4a8.31c0: VBoxHeadless.exe: timestamp 0x582c8767 (rc=VINF_SUCCESS)
4a8.31c0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
4a8.31c0: Error (rc=-23033):
4a8.31c0: supHardenedWinVerifyProcess failed with Unknown Status -23033 (0xffffa607): Certificate is not valid (ValidTime=2088-08-14T12:05:18.000000000Z Validity=[2014-05-28T17:33:33.000000000Z...2029-05-28T17:43:33.000000000Z]): \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4a8.31c0: Error -23033 in supR3HardNtChildPurify! (enmWhat=5)
4a8.31c0: supHardenedWinVerifyProcess failed with Unknown Status -23033 (0xffffa607): Certificate is not valid (ValidTime=2088-08-14T12:05:18.000000000Z Validity=[2014-05-28T17:33:33.000000000Z...2029-05-28T17:43:33.000000000Z]): \Device\HarddiskVolume2\Windows\System32\ntdll.dll
W10 14971 Certificate is invalid
-
- Posts: 3
- Joined: 14. Oct 2016, 22:47
W10 14971 Certificate is invalid
It seems now with this build the certificate for ntdll.dll is invalid. Any quick fix?
- Attachments
-
- VBoxHardening.log
- (9.82 KiB) Downloaded 309 times
Last edited by socratis on 18. Nov 2016, 20:58, edited 2 times in total.
Reason: rev1: Marked as [Solved] in the title. rev2: Removed it since it didn't apply to all users.
Reason: rev1: Marked as [Solved] in the title. rev2: Removed it since it didn't apply to all users.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: W10 14971 Certificate is invalid
I deleted your other post from the general "VirtualBox on Windows Hosts" forum, since this is a more appropriate one. I will not delete your third post on the same problem, since it's only a redirect to this thread, but remember in the future that duplicate posts are not allowed.
As for the certificate, Microsoft has invalidated itself in the past. Nobody but them can fix it, so my guess is that you'll either have to downgrade your Win10, or wait for a new fix. In any event, you should definitely let Microsoft know about it.
As for the certificate, Microsoft has invalidated itself in the past. Nobody but them can fix it, so my guess is that you'll either have to downgrade your Win10, or wait for a new fix. In any event, you should definitely let Microsoft know about it.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: Discussion of Problems due to Hardened Security
1)Win10 vbox ver Version 5.1.9 r111957 (Qt5.6.2) also in 5.1.8 hence tried latest test build
2)attached log
3)related stuff
Just autoupdated to latest win 10 insider 14971.1000 build and got this message
and "Failed to open a session for the virtual machine xp.
The virtual machine 'xp' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\Virtual Machines\xp\Logs\VBoxHardening.log'.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine
"
was working fine in 14965 and 5.1.8
AVG Internet Security
Intel inbuild graphics
No firewall
UAC disabled
On windows insider program fast channel
developer mode
no issues on sfc or chkdsk
2)attached log
3)related stuff
Just autoupdated to latest win 10 insider 14971.1000 build and got this message
and "Failed to open a session for the virtual machine xp.
The virtual machine 'xp' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\Virtual Machines\xp\Logs\VBoxHardening.log'.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine
"
was working fine in 14965 and 5.1.8
AVG Internet Security
Intel inbuild graphics
No firewall
UAC disabled
On windows insider program fast channel
developer mode
no issues on sfc or chkdsk
- Attachments
-
- VBoxHardening.log
- (16.61 KiB) Downloaded 286 times
Re: W10 14971 Certificate is invalid
Chatted with the user this morning on IRC, and I interpret the messages he wrote at the end as having VirtualBox working as it should after . Looks like a weird messup in the user's install which got cured by using the proper files.
Code: Select all
sfc /scannow
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: W10 14971 Certificate is invalid
OK, thanks klaus, good to keep that in mind...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: [Solved] W10 14971 Certificate is invalid
Based on comparing logs anyway (see attached), it sounds like what I mentioned here:
viewtopic.php?p=378466#p378466
...is the same problem.
However, when looking at the cert for that file, it looks valid to me. And it expires May 15, 2017.
I do see some mentions of this in the Feedback Hub, too, so I don't think it's some messup with one (or, two, including me) user's install.
For reference, someone opened this, but it points back here:
https://www.virtualbox.org/ticket/16198
I also tried the 111957 test build.
viewtopic.php?p=378466#p378466
...is the same problem.
However, when looking at the cert for that file, it looks valid to me. And it expires May 15, 2017.
I do see some mentions of this in the Feedback Hub, too, so I don't think it's some messup with one (or, two, including me) user's install.
For reference, someone opened this, but it points back here:
https://www.virtualbox.org/ticket/16198
I also tried the 111957 test build.
- Attachments
-
- VBoxHardening.log
- (9.97 KiB) Downloaded 279 times
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: [Solved] W10 14971 Certificate is invalid
So did you try the same solution that "klaus" pointed to the OP? I.e. run:rseiler wrote:..is the same problem.
Code: Select all
sfc /scannow
"kalikosmil" opened the bug, "KWierso" simply said me too (with no logs), I took a look at the log of "kalikosmil" and pointed them here. The forums are the true place for discussions, not the bugtracker.rseiler wrote:For reference, someone opened this, but it points back here:
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: [Solved] W10 14971 Certificate is invalid
Yes:socratis wrote:So did you try the same solution that "klaus" pointed to the OP? I.e. run:rseiler wrote:..is the same problem.
It would have been very weird if it found an integrity problem after installing a new build, since that process does its own checking of this type, and the odds of there being that kind of problem afterwards is very low-to-impossible. Usually, that sort of problem develops over time.Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
For anyone curious, run (from an admin prompt):
sfc /verifyonly
Re: [Solved] W10 14971 Certificate is invalid
I have the same problem: "Certificate is invalid".
The proposed solutions not working for me.
Windows 10 14971
VirtualBox 5.1.8 111374 / 5.1.9 111957
The proposed solutions not working for me.
Windows 10 14971
VirtualBox 5.1.8 111374 / 5.1.9 111957
- Attachments
-
- VBoxHardening.log
- (9.88 KiB) Downloaded 284 times
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: W10 14971 Certificate is invalid
@rseiler
I went only with information given from a VirtualBox developer with almost identical VBoxHardening.logs (thanks for including yours, btw, so that I could compare them). It seemed like it was worth a shot. Too bad it's not a generic solution...
@ASM
You have an almost identical log. Same things apply to you. Nothing solid at the moment I'm afraid, that's why the only thing that I could do is to remove the "[Solved]" from the topic title...
I still believe that this is a Microsoft mess, as it's not the first time that they've invalidated their own systems. It used to be KB articles, now it's called ... insider builds. I really don't have a clue if the devs can provide a solution or not.
I went only with information given from a VirtualBox developer with almost identical VBoxHardening.logs (thanks for including yours, btw, so that I could compare them). It seemed like it was worth a shot. Too bad it's not a generic solution...
@ASM
You have an almost identical log. Same things apply to you. Nothing solid at the moment I'm afraid, that's why the only thing that I could do is to remove the "[Solved]" from the topic title...
I still believe that this is a Microsoft mess, as it's not the first time that they've invalidated their own systems. It used to be KB articles, now it's called ... insider builds. I really don't have a clue if the devs can provide a solution or not.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: W10 14971 Certificate is invalid
To state the obvious: no software vendor can possibly support the Insider Previews. There are simply too many changes in it, many of which have seen only very limited QA. Often changes get pulled once Microsoft realizes that it's having bad side effects.
Another issue is that getting access to Insider Previews requires the authority to sign licensing documents, which is something very hard to do in big corporations. Especially when these documents talk about Microsoft having the right to retrieve pretty much any piece of data from a system which has an IP build running - should Oracle risk having its proprietary information transferred off a Windows 10 IP install?
So never ever expect Insider Preview to be suitable for anything but toying around. It's NOT meant for production use. There's nothing wrong with reporting issues to us, we'll always see what we can do about it.
Another issue is that getting access to Insider Previews requires the authority to sign licensing documents, which is something very hard to do in big corporations. Especially when these documents talk about Microsoft having the right to retrieve pretty much any piece of data from a system which has an IP build running - should Oracle risk having its proprietary information transferred off a Windows 10 IP install?
So never ever expect Insider Preview to be suitable for anything but toying around. It's NOT meant for production use. There's nothing wrong with reporting issues to us, we'll always see what we can do about it.
Re: W10 14971 Certificate is invalid
@socratis. Thanks for getting back. So this particular flavor, relating to a certificate (apparently), seems to be something new then? I know that there have been epic threads over the years about various hardening issues, so our finding a new variation on that is quite the thing.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: W10 14971 Certificate is invalid
@rseiler, you mentioned something before, that made me think twice:
But, what if you "forget" at the last step to also update the system known signatures? Or you end up with a mix of signatures? I really don't know how the whole thing works, i.e. is it self signed per file, or it has a database of known files/signatures?
Just thinking out loud...
Update: Then the "sfc /verifyonly" would fail too, wouldn't it? You'd think...
That assumes that the integrity check is happening with a known "signature" at the time of the installation, correct? You compare the signature of "ntdll.dll" with the signature that you have on the installer. A match? Proceed and update the system.rseiler wrote:It would have been very weird if it found an integrity problem after installing a new build, since that process does its own checking of this type, and the odds of there being that kind of problem afterwards is very low-to-impossible.
But, what if you "forget" at the last step to also update the system known signatures? Or you end up with a mix of signatures? I really don't know how the whole thing works, i.e. is it self signed per file, or it has a database of known files/signatures?
Just thinking out loud...
Update: Then the "sfc /verifyonly" would fail too, wouldn't it? You'd think...
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: W10 14971 Certificate is invalid
Yeah, I'm not sure of how the checks work in any detail.
I should add that ntdll.dll is one of the more critical dlls in Windows, if not the most important one. You would think that if it had a problem, then there would be problems showing up everywhere. Process Explorer shows that there are an incredible 151 processes on my system at the moment that are using ntdll.dll. Many are system services.
That would seemingly point back to the given app as opposed to Windows itself being the culprit.
(It's actually probably more like 135, since some of those processes are using \windows\syswow64\ntdll.dll, which is a different file used by 32-bit apps.)
I should add that ntdll.dll is one of the more critical dlls in Windows, if not the most important one. You would think that if it had a problem, then there would be problems showing up everywhere. Process Explorer shows that there are an incredible 151 processes on my system at the moment that are using ntdll.dll. Many are system services.
That would seemingly point back to the given app as opposed to Windows itself being the culprit.
(It's actually probably more like 135, since some of those processes are using \windows\syswow64\ntdll.dll, which is a different file used by 32-bit apps.)
-
- Posts: 696
- Joined: 20. Nov 2013, 01:07
Re: W10 14971 Certificate is invalid
To me, it seems we do have a "new failure point" here, and we are doing what we can to give details. I would only expect Oracle to put in a fix if they believe Microsoft will commit to whatever was changed with the OS that broke things. And I would only expect that fix to be committed, in the days/weeks leading up to the release of the new OS build to general users, even if we'd prefer it quicker.
In short ... Would never want Oracle to put in a stub or shim to work around a buggy OS build. Would only want fixes they think would "stay committed, relevant for the release OS build."
It would be nice if an Oracle dev let us know their take on this particular issue, even if no fix is warranted. But it's okay if we don't get that communication, too.
I will have to rely on my "Release partition", until the "Fast partition" can do VirtualBox again
In short ... Would never want Oracle to put in a stub or shim to work around a buggy OS build. Would only want fixes they think would "stay committed, relevant for the release OS build."
It would be nice if an Oracle dev let us know their take on this particular issue, even if no fix is warranted. But it's okay if we don't get that communication, too.
I will have to rely on my "Release partition", until the "Fast partition" can do VirtualBox again