Signature checking of drivers in automation is not working correctly causing Deploy Anywhere (DA) to not use drivers that are a correct match. This matching
The Deploy Image task will fail to complete if the signature checking of driver doesn't complete successfully.
The DA logs will show the following with an affected NIC (Intel 82579 in the example below):
File:..\WinDeviceDriverRetargeterWin32.cpp Line:2743 Function:Ghost::WinDeviceDriverRetargeterWin32::MatchInfFileToDevices()
This driver can be considered for retargetting. Rank is 257. DB source is DA DriverDatabase. INF path is W:\Task Handler\DriversDB\Intel.netvwifibus.inf.22.214.171.124_1\Netwsw00.INF
File:..\InfFile\InfFile.cpp Line:2768 Function:Ghost::InfFile::IsDriverValid()
W:\Task Handler\DriversDB\Intel.netvwifibus.inf.126.96.36.199_1\Netwsw00.INF is not signed.
File:..\WinDeviceDriverRetargeterWin32.cpp Line:2792 Function:Ghost::WinDeviceDriverRetargeterWin32::MatchInfFileToDevices()
W:\Task Handler\DriversDB\Intel.netvwifibus.inf.188.8.131.52_1\Netwsw00.INF is invalid. Not including in device INF matching."
Though the driver matches, (Rank is 257), because the MS Win32 API (SetupVerifyInfFile) function doesn't properly detect that the driver is signed, (Netwsw00.INF is not signed), DA does not use the driver. (Not including in device INF matching.)
Note: The MS Win32 API that is in WinPE works correctly for older drivers but fails for newer drivers. If the system is booted into production both the old and new driver pass the driver signature check.
Symantec has issued a point fix that resolves this issue. The point fix code will be included in 'Pointfix_v4'.
To apply the fix now, follow the steps below on the Notification Server system:
Note: UAC may completely block this process. You should disable this prior to beginning and re-enable later if need be.
Note: The issue was resolved by making the DS task handler supply the '/bypassdrvvali=all' by default to the DeployAnywhere command line.
DS 7.1 up to and including MP1