Re: [WiX-users] Certificate install to local machine failswith code 26352
Your CustomAction is not deferred and will fail if the installation is not
elevated. Have you tried running it deferred? Maybe that is the problem we're
having... the deferred CustomAction server isn't impersonating for us
appropriately.
-Original Message-
From: Chris Bardon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 25, 2008 04:38
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local machine failswith code
26352
Very strange-I thought that would fix the problem. I created a custom
action to install my certificate, and that was the only really major
change that I made. Here's the source for my CA:
UINT __stdcall InstallCertificate(MSIHANDLE hInstall)
{
//install a cert into the local machine store
LPWSTR certPath=new WCHAR[MAX_PATH];
DWORD dwSize=MAX_PATH;
UINT rc=MsiGetProperty(hInstall,TEXT("CERTPATH"), certPath,
&dwSize );
HCERTSTORE hCertStore;
//open the root CA store
hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL,
CERT_SYSTEM_STORE_LOCAL_MACHINE , L"Root");
DWORD dwCertSize=8192; //wix used a 64Mb buffer
BYTE* certBuffer=new BYTE[dwCertSize];
memset(certBuffer,0,dwCertSize);
FILE* f=_wfopen(certPath,TEXT("r"));
if(f==NULL)
return ERROR_PATH_NOT_FOUND;
CERT_BLOB blob = { 0 };
fread(certBuffer,sizeof(BYTE),dwCertSize,f);
blob.cbData = dwCertSize;
blob.pbData = certBuffer;
PCCERT_CONTEXT pNewContext = NULL;
DWORD dwEncodingType;
DWORD dwContentType;
DWORD dwFormatType;
CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &blob,
CERT_QUERY_CONTENT_FLAG_ALL, CERT_QUERY_FORMAT_FLAG_ALL, 0,
&dwEncodingType, &dwContentType, &dwFormatType, NULL,
NULL, (LPCVOID*)&pNewContext);
if(pNewContext)
{
//install the certificate
//strange-replace existing fails, but use existing
works. Replace does a delete though, so perhaps that's why?
if(!CertAddCertificateContextToStore(hCertStore,
pNewContext, CERT_STORE_ADD_USE_EXISTING, NULL))
//if(!CertAddCertificateContextToStore(hCertStore,
pNewContext, CERT_STORE_ADD_REPLACE_EXISTING, NULL))
{
DWORD dwErr=GetLastError();
return dwErr;
}
}
//close the store
CertCloseStore(hCertStore, 0);
delete certBuffer;
delete certPath;
return ERROR_SUCCESS;
}
And then I just run it in my installer like this:
CERTPATH AND NOT REMOVE
So far, everything seems to work, so all I really have to do is tighten
up a couple of things in the CA source. Any idea why my code works, but
the code in iisextension doesn't? If I change the line that installs
the cert to the one that's commented out, it gives me the same error as
the one I logged.
-Original Message-
From: Rob Mensching [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2008 2:29 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local machine failswith
code 26352
As noted in my bug comment, the other code is commented out. I changed
the only location that was actually being executed. Ultimately, I don't
think this change did anything.
-Original Message-
From: Chris Bardon [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2008 12:43
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local machine fails with
code 26352
I just checked the latest weekly, and it looks like the change only got
made in one place. It looks like I still get the same cert install
error-is there a reason that it didn't change in scacert.cpp?
-Original Message-
From: Rob Mensching [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 2:01 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install tolocal
machinefailswithcode 26352
Yes, but I didn't make the 4624 build. If you look in CVS then you'll
see the change.
-Original Message-
From: Chris Bardon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 10:51
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local
machinefailswithcode 26352
I checked out the latest weekly build, and it looks like the problem is
still there. The source for the build is also identical to what was
there before-Rob, did you change anything?
-Original Message-
From: Chris Bardon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 21, 2008 1:13 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install
Re: [WiX-users] Certificate install to local machine failswith code 26352
Very strange-I thought that would fix the problem. I created a custom
action to install my certificate, and that was the only really major
change that I made. Here's the source for my CA:
UINT __stdcall InstallCertificate(MSIHANDLE hInstall)
{
//install a cert into the local machine store
LPWSTR certPath=new WCHAR[MAX_PATH];
DWORD dwSize=MAX_PATH;
UINT rc=MsiGetProperty(hInstall,TEXT("CERTPATH"), certPath,
&dwSize );
HCERTSTORE hCertStore;
//open the root CA store
hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL,
CERT_SYSTEM_STORE_LOCAL_MACHINE , L"Root");
DWORD dwCertSize=8192; //wix used a 64Mb buffer
BYTE* certBuffer=new BYTE[dwCertSize];
memset(certBuffer,0,dwCertSize);
FILE* f=_wfopen(certPath,TEXT("r"));
if(f==NULL)
return ERROR_PATH_NOT_FOUND;
CERT_BLOB blob = { 0 };
fread(certBuffer,sizeof(BYTE),dwCertSize,f);
blob.cbData = dwCertSize;
blob.pbData = certBuffer;
PCCERT_CONTEXT pNewContext = NULL;
DWORD dwEncodingType;
DWORD dwContentType;
DWORD dwFormatType;
CryptQueryObject(CERT_QUERY_OBJECT_BLOB, &blob,
CERT_QUERY_CONTENT_FLAG_ALL, CERT_QUERY_FORMAT_FLAG_ALL, 0,
&dwEncodingType, &dwContentType, &dwFormatType, NULL,
NULL, (LPCVOID*)&pNewContext);
if(pNewContext)
{
//install the certificate
//strange-replace existing fails, but use existing
works. Replace does a delete though, so perhaps that's why?
if(!CertAddCertificateContextToStore(hCertStore,
pNewContext, CERT_STORE_ADD_USE_EXISTING, NULL))
//if(!CertAddCertificateContextToStore(hCertStore,
pNewContext, CERT_STORE_ADD_REPLACE_EXISTING, NULL))
{
DWORD dwErr=GetLastError();
return dwErr;
}
}
//close the store
CertCloseStore(hCertStore, 0);
delete certBuffer;
delete certPath;
return ERROR_SUCCESS;
}
And then I just run it in my installer like this:
CERTPATH AND NOT REMOVE
So far, everything seems to work, so all I really have to do is tighten
up a couple of things in the CA source. Any idea why my code works, but
the code in iisextension doesn't? If I change the line that installs
the cert to the one that's commented out, it gives me the same error as
the one I logged.
-Original Message-
From: Rob Mensching [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2008 2:29 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local machine failswith
code 26352
As noted in my bug comment, the other code is commented out. I changed
the only location that was actually being executed. Ultimately, I don't
think this change did anything.
-Original Message-
From: Chris Bardon [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2008 12:43
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local machine fails with
code 26352
I just checked the latest weekly, and it looks like the change only got
made in one place. It looks like I still get the same cert install
error-is there a reason that it didn't change in scacert.cpp?
-Original Message-
From: Rob Mensching [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 2:01 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install tolocal
machinefailswithcode 26352
Yes, but I didn't make the 4624 build. If you look in CVS then you'll
see the change.
-Original Message-
From: Chris Bardon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 10:51
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local
machinefailswithcode 26352
I checked out the latest weekly build, and it looks like the problem is
still there. The source for the build is also identical to what was
there before-Rob, did you change anything?
-Original Message-
From: Chris Bardon [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 21, 2008 1:13 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local
machinefailswithcode 26352
Thanks, I've opened a bug (number 2184946).
-Original Message-
From: Rob Mensching [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 21, 2008 12:24 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local machine
failswithcode 26352
Wow, nice analysis. Is there a bug open on this issue right now? If
not, can you open one and I'll try to get this change in Th
Re: [WiX-users] Certificate install to local machine failswith code 26352
That's the impression I get from the documentation as well. Looks like
I'll have to have a closer look at that method. I'll let you guys know
if I find anything-it seems to be a tricky bug to reproduce. Somehow
you have to get the same cert in the store twice.
-Original Message-
From: Rob Mensching [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 09, 2008 4:59 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local machine failswith
code 26352
This is the code that is failing:
if (!::CertAddCertificateContextToStore(hStore, pCertContext,
CERT_STORE_ADD_REPLACE_EXISTING, NULL))
{
MessageExitOnLastError(hr, msierrCERTFailedAdd, "Failed to add
certificate to the store.");
}
Seems like it *should* replace the certificate if possible.
-Original Message-
From: Chris Bardon [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 09, 2008 13:15
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local machine fails with
code 26352
I managed to get a log for the failure-here's the relevant section:
MSI (s) (E0:BC) [15:46:35:871]: Executing op:
ActionStart(Name=RollbackAddMachineCertificate,,)
Action 15:46:35: RollbackAddMachineCertificate.
MSI (s) (E0:BC) [15:46:35:874]: Executing op:
CustomActionSchedule(Action=RollbackAddMachineCertificate,ActionType=115
21,Source=BinaryData,Target=**,CustomActionData=**)
MSI (s) (E0:BC) [15:46:35:875]: Executing op:
ActionStart(Name=AddMachineCertificate,,)
Action 15:46:35: AddMachineCertificate.
MSI (s) (E0:BC) [15:46:35:876]: Executing op:
CustomActionSchedule(Action=AddMachineCertificate,ActionType=11265,Sourc
e=BinaryData,Target=**,CustomActionData=**)
MSI (s) (E0:F0) [15:46:35:887]: Invoking remote custom action. DLL:
C:\Windows\Installer\MSIC98F.tmp, Entrypoint: AddMachineCertificate
MSI (s) (E0:F0) [15:46:35:887]: Generating random cookie.
MSI (s) (E0:F0) [15:46:35:901]: Created Custom Action Server with PID
4628 (0x1214).
MSI (s) (E0:64) [15:46:36:554]: Running as a service.
MSI (s) (E0:64) [15:46:36:557]: Hello, I'm your 32bit Elevated custom
action server.
AddMachineCertificate: Adding certificate: CTTCA
AddMachineCertificate: Error 0x80070005: Failed to add certificate to
the store.
The installer has encountered an unexpected error installing this
package. This may indicate a problem with this package. The error code
is 26352. The arguments are: -2147024891, ,
MSI (s) (E0!38) [15:46:39:008]: Product: iceBAR -- The installer has
encountered an unexpected error installing this package. This may
indicate a problem with this package. The error code is 26352. The
arguments are: -2147024891, ,
AddMachineCertificate: Error 0x80070005: Failed to install certificate.
AddMachineCertificate: Error 0x80070005: Failed to install per-machine
certificate.
I checked the local machine store on the machine where the failure
happened, and the cert was already in the store twice (same serial
number). I'm not sure what happened to get it there multiple times, but
I can't have my installer failing like this if the cert is already
there.
Anyone have any ideas?
-Original Message-
From: Rob Mensching [mailto:[EMAIL PROTECTED]
Sent: Friday, September 26, 2008 12:36 PM
To: General discussion for Windows Installer XML toolset.
Subject: Re: [WiX-users] Certificate install to local machine fails with
code 26352
I doubt overwrite will help. Can you get a log file from a failure?
That will go a long way to diagnosing the problem.
-Original Message-
From: Chris Bardon [mailto:[EMAIL PROTECTED]
Sent: Friday, September 26, 2008 07:22
To: General discussion for Windows Installer XML toolset.
Subject: [WiX-users] Certificate install to local machine fails with
code 26352
I've had some users complain about a problem with an installer that
attempts to add a certificate to the trusted root cert store. I added a
component to my setup that looks like this:
CERTPATH
Most of the time, this works fine, and the root CA cert is put in the
local machine store (so the app can form TLS connections based on the
certs our CA issues). In some cases though, the installer will fail
with error 26352, and I've found that removing the certificate install
option lets the installer run successfully. In all the cases where this
happens, I've noticed that the local machine and current user stores
contain multiple certificates with the same name. I'm not sure how to
replicate this (since every time I try to add a certificate twice it
fails), but if nothing else, I'd like to be able to fail
non-catastrophically if the certificate install fails. Is there a way
to make the certificacte component non-vital, so that if it fails to
install to the store, the rest of the application can still be
installed?
I'm goin
