Windows: Guest Additions installation might fail due to missing certificate

This is for discussing general topics about how to use VirtualBox.
Post Reply
w16r
Posts: 2
Joined: 23. Oct 2021, 07:29

Windows: Guest Additions installation might fail due to missing certificate

Post by w16r »

Using VirtualBox 6.1.28, on a Windows Server 2022 guest, the VirtualBox Guest Additions installation failed with the following messages:

Code: Select all

Installing guest driver ...
Executing: "C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe" dri...
Installing driver ...
INF-File: C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxGuest.inf
(1) ENTER:  DriverPackageInstallW
(1) RETURN: DriverPackageInstallW  (0xE0000247)
ERROR: Adding driver to the driver store failed!!
Execution returned exit code:  2
Error excuting ""C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxDrvInst.exe...
The problem is that the Oracle digital certificate that was used to sign some of the Guest Additions files has a certification path for which the only trusted root certificate, in a new installation of Windows Server 2022, is a DigiCert Assured ID Root CA certificate signed by Microsoft. This certificate expired on April 15, 2021, so Windows won’t accept it to verify signatures that the VirtualBox developers made after that date.

Windows has an Automatic Root Certificates Update feature that will try to install a better root certificate, but this doesn’t work if the guest can’t reach the Internet (as in my case) or if the feature has been disabled using Group Policy. In this situation, you can download and install the certificate manually:
  1. Download the certificate from DigiCert. I can’t post a link, but at this writing, if you search for DigiCert root certificates in Google or Bing, the DigiCert download page is the first result. Find the DigiCert Assured ID Root CA on that page, and click the Download DER/CRT link to get a copy of the DigiCertAssuredIDRootCA.crt file, which contains a self-signed version of the certificate, valid until 2031.
  2. Copy the DigiCertAssuredIDRootCA.crt file to the Windows guest. If the Guest Additions aren’t installed, you may not be able to use copy and paste or drag and drop. Instead, copy the file over the network or create an ISO 9660 image (.iso file) containing the certificate file and attach it to the guest.
  3. Install the certificate on the guest. In File Explorer, right-click the DigiCertAssuredIDRootCA.crt file, and then click Install Certificate. In the Certificate Import Wizard, click Local Machine, Next, Place all certificates in the following store, Browse, Trusted Root Certification Authorities, OK, Next, and Finish.
  4. Retry the Guest Additions installation, which should succeed with only the usual “Would you like to install this device software?” prompts.
The VirtualBox developers could make this easier, of course, by including a copy of the DigiCert certificate with the Guest Additions and prompting the user to install it, if needed.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Windows: Guest Additions installation might fail due to missing certificate

Post by scottgus1 »

This might be a good thing to post on the Bugtracker
w16r
Posts: 2
Joined: 23. Oct 2021, 07:29

Re: Windows: Guest Additions installation might fail due to missing certificate

Post by w16r »

scottgus1 wrote:This might be a good thing to post on the Bugtracker
Thanks for the suggestion. I've reported this as ticket #20628.
Post Reply