3) I install .NET framework 2.0 because it's required by my installation (via local .exe package) 4) I run my setup.exe 5) The install runs fine until I get an error message that says "Error 1920.Service [My Service Name] failed to start. Verify that you have sufficient privileges to start system services." 6) Retry doesn't work, and if you cancel I end up with a "Error: -1603 Fatal error during installation" 7) If I reinstall with a valid gateway, install is successful. 😎 If I reinstall without an Ethernet connection, the install is successful. 9) Once the install is installed once successfully, uninstall/reinstall under any condition will be successful.
This problem only occurs on a totally clean machine under these conditions.
One additional interesting point is that when running a packet sniffer while the setup.exe runs shows something from Verisign trying to access the outside...
I know this is a long and convoluted problem, but can anyone help me?
I'm not certain if it's relevant to the issue, but the attempt to access the internet is quite possibly to check for a certificate revocation. If the DIFx support requires this check when there's an internet connection available, and perhaps caches known-checked certificates for some length of time, this might explain the behavior.
The hostname crl.verisign.com's lends credence to the certificate revocation idea, as CRL stands for Certificate Revocation List. Beyond that we're out of my depth. Does checking the "Install unsigned driver files ..." option work around this if your driver is signed, or does it insist on verifying the signature if it's present?
All of my drivers have the "Install unsigned driver files ..." checked, but would it make sense if the drivers were signed that once my service is unsigned that everything works fine?
