/build/static/layout/Breadcrumb_cap_w.png

Problem deploying a signed driver - Prompts for administrative rights to install

I used Advanced Installer, DIFxApp, and Orca to create an MSI to install two drivers associated with USB devices onto Windows XP machines. My intent is to allow a standard user (non-admin) to insert a USB wireless NIC and have it install (to be used with a virtual machine) without requiring an administrative password.

After copying the MSI to the target computer manually, I ran the MSI package, logged in with a non-admin account, and inserted the USB NIC. The NIC drivers installed automatically with no prompt (yay), but the second driver, which is installed by VirtualBox on the host when inserting a USB device, immediately prompts for administrative access to install it.

The NIC driver is WHQL certified. The other driver, VirtualBox USB, is signed (.cat file is included in the msi package), but is not WHQL certified. I have added the signed certificate to trusted publishers on the target machine. Any ideas why one driver is working right and the other isn't?

A snippet of the verbose output of setupapi.log file is below:

[2011/04/12 19:44:57 1512.6 Driver Install]
#-019 Searching for hardware ID(s): usb\vid_80ee&pid_cafe&rev_0100,usb\vid_80ee&pid_cafe
#-018 Searching for compatible ID(s): usb\class_ff&subclass_00&prot_00,usb\class_ff&subclass_00,usb\class_ff
#-198 Command line processed: C:\WINDOWS\system32\services.exe
#I022 Found "USB\VID_80EE&PID_CAFE" in C:\WINDOWS\inf\oem16.inf; Device: "VirtualBox USB"; Driver: "VirtualBox USB"; Provider: "Sun Microsystems, Inc."; Mfg: "Sun Microsystems, Inc."; Section name: "VBoxUSB.Dev".
#I087 Driver node not trusted, rank changed from 0x00000001 to 0x00008001.
#I023 Actual install section: [VBoxUSB.Dev.NT]. Rank: 0x00008001. Effective driver date: 06/25/2010.
#-166 Device install function: DIF_SELECTBESTCOMPATDRV.
#I063 Selected driver installs from section [VBoxUSB.Dev] in "c:\windows\inf\oem16.inf".
#I320 Class GUID of device remains: {36FC9E60-C465-11CF-8056-444553540000}.
#I060 Set selected driver.
#I058 Selected best compatible driver.
#-166 Device install function: DIF_INSTALLDEVICEFILES.
#I124 Doing copy-only install of "USB\VID_80EE&PID_CAFE\12345".
#-011 Installing section [VBoxUSB.Dev.NT] from "c:\windows\inf\oem16.inf".
#V132 File "C:\WINDOWS\INF\certclas.inf" (key "certclas.inf") is signed in catalog "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT".
#I180 Verifying file "c:\windows\inf\oem16.inf" (key "vboxusb.inf") against catalog "oem16.CAT" failed. Error 1168: Element not found.
#I180 Verifying file "c:\windows\inf\oem16.inf" (key "vboxusb.inf") against catalog "oem16.CAT" failed. Error 1168: Element not found.
#E358 An unsigned or incorrectly signed file "c:\windows\inf\oem16.inf" for driver "VirtualBox USB" blocked (server install). Error 1168: Element not found.
#E122 Device install failed. Error 1168: Element not found.
#E157 Default installer failed. Error 1168: Element not found.

Thanks for any help in advance.
Asked 13 years ago 6868 views
0 Comments   [ + ] Show comments

Answers (8)

Posted by: AngelD 13 years ago
Red Belt
0
Well, the cat may be signed but looking through the log your INF-file isn't refering to the catalog file.

#I180 Verifying file "c:\windows\inf\oem16.inf" (key "vboxusb.inf") against catalog "oem16.CAT" failed. Error 1168: Element not found.
#E358 An unsigned or incorrectly signed file "c:\windows\inf\oem16.inf" for driver "VirtualBox USB" blocked (server install). Error 1168: Element not found.
Posted by: jdkim99 13 years ago
Yellow Belt
0
I have looked through the original VBoxUSB.inf file and did find a reference to a .cat file:

[Version]
Signature="$Windows NT$"
Class=USB
ClassGUID={36FC9E60-C465-11CF-8056-444553540000}
provider=%sun%
DriverVer = 06/25/2010,3.2.6
CatalogFile=VBoxUSB.cat
[SourceDisksNames]
1=%Disk_Description%,,,
[SourceDisksFiles]
VBoxUSB.sys = 1
[Manufacturer]
%MfgName%=sun

Is this the reference in the inf that you are alluding to? I ran the VBoxUSB.inf file through chkinf and it did not find any errors with it.

I'm assuming based on what I've read and observed, the oem16.inf and oem16.cat files (presumably) are copies of the VBoxUSB.sys and VBoxUSB.cat that Windows generates during a driver install and copies to specific locations (%systemroot%\inf and %systemroot%\system32\catroot\{}, respectively). I say presumably because I don't have an oem16.cat anywhere on the computer to verify that it is a duplicate of VBoxUSB.cat or where it is supposed to be copied.

Just to see if there is path problem with the .cat file, I have tried renaming the VboxUSB.cat file to oem16.cat and copying it to the default INF folder (oem16.inf is already present) and to the catroot folders on a different machine, but I still receive errors in the setupapi.log file:

#I180 Verifying file "c:\windows\inf\oem16.inf" (key "vboxusb.inf") against catalog "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem16.cat" failed. Error 0x800b0110: The certificate is not valid for the requested usage.
#E358 An unsigned or incorrectly signed file "c:\windows\inf\oem16.inf" for driver "VirtualBox USB" blocked (server install). Error 0x800b0110: The certificate is not valid for the requested usage.
#E122 Device install failed. Error 0x800b0110: The certificate is not valid for the requested usage.
#E157 Default installer failed. Error 0x800b0110: The certificate is not valid for the requested usage

Not sure what else to investigate at this point. I am pretty new to this so please forgive the confusion on my part.
Posted by: AngelD 13 years ago
Red Belt
0
Could be that an older driver is already installed; hence oem16.inf, is the DriverVer entry the same as the vboxusb.inf?
Did you use the merge module or dpinst.exe? For MSM; can you provide the MsiDriverPackages table entry OR for dpinst...which arguments did you use?
Posted by: jdkim99 13 years ago
Yellow Belt
0
I've checked the DriverVer entry on the VBoxUSB.inf and oem16.inf files and confirmed that the version number and the date are the same. I used the merge module to modify MsiDriverPackages table entries.

The relevant File table entry is:

File: VBoxUSB.inf
Component_: VBoxUSB.cat
Filename: VBoxUSB.inf
FileSize: 1471

The relevant MsiDriverPackages table entry:

Component: VBoxUSB.cat
Flags: 0
Sequence: <blank>

Thanks for your help so far!
Posted by: AngelD 13 years ago
Red Belt
0
I don't think it should matter but I always set the Flags column field to 7, try and see.
For more info refer to MsiDriverPackages Custom Table Schema
Posted by: AngelD 13 years ago
Red Belt
0
On another thought: you should just try to re-sign the driver (VirtualBox USB) as it seems it got installed (oem16) successfully but the signing somehow prevents the standard user from installing "it" from the store.
Posted by: jdkim99 13 years ago
Yellow Belt
0
I took your suggestion and re-signed the driver with a self-signed certificate and it works once I add the certificate to Trusted Publishers and Trusted Root Certification Authorities.

For some reason, the original certificate (issued to Sun by Verisign) won't work when I add it to the same certificate stores. I'm a little puzzled by it, but not overly concerned since self-signing the driver works.

Just wanted to let you know and to thank you for your help.
Posted by: AngelD 13 years ago
Red Belt
0
Good to hear that you solved it, maybe the certificate was one of them that Verisign "took back" :)
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ