NetBackup Client install succeeds, but unsigned drivers are applied

  • Article ID:100007726
  • Modified Date:
  • Product(s):

Problem

The NetBackup 7.1, 7.5, and 7.6.0.1 client install will apply a driver file named 'WimFltr.sys' which has an expired digital signature.  In addition, NetBackup 7.6.0.1 applies a second driver with an expired signature named 'vstor2-mntapi10-shared.sys'.

If the Group Policy Object (GPO) named "Devices: Unsigned driver installation behavior" has been modified from the default of "Not Defined" to either "Warn but allow installation" or "Do not allow installation", this can cause an installation of NetBackup to either require manual intervention or prevent the installation of NetBackup entirely.

 

This GPO setting ONLY applies to Windows 2003 Operating Systems.

Error Message

The Windows OS log file named setupapi.log will document messages like these during NetBackup install:

 

[2011/10/24 13:49:24 1484.1]
#-198 Command line processed: "C:\WINDOWS\system32\rundll32.exe" setupapi,InstallHinfSection DefaultInstall 132 C:\WINDOWS\system32\drivers\Wimfltr.inf
#-011 Installing section [DefaultInstall] from "C:\WINDOWS\system32\drivers\Wimfltr.inf".
#W361 An unsigned, incorrectly signed, or Authenticode(tm) signed file "c:\windows\system32\drivers\wimfltr.inf" will be installed (Policy=Ignore). Error 1168: Element not found.
#-024 Copying file "C:\WINDOWS\system32\drivers\WimFltr.sys" to "C:\WINDOWS\system32\DRIVERS\WimFltr.sys".
#W361 An unsigned, incorrectly signed, or Authenticode(tm) signed file "C:\WINDOWS\system32\drivers\WimFltr.sys" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.

 

 [2014/08/22 09:32:31 2672.1] 
#-199 Executing "C:\WINDOWS\system32\rundll32.exe" with command line: rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files\Common Files\VERITAS\VxMS\Shared\VDDK\bin\vstor2-mntapi10-shared.inf 
#-011 Installing section [DefaultInstall.NT] from "C:\Program Files\Common Files\VERITAS\VxMS\Shared\VDDK\bin\vstor2-mntapi10-shared.inf". 
#W361 An unsigned, incorrectly signed, or Authenticode(tm) signed file "c:\program files\common files\veritas\vxms\shared\vddk\bin\vstor2-mntapi10-shared.inf" will be installed (Policy=Ignore). Error 1168: Element not found. 
#-024 Copying file "C:\Program Files\Common Files\VERITAS\VxMS\Shared\VDDK\bin\vstor2-mntapi10-shared.sys" to "C:\WINDOWS\system32\DRIVERS\vstor2-mntapi10-shared.sys". 
#W361 An unsigned, incorrectly signed, or Authenticode(tm) signed file "C:\Program Files\Common Files\VERITAS\VxMS\Shared\VDDK\bin\vstor2-mntapi10-shared.sys" will be installed (Policy=Ignore). Error 1168: Element not found. 

 

Cause

Symantec does not own these 3rd party drivers; these binaries are licensed to Symantec from 3rd parties, Symantec is unable to adjust the signatures on these files, and Symantec is legally prevented from signing them.  

Solution

The certificates expiration will not impact functionality of the drivers.  These files are safe to install and pose no threat to the OS or environment.

 

If the GPO setting for "Devices: Unsigned driver installation behavior" has been Defined as "Warn but allow the installation", a pop-up window will appear on the machine onto which NetBackup is being installed.  The install will appear to hang at this point. A user must respond to the pop-up window to allow the installation to proceed.

If the GPO setting for "Devices: Unsigned driver installation behavior" has been Defined as "Do not allow the installation", the installation of NetBackup will fail.

 

If either of these behaviors are unwelcome, it is recommended to modify the GPO to "Silently succeed".  Once the installation of NetBackup is complete, the GPO can then be returned to the desired setting.

 

FINAL Note:  In addition to the GPO, there are two other possible ways to adjust how Windows 2003 handles installation of files with improper signatures:  Depending on the environment, it may be necessary to adjust either of these settings to allow NetBackup to install without interruption:

  • Local Security Policy within Security Settings > Local Policies > Security Options > Devices: Unsigned driver installation behavior
  • System Properties > Hardware > Driver Signing

Was this content helpful?

Get Support