All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
Problems using signcode and user profiles.
|
Logged in as: Guest |
Users viewing this topic: none |
|
Login  |
|
|
Problems using signcode and user profiles. - Jun. 14, '06, 12:52:04 AM
|
|
|
bdavison
Posts: 15
Joined: May 18, '06,
Status: offline
|
Hi,
I have a problem using signcode.exe and signtool.exe from an RSH connection.
I can run the following command from the console fine.
signcode.exe -spc C:\Data\mycredentials.spc -v C:\Data\myprivatekey.pvk C:\Data\CEAWord.dll -tw 10 -tr 2 -t http://timestamp.verisign.com/scripts/timstamp.dll
When I try and run it from and RSH connection however I get the following error.
Error: Unable to open a CSP provider with the correct private key
Error: Signing Failed. Result = 80092006, (-2146885626)
If I just run
signcode.exe /? it runs fine. which indicates to me that the problem is not related to file handle problems as I have earlier thought.
If I try to run
signcode.exe C:\Data\CEAWord.dll
I get the following error.
Error: There is no valid certificate in the my cert store
Error: Signing Failed. Result = 8009200c, (-2146885620)
This should work because I've imported the certificates into the "My Certs" store.
The same sorts of errors come up with signtool.
Google fined heaps of related problems but only one is the same but there is no solution posted.
So it seems to me that the program is failing becaue the RSH connection is not "really" running as the user as it doesn't have the users profile???
Is there any way to run an RSH command in a users profile?
Is there another solution to this problem?
Thanks,
Bernie.
|
|
|
RE: Problems using signcode and user profiles. - Jun. 19, '06, 3:24:26 AM
|
|
|
bdavison
Posts: 15
Joined: May 18, '06,
Status: offline
|
Does anyone have any ideas of how to fix this problem?
It's a critical issue for me.
Thanks,
Bernie.
|
|
|
RE: Problems using signcode and user profiles. - Jun. 19, '06, 1:40:13 PM
|
|
|
Rodney
Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
You can switch the Interix rsh daemon off (in /etc/inetd.conf) and
then activate the Win32 RshSvc instead. The RshSvc is part of SFU 3.5.
The general rule is if you are going to do primarily Win32 things then
use the Win32 RshSvc (daemon); if you are primarily doing Unix things
then use rshd (via inetd).
|
|
|
RE: Problems using signcode and user profiles. - Jun. 19, '06, 8:04:39 PM
|
|
|
bdavison
Posts: 15
Joined: May 18, '06,
Status: offline
|
Okay, sounds like a plan but RshSvc is not provided with R2 or SUA?
Should I just install 3.5 over top of SUA to get the required service?
Thanks,
Bernie.
|
|
|
RE: Problems using signcode and user profiles. - Jun. 19, '06, 11:04:04 PM
|
|
|
Rodney
Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Right, RshSvc isn't with R2 (or thereafter). I didn't know it is R2 you are on.
I know that the Interix with 3.5 won't run on R2 (due to kernel changes).
I don't know about RshSvc though installing on R2. I've not looked at trying
to see if it can be installed alone fromn the SFU CD.
|
|
|
RE: Problems using signcode and user profiles. - Jun. 19, '06, 11:14:11 PM
|
|
|
bdavison
Posts: 15
Joined: May 18, '06,
Status: offline
|
Sorry about not specifying which version I was using. I just figured that since this was posted in the "Windows Server 2003 R2 SUA" forum that would be obvious.
In the install of SFU 3.5 you can select the Remote Connection only but I'm not sure how much this installs.
Further assistance would be greatly appreciated.
I've used the other service with an Windows 2003 SP1 server with just SFU 3.5 installed and it worked fine.
Since it wasn't provided in R2 I used the service that was provided.
Problem is that it doesn't work properly.
As can be seen from this issue.
Thanks,
Bernie.
|
|
|
RE: Problems using signcode and user profiles. - Jun. 20, '06, 12:51:07 AM
|
|
|
Rodney
Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
> Sorry about not specifying which version I was using. I just figured that since this was posted in the "Windows Server 2003 R2 SUA" forum that would be obvious.
ah, right.
> Since it wasn't provided in R2 I used the service that was provided.
That's fine.
> Problem is that it doesn't work properly.
Actually that isn't correct. Rshd is provided for it's Unix-ness first and foremost.
From that point on any Win32 program is being started from a Unix environment, not a Win32
environment. There are shared points of information (such as PATH). But not all information.
It's very likely that you can get the Win32 program to happen, but your going to have to delve
into the Win32 environment and pick out what's needed and apply it yourself.
Start by looking at the environment variables. This usually covers most cases. Particularly
if you remember that Win32 programs will want Win32 path syntax. Only PATH gets automatically
converted for the transition from the Unix environment to the Win32 environment.
|
|
|
RE: Problems using signcode and user profiles. - Jun. 20, '06, 2:05:29 AM
|
|
|
bdavison
Posts: 15
Joined: May 18, '06,
Status: offline
|
Hi Rodney,
Your explanation seems a reasonable synopsis however it neglects that the issue is to do with authentication of processes using the Interix RSHD.
If the other service is no longer provided one can only assume that the provided service that is provided now meets any deficiencies that the earlier version had.
It would appear that this is not the case from the issue experienced.
Do you know of any work-around?
The environment seems a reasonable place to look and will investigate that but if the cause truly is authentication I'd think that having authentication information in environment variables would be a major security flaw in Windows. Surely this isn't the case?
Thanks,
Bernie.
|
|
|
RE: Problems using signcode and user profiles. - Jun. 20, '06, 5:04:42 AM
|
|
|
Rodney
Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Try running "regpwd" for the target user.
This will register the user's password which will construct a different security token.
Then try it.
I hadn't been looking at it as an authentication issue. I'd been looking at it as a
"the program isn't running right" issue (which is the problem 99% of the time).
|
|
|
RE: Problems using signcode and user profiles. - Jun. 20, '06, 9:32:33 PM
|
|
|
bdavison
Posts: 15
Joined: May 18, '06,
Status: offline
|
Thanks for that Rodney,
Have tried that with no success unfortunately.
Any other ideas?
|
|
|
RE: Problems using signcode and user profiles. - Jun. 21, '06, 2:35:00 PM
|
|
|
Rodney
Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Well, it's not an authentication issue as viewed by the security system then.
That information is identical on a per process basis. The rights and privileges
for each process for a particular user is the same. That leaves it to being
something at the per subsystem or per application level. Since Win32 is rather
"thin" on much of this (i.e. it mostly just passes things along to the kernel)
it has to be at the per application level -- which includes envronmental settings.
The registry information is the same and permission access to files is also the
same since it goes through the same security system.
Your error message of:
> Error: There is no valid certificate in the my cert store
Indicates to me (since you wrote you had placed the certs) that the app is
looking at another location. It's likely looking at a default location because
it's not finding "something" to tell it otherwise.
Dump out all of the environment variables for when it works and doesn't work.
Then compare the two sets and review the delta.
|
|
|
RE: Problems using signcode and user profiles. - Jun. 21, '06, 10:05:29 PM
|
|
|
bdavison
Posts: 15
Joined: May 18, '06,
Status: offline
|
Okay, my bad.
It turns out that the environment variable SYSTEMDRIVE=C: is required by sign code.
I should have followed your directions more thoroughly earlier on.
Thanks for your help Rodney, much appreciated.
Bernie.
|
|
|
New Messages |
No New Messages |
Hot Topic w/ New Messages |
Hot Topic w/o New Messages |
|
Locked w/ New Messages |
Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|