Microsoft KB Archive/197713

= XCLN: ErrMsg: Authenticode Signature not Found with ODK =

Article ID: 197713

Article Last Modified on 8/15/2005

-

APPLIES TO


 * Microsoft Outlook 98 Deployment Kit
 * Microsoft Exchange Server 5.5 Standard Edition

-



This article was previously published under Q197713



SYMPTOMS
When you attempt to run Outlook 98 Setup from an Outlook Deployment Kit (ODK) package that has Authenticode 2.0 installed, you may receive the following error message:

Dialog Box Title: Security Warning

Do you want to install and run :

Outlook98\CD\En\Packages\Setup.exe

The publisher cannot be determined due to the problems below:

Authenticode Signature Not Found.

Yes No More Info....

Clicking Yes invokes another dialog box with the following error message:

Dialog Box Title: Security Warning

Do you want to install and run :

Outlook98\CD\En\Packages\outcif.cab

The publisher cannot be determined due to the problems below:

Authenticode Signature Not Found.

Yes No More Info....

As of Internet Explorer 4.01 Service Pack 2 and Internet Explorer 5, there are two more symptoms of unsigned CABs:  Silent installations unexpectedly stop without any error message or logged event (in the case of Windows NT). A regular installation yields the error message:

Setup could not verify the information needed for installation.

Please make sure your system clock reflects the current time, then run Setup again.



This problem is a result of an updated Wintrust.dll file. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

235668 XCLN: Error Deploying Outlook 98 Using the ODK on Systems with Internet Explorer 5 or 4.0 Service Pack 2



CAUSE
Active Setup uses Authenticode technology (digital signatures) to ensure that the contents of a component have not been altered. All files need to be digitally signed. This is clearly spelled out in the dialog box the ODK displays when it finishes building a custom package.

The following information is from the Microsoft Outlook Deployment Kit Stage 2: Specify Trusted Publishers:

You should digitally sign your customized package and any custom programs to ensure that users do not receive warnings during installation.

After you create your customized package, you must sign the following files:

Branding.cab

Chl .cab

Desktop.cab

Folder.cab

Outcif.cab

Setup.exe

NOTE: For Chl .cab, this only refers to files where x is a numeric value (for example, Chl99.cab).



WORKAROUND
When creating customized packages, you should sign the custom cabinet (.cab) files created by the wizard before you post them.

Signing the .cab files and custom programs requires the following two steps:


 * 1) Obtain a digital certificate.
 * 2) Sign the code.

NOTE: MakeCert, Cert2SPC, and Signcode are tools you can use to sign and test code. These tools are available in the \Program Files\ODK\Reskit\Addons\Tools folder. You can find additional resources in the Microsoft Internet Client SDK. Follow these steps to create a test certificate to sign files:

 Navigate to C:\Program Files\ODK\Reskit\Addons\Tools. At a command prompt, type the following command line exactly as it appears here, and then press Enter:

makecert -r -k:mykey.pvk -d:"My Test Certificate" mykey.cer

 At a command prompt, type the following command line exactly as it appears here, and then press Enter:

cert2spc mykey.cer mykey.spc

</li> At a command prompt, type the following command line exactly as it appears here, and then press Enter:

signcode -spc mykey.spc -v mykey.pvk

Where is the path and filename of the file that you want to sign.</li></ol>

To test the certificate of any file, at a command prompt, type the following:

chktrust

<div class="moreinformation_section">

MORE INFORMATION
Certificates may also be obtained from one of two sources: a certificate authority (CA), such as VeriSign or GTE, can provide certificates, or a privately controlled certificate server can issue certificates. You must accept the certificate on your computer. The wizard prompts you to select the publisher certificates you will use to sign the files in your package.

After obtaining a certificate, you will need to sign the code. Tools for signing code, such as the Code Signing wizard (Signcode.exe), are available in the \Program Files\ODK\Reskit\Addons\Tools folder.

For more information about signing code, see the Microsoft Security Advisor Web site at http://www.microsoft.com/security/.

Keywords: kbprb KB197713

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.