Signature checking of newer drivers (Intel NIC drivers for instance) in automation is not working correctly causing DeployAnywhere to fail when being ran as part of a 'Deploy image' or 'Install Windows OS' task

book

Article ID: 157426

calendar_today

Updated On:

Products

Deployment Solution

Issue/Introduction

Signature checking of drivers in automation is not working correctly causing Deploy Anywhere (DA) to not use drivers that are a correct match.  This matching 

The Deploy Image task will fail to complete if  the signature checking of driver doesn't complete successfully.

Cause

 

The DA logs will show the following with an affected NIC (Intel 82579 in the example below):

 

"\Task Handler\DriversDB\Intel.netvwifibus.inf.15.1.0.21\NETwsw00.INF

File:..\WinDeviceDriverRetargeterWin32.cpp Line:2743 Function:Ghost::WinDeviceDriverRetargeterWin32::MatchInfFileToDevices()

This driver can be considered for retargetting. Rank is 257. DB source is DA DriverDatabase. INF path is W:\Task Handler\DriversDB\Intel.netvwifibus.inf.15.2.0.19_1\Netwsw00.INF

File:..\InfFile\InfFile.cpp Line:2768 Function:Ghost::InfFile::IsDriverValid()

W:\Task Handler\DriversDB\Intel.netvwifibus.inf.15.2.0.19_1\Netwsw00.INF is not signed.

File:..\WinDeviceDriverRetargeterWin32.cpp Line:2792 Function:Ghost::WinDeviceDriverRetargeterWin32::MatchInfFileToDevices()

W:\Task Handler\DriversDB\Intel.netvwifibus.inf.15.2.0.19_1\Netwsw00.INF is invalid. Not including in device INF matching."

 

Though the driver matches, (Rank is 257), because the MS Win32 API (SetupVerifyInfFile) function doesn't properly detect that the driver is signed, (Netwsw00.INF is not signed), DA does not use the driver. (Not including in device INF matching.)

 

Note:  The MS Win32 API that is in WinPE works correctly for older drivers but fails for newer drivers.  If the system is booted into production both the old and new driver pass the driver signature check.

 

 

Resolution

Symantec has issued a point fix that resolves this issue.  The point fix code will be included in 'Pointfix_v4'.

 

To apply the fix now, follow the steps below on the Notification Server system:

Note: UAC may completely block this process. You should disable this prior to beginning and re-enable later if need be.

  1. Download and install the latest version of DeployAnywhere from KB Tech186664.
     
  2. Download the zip file attached to this KB to the Notification Server.  Extract all the files somewhere.  The desktop is fine as it includes a self-contained installer.
     
  3. Run "install.cmd" with administrative rights from the TECH200444 folder.  You will be prompted to press a key at the end of the install, but it should indicate the installation was successful.  
    Note: It will cycle all the services and IIS, most likely requiring a re-login to the console.
     
  4. Verify the file was installed correctly by browsing C:\windows\assembly for the DLL. It should exist again with the proper date and version.  It will be displayed as 'Altiris.Deployment'  '7.1.7858' dated today.  The version was not updated from MP1.1.
      

Note: The issue was resolved by making the DS task handler supply the '/bypassdrvvali=all' by default to the DeployAnywhere command line.

 

 

 


Applies To

 DS 7.1 up to and including MP1

Attachments

TECH200444.zip get_app