W10 14971 Certificate is invalid

For discussions related to using VirtualBox on Windows pre-releases (e.g. Windows 10 > build 10240).

Re: W10 14971 Certificate is invalid

Postby Jacob Klein » 21. Nov 2016, 15:07

bird wrote:We suspect the problem is some certificate or signature parsing issue caused by some slight change in the output from the microsoft signing tools or CA. However, in order to fix it we need the offending ntdll.dll and are eagerly waiting for the laptop with the insider build setup to feel like update itself so we can get it. With a bit of luck we'll have it fixed soon...
-bird


Thank you bird!

For your reference, when an Insider build is installed, it takes 12-48 hours of uptime on that build, before the Windows Compatibility Advisor runs and allows a newer build to be installed. I've confirmed with Jason Howard (@NorthFaceHiker on Twitter), one of the main Microsoft Insider devs, that there is no way to manually shortcut this currently. It's one of my key gripes about the Insider program :)

So ... when you install an Insider build, I'd recommend leaving it run for 48 hours, to be "ready" to be immediately offered the new build when it is available, and then access it via Windows Update, if that's your goal.

Thanks again!
Jacob
Jacob Klein
 
Posts: 533
Joined: 20. Nov 2013, 01:07

Re: W10 14971 Certificate is invalid

Postby klaus » 21. Nov 2016, 17:06

rseiler wrote:I was also intrigued by the "licensing documents" line. It is true that IP builds forcibly have all telemetry elements enabled (as they should for an ongoing beta), but there would be no chance of "proprietary information transferred off a Windows 10 IP install" (even allowing for the possibility that that's what MS telemetry gathering includes, which it does not), because there never would be proprietary information on a test machine in the first place. It's a test PC. It could even be an isolated PC.

Is this all to suggest that Oracle has had zero(!) IP builds installed to date?


I'm not suggesting anything. But think again - how should we debug problems efficiently without putting the full VirtualBox source code (including the stuff for the extension pack, i.e. including proprietary sources) and a complete build environment onto a Windows 10 IP install? Should be pretty clear what kind of conflict Microsoft is forcing onto software developers.

That said - we do appreciate bug reports for Windows 10 IP, because it often becomes clear rather quickly if it's a regression Microsoft introduced or if they somehow managed to confuse VirtualBox. We'd rather fix the latter issues sooner than when some random Windows 10 update installed to production setups is suddenly showing a malfunction.
klaus
Oracle Corporation
 
Posts: 754
Joined: 10. May 2007, 14:57

Re: W10 14971 Certificate is invalid

Postby bird » 21. Nov 2016, 17:32

Got lucky with the insider build update! Problem was easily fixed.

5.0 test build: https://www.virtualbox.org/download/tes ... 21-Win.exe
5.1 test build: https://www.virtualbox.org/download/tes ... 20-Win.exe

Enjoy,
bird.
Knut St. Osmundsen
Oracle Corporation
bird
Oracle Corporation
 
Posts: 121
Joined: 10. May 2007, 10:27

Re: W10 14971 Certificate is invalid

Postby Jacob Klein » 21. Nov 2016, 17:37

Thanks! Will test later today, for sure!

PS:
What about 4.3.x? I kid I kid, just joking. I know you guys are done with 4.3.x. I still have to use 4.3.x for 2 of my longest-running RNA World BOINC tasks, so those PCs stay on "Release Partition" with "Defer Upgrades", and I pray I get the tasks done before the Creator's Update (releasing around March 2017) is forced upon them, likely around July 2017 for "Defer Upgrades" PCs.

Thanks again!
Jacob Klein
 
Posts: 533
Joined: 20. Nov 2013, 01:07

Re: W10 14971 Certificate is invalid

Postby socratis » 21. Nov 2016, 17:46

bird wrote:We suspect the problem is some certificate or signature parsing issue caused by some slight change in the output from the microsoft signing tools or CA.
bird wrote:Got lucky with the insider build update! Problem was easily fixed.

If you can share, and just out of human curiosity, was the problem with "ntdll.dll"? Or the algorithm? Or...?
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: W10 14971 Certificate is invalid

Postby bird » 21. Nov 2016, 19:26

Here's an untested 4.3 test build: https://www.virtualbox.org/download/tes ... 25-Win.exe
Hope this works too.

Regarding what the problem was, it was a heuristic for dealing signed DLLs lacking a timestamp signature. We would pick the date put in the file header by the linker to prevent trouble with third party DLLs that shows up in our processes (message hook DLLS, winsock fun, anti-virus, etc). The timestamp in the file header of NTDLL.DLL in build 14971 is showing 2088-08-14. The fix was to alternatively check for validity at the current system time as well. Looks like this is a deliberate thing by microsoft, possibly to do with the symbol server or a redefinition of the timestamp field. (If it not deliberate, the linker must be having some trouble with getting/writing the correct timestamp.)

-bird
Knut St. Osmundsen
Oracle Corporation
bird
Oracle Corporation
 
Posts: 121
Joined: 10. May 2007, 10:27

Re: W10 14971 Certificate is invalid

Postby socratis » 21. Nov 2016, 19:28

Thank you sir for the explanation!
I was simply wondering why could such a basic system DLL fail the checks. Thanks again...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: W10 14971 Certificate is invalid

Postby Jeff4Success » 21. Nov 2016, 19:36

I'm joining the masses that are insiders and vbox users. THANKS for the update for 14971, great job! Is there an extension update yet, or just use usb1.1 for now?
Jeff4Success
 
Posts: 1
Joined: 21. Nov 2016, 19:34

Re: W10 14971 Certificate is invalid

Postby rseiler » 21. Nov 2016, 19:57

bird wrote:The timestamp in the file header of NTDLL.DLL in build 14971 is showing 2088-08-14.

Ah, so that's where that bugger was.

For anyone else curious, a good portable tool to see that is pestudio:
https://www.winitor.com/binaries.html

With it, I see this in 14971:
Capture.JPG
Capture.JPG (29.51 KiB) Viewed 4671 times

And not this, from 14393:
Capture2.JPG
Capture2.JPG (28.62 KiB) Viewed 4671 times

I looked at a few other important DLLs out of curiosity, and on 14971 they're sometimes what you'd expect but other times wildly in the future (22nd century) or even in the past (20th century). It'll be interesting to see if this reverts in future builds.

Meanwhile, I've canceled the DeLorean order.

Thanks
rseiler
 
Posts: 157
Joined: 5. Feb 2009, 20:26

Re: W10 14971 Certificate is invalid

Postby socratis » 21. Nov 2016, 20:00

rseiler wrote:Meanwhile, I've canceled the DeLorean order.
:lol: :lol: :lol:
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: W10 14971 Certificate is invalid

Postby klaus » 21. Nov 2016, 20:33

Wondering if the timestamp is either totally busted or if it's a semi-busted timestamp with the topmost bit accidentally set... if that's the case the system's time at the time of linking would've been 27 Jul 2020 08:51:10. Only almost 4 years in the future, not 72.

Oh... just happened to bump into https://blogs.msdn.microsoft.com/oldnew ... 0/?p=10173 - it seems that the timestamp is at the same time a timestamp and it isn't (the real use is as a unique ID according to the author's opinion). Who knows, maybe someone at Microsoft is blowing a raspberry with the latest IP build.
klaus
Oracle Corporation
 
Posts: 754
Joined: 10. May 2007, 14:57

Re: W10 14971 Certificate is invalid

Postby teh_klev » 21. Nov 2016, 21:21

Many, many thanks for resolving this folks. :D
teh_klev
 
Posts: 2
Joined: 16. Oct 2016, 01:49

Re: W10 14971 Certificate is invalid

Postby rseiler » 22. Nov 2016, 01:32

Oracle VM VirtualBox 5.1.10 now available for download!:
https://blogs.oracle.com/virtualization ... albox_5_19

Oracle has released VirtualBox 5.1 Maintenance Release 10.

This release includes improvements and bug fixes for Oracle VM VirtualBox 5.1. Between them we can mention:
Audio: fixed a few 5.1.x regressions by using the audio code from 5.0.x until the audio overhaul is completed
Windows hosts: hardening fix for Windows 10 build 14971
Linux hosts / guests: kernel 4.9 fixes
GUI: fixed various issues in Unscaled HiDPI Output mode
rseiler
 
Posts: 157
Joined: 5. Feb 2009, 20:26

Re: W10 14971 Certificate is invalid

Postby AndyMidd » 22. Nov 2016, 12:23

Insider 14971, VB 5.1.10.
I still get the certificate error.
Did the fix in test build 5.1.9.11220 make it into 1.10?
AndyMidd
 
Posts: 7
Joined: 12. Apr 2016, 10:42

Re: W10 14971 Certificate is invalid

Postby socratis » 22. Nov 2016, 12:53

AndyMidd wrote:Did the fix in test build 5.1.9.11220 make it into 1.10?
Considering that the 5.1.10 (I think you're referring to that one, not 1.10) is rev. 112026 and the 5.1.19 last test build was rev. 112020 (I think you're referring to that one, not 11220), and the fact that it is explicitly stated in the release notes, I'd say yes.
Changelog wrote:
  • Windows hosts: hardening fix for Windows 10 build 14971 (bug #16202).

Try uninstalling, installing (with right-click, "Run as administrator") and if you still have a problem, post the VBoxHardening.log. Zipped please.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
socratis
Site Moderator
 
Posts: 27690
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

PreviousNext

Return to VirtualBox on Windows pre-releases

Who is online

Users browsing this forum: No registered users and 1 guest