[wix-users] Custom Action DLL digitally signed with SHA2 throws 1723 and 1157 error in Windows 7 and 8 environments

Phill Hogland phill.hogland at rimage.com
Mon Dec 5 07:15:45 PST 2016 

When I have seen this issue, generally on Windows 7 on an isolated network or not fully updated, we ask the user to a) apply the Microsoft updates related to adding SHA2 support to the OS, and b) update their root certificates.  This has been a messy situation in part due to different versions of the Microsoft updates which were released and yet which did not work.  So some users report that they are "up to date" yet their OS still does not support SHA2 and the errors are observed.  However we have found that even when applying the suggested Microsoft updates does not work, if they apply the latest .Net update (4.5.2 or 4.6.1) that seems to resolve the problem, and then they can use our SHA2 bundles/setup packages.


I do not have a dual signing certificate so I can't comment on that approach, except that the core problem, as I understand it, is that Win 7 did not originally support SHA2 and it needs to be updated to achieve that functional support.

________________________________
From: wix-users <wix-users-bounces at lists.wixtoolset.org> on behalf of darren.bennett at listech.com <darren.bennett at listech.com>
Sent: Saturday, December 3, 2016 5:46:41 PM
To: WiX Toolset Users Mailing List
Subject: Re: [wix-users] Custom Action DLL digitally signed with SHA2 throws 1723 and 1157 error in Windows 7 and 8 environments


I believe you may have to dual sign the dll to overcome this problem. Microsoft changed the some of the code signing requirements for particular OSs at the beginning of this year.

Regards, // Darren

-----"wix-users" <wix-users-bounces at lists.wixtoolset.org> wrote: -----
To: "wix-users at lists.wixtoolset.org" <wix-users at lists.wixtoolset.org>
From: Pradeep Kumar Raghavendran
Sent by: "wix-users"
Date: 03/12/2016 07:12PM
Subject: [wix-users] Custom Action DLL digitally signed with SHA2 throws 1723 and 1157 error in Windows 7 and 8 environments

Hello Experts,

My project uses Wix 7.x. We have a custom action DLL (written in C++) which is digitally certified with SHA2. This DLL was previously certified with SHA1.

There are no changes other than the digital certificate changes.

While installing we receive the below error messages.

CustomAction customaction_a returned actual error code 1157 (note this may not be 100% accurate if translation happened inside sandbox)

Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action customaction_a , entry: FirstCustomAction, library: C:\Windows\Installer\MSICD2E.tmp

What I have observed so far is:

When the DLL was certified with SHA1, it installs successfully without any errors in Windows 7, Windows 8 and Windows 8.1.
When the DLL is certified with SHA2, it gives the above error in Windows 7, Windows 8. But installs successfully in Windows 8.1 and Windows 10.

I have searched the internet and tried the options suggested and nothing helped.

Is this a known issue / bug? Any solution / workaround would be a great help.

Thanks,
Pradeep

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

More information about the wix-users mailing list