W10 14971 Certificate is invalid

For discussions related to using VirtualBox on Windows pre-releases (e.g. Windows 10 > build 10240).
Jacob Klein
Posts: 696
Joined: 20. Nov 2013, 01:07

Re: W10 14971 Certificate is invalid

Post by Jacob Klein »

bird wrote:We suspect the problem is some certificate or signature parsing issue caused by some slight change in the output from the microsoft signing tools or CA. However, in order to fix it we need the offending ntdll.dll and are eagerly waiting for the laptop with the insider build setup to feel like update itself so we can get it. With a bit of luck we'll have it fixed soon...
-bird
Thank you bird!

For your reference, when an Insider build is installed, it takes 12-48 hours of uptime on that build, before the Windows Compatibility Advisor runs and allows a newer build to be installed. I've confirmed with Jason Howard (@NorthFaceHiker on Twitter), one of the main Microsoft Insider devs, that there is no way to manually shortcut this currently. It's one of my key gripes about the Insider program :)

So ... when you install an Insider build, I'd recommend leaving it run for 48 hours, to be "ready" to be immediately offered the new build when it is available, and then access it via Windows Update, if that's your goal.

Thanks again!
Jacob
klaus
Oracle Corporation
Posts: 1110
Joined: 10. May 2007, 14:57

Re: W10 14971 Certificate is invalid

Post by klaus »

rseiler wrote: I was also intrigued by the "licensing documents" line. It is true that IP builds forcibly have all telemetry elements enabled (as they should for an ongoing beta), but there would be no chance of "proprietary information transferred off a Windows 10 IP install" (even allowing for the possibility that that's what MS telemetry gathering includes, which it does not), because there never would be proprietary information on a test machine in the first place. It's a test PC. It could even be an isolated PC.

Is this all to suggest that Oracle has had zero(!) IP builds installed to date?
I'm not suggesting anything. But think again - how should we debug problems efficiently without putting the full VirtualBox source code (including the stuff for the extension pack, i.e. including proprietary sources) and a complete build environment onto a Windows 10 IP install? Should be pretty clear what kind of conflict Microsoft is forcing onto software developers.

That said - we do appreciate bug reports for Windows 10 IP, because it often becomes clear rather quickly if it's a regression Microsoft introduced or if they somehow managed to confuse VirtualBox. We'd rather fix the latter issues sooner than when some random Windows 10 update installed to production setups is suddenly showing a malfunction.
bird
Oracle Corporation
Posts: 127
Joined: 10. May 2007, 10:27

Re: W10 14971 Certificate is invalid

Post by bird »

Got lucky with the insider build update! Problem was easily fixed.

5.0 test build: https://www.virtualbox.org/download/tes ... 21-Win.exe
5.1 test build: https://www.virtualbox.org/download/tes ... 20-Win.exe

Enjoy,
bird.
Knut St. Osmundsen
Oracle Corporation
Jacob Klein
Posts: 696
Joined: 20. Nov 2013, 01:07

Re: W10 14971 Certificate is invalid

Post by Jacob Klein »

Thanks! Will test later today, for sure!

PS:
What about 4.3.x? I kid I kid, just joking. I know you guys are done with 4.3.x. I still have to use 4.3.x for 2 of my longest-running RNA World BOINC tasks, so those PCs stay on "Release Partition" with "Defer Upgrades", and I pray I get the tasks done before the Creator's Update (releasing around March 2017) is forced upon them, likely around July 2017 for "Defer Upgrades" PCs.

Thanks again!
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: W10 14971 Certificate is invalid

Post by socratis »

bird wrote:We suspect the problem is some certificate or signature parsing issue caused by some slight change in the output from the microsoft signing tools or CA.
bird wrote:Got lucky with the insider build update! Problem was easily fixed.
If you can share, and just out of human curiosity, was the problem with "ntdll.dll"? Or the algorithm? Or...?
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
bird
Oracle Corporation
Posts: 127
Joined: 10. May 2007, 10:27

Re: W10 14971 Certificate is invalid

Post by bird »

Here's an untested 4.3 test build: https://www.virtualbox.org/download/tes ... 25-Win.exe
Hope this works too.

Regarding what the problem was, it was a heuristic for dealing signed DLLs lacking a timestamp signature. We would pick the date put in the file header by the linker to prevent trouble with third party DLLs that shows up in our processes (message hook DLLS, winsock fun, anti-virus, etc). The timestamp in the file header of NTDLL.DLL in build 14971 is showing 2088-08-14. The fix was to alternatively check for validity at the current system time as well. Looks like this is a deliberate thing by microsoft, possibly to do with the symbol server or a redefinition of the timestamp field. (If it not deliberate, the linker must be having some trouble with getting/writing the correct timestamp.)

-bird
Knut St. Osmundsen
Oracle Corporation
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: W10 14971 Certificate is invalid

Post by socratis »

Thank you sir for the explanation!
I was simply wondering why could such a basic system DLL fail the checks. Thanks again...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Jeff4Success
Posts: 1
Joined: 21. Nov 2016, 19:34

Re: W10 14971 Certificate is invalid

Post by Jeff4Success »

I'm joining the masses that are insiders and vbox users. THANKS for the update for 14971, great job! Is there an extension update yet, or just use usb1.1 for now?
rseiler
Posts: 158
Joined: 5. Feb 2009, 20:26

Re: W10 14971 Certificate is invalid

Post by rseiler »

bird wrote:The timestamp in the file header of NTDLL.DLL in build 14971 is showing 2088-08-14.
Ah, so that's where that bugger was.

For anyone else curious, a good portable tool to see that is pestudio:
https://www.winitor.com/binaries.html

With it, I see this in 14971:
Capture.JPG
Capture.JPG (29.51 KiB) Viewed 8648 times
And not this, from 14393:
Capture2.JPG
Capture2.JPG (28.62 KiB) Viewed 8648 times
I looked at a few other important DLLs out of curiosity, and on 14971 they're sometimes what you'd expect but other times wildly in the future (22nd century) or even in the past (20th century). It'll be interesting to see if this reverts in future builds.

Meanwhile, I've canceled the DeLorean order.

Thanks
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: W10 14971 Certificate is invalid

Post by socratis »

rseiler wrote:Meanwhile, I've canceled the DeLorean order.
:lol: :lol: :lol:
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
klaus
Oracle Corporation
Posts: 1110
Joined: 10. May 2007, 14:57

Re: W10 14971 Certificate is invalid

Post by klaus »

Wondering if the timestamp is either totally busted or if it's a semi-busted timestamp with the topmost bit accidentally set... if that's the case the system's time at the time of linking would've been 27 Jul 2020 08:51:10. Only almost 4 years in the future, not 72.

Oh... just happened to bump into https://blogs.msdn.microsoft.com/oldnew ... 0/?p=10173 - it seems that the timestamp is at the same time a timestamp and it isn't (the real use is as a unique ID according to the author's opinion). Who knows, maybe someone at Microsoft is blowing a raspberry with the latest IP build.
teh_klev
Posts: 2
Joined: 16. Oct 2016, 01:49

Re: W10 14971 Certificate is invalid

Post by teh_klev »

Many, many thanks for resolving this folks. :D
rseiler
Posts: 158
Joined: 5. Feb 2009, 20:26

Re: W10 14971 Certificate is invalid

Post by rseiler »

Oracle VM VirtualBox 5.1.10 now available for download!:
https://blogs.oracle.com/virtualization ... albox_5_19
Oracle has released VirtualBox 5.1 Maintenance Release 10.

This release includes improvements and bug fixes for Oracle VM VirtualBox 5.1. Between them we can mention:
Audio: fixed a few 5.1.x regressions by using the audio code from 5.0.x until the audio overhaul is completed
Windows hosts: hardening fix for Windows 10 build 14971
Linux hosts / guests: kernel 4.9 fixes
GUI: fixed various issues in Unscaled HiDPI Output mode
AndyMidd
Posts: 16
Joined: 12. Apr 2016, 10:42

Re: W10 14971 Certificate is invalid

Post by AndyMidd »

Insider 14971, VB 5.1.10.
I still get the certificate error.
Did the fix in test build 5.1.9.11220 make it into 1.10?
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: W10 14971 Certificate is invalid

Post by socratis »

AndyMidd wrote:Did the fix in test build 5.1.9.11220 make it into 1.10?
Considering that the 5.1.10 (I think you're referring to that one, not 1.10) is rev. 112026 and the 5.1.19 last test build was rev. 112020 (I think you're referring to that one, not 11220), and the fact that it is explicitly stated in the release notes, I'd say yes.
Changelog wrote:
  • Windows hosts: hardening fix for Windows 10 build 14971 (bug #16202).
Try uninstalling, installing (with right-click, "Run as administrator") and if you still have a problem, post the VBoxHardening.log. Zipped please.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Post Reply