DOCUMENT:Q197713 22-JUN-2001 [exchange] TITLE :XCLN: ErrMsg: Authenticode Signature not Found with ODK PRODUCT :Microsoft Exchange PROD/VER:WINDOWS:98 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Outlook 98 Deployment Kit - Microsoft Exchange Server, version 5.5 ------------------------------------------------------------------------------- SYMPTOMS ======== When you attempt to run Outlook 98 Setup from an Outlook Deployment Kit (ODK) package that has Authenticode 2.0 installed, you may receive the following error message: Dialog Box Title: Security Warning Do you want to install and run : Outlook98\CD\En\Packages\Setup.exe The publisher cannot be determined due to the problems below: Authenticode Signature Not Found. Yes No More Info.... Clicking Yes invokes another dialog box with the following error message: Dialog Box Title: Security Warning Do you want to install and run : Outlook98\CD\En\Packages\outcif.cab The publisher cannot be determined due to the problems below: Authenticode Signature Not Found. Yes No More Info.... As of Internet Explorer 4.01 Service Pack 2 and Internet Explorer 5, there are two more symptoms of unsigned CABs: - Silent installations unexpectedly stop without any error message or logged event (in the case of Windows NT). - A regular installation yields the error message: Setup could not verify the information needed for installation. Please make sure your system clock reflects the current time, then run Setup again. This problem is a result of an updated Wintrust.dll file. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: Q235668 XCLN: Error Deploying Outlook 98 Using the ODK on Systems with Internet Explorer 5 or 4.0 Service Pack 2 CAUSE ===== Active Setup uses Authenticode technology (digital signatures) to ensure that the contents of a component have not been altered. All files need to be digitally signed. This is clearly spelled out in the dialog box the ODK displays when it finishes building a custom package. The following information is from the Microsoft Outlook Deployment Kit Stage 2: Specify Trusted Publishers: You should digitally sign your customized package and any custom programs to ensure that users do not receive warnings during installation. After you create your customized package, you must sign the following files: Branding.cab Chl.cab Desktop.cab Folder.cab Outcif.cab Setup.exe NOTE: For Chl.cab, this only refers to files where x is a numeric value (for example, Chl99.cab). WORKAROUND ========== When creating customized packages, you should sign the custom cabinet (.cab) files created by the wizard before you post them. Signing the .cab files and custom programs requires the following two steps: 1. Obtain a digital certificate. 2. Sign the code. NOTE: MakeCert, Cert2SPC, and Signcode are tools you can use to sign and test code. These tools are available in the \Program Files\ODK\Reskit\Addons\Tools folder. You can find additional resources in the Microsoft Internet Client SDK. Follow these steps to create a test certificate to sign files: 1. Navigate to C:\Program Files\ODK\Reskit\Addons\Tools. 2. At a command prompt, type the following command line exactly as it appears here, and then press Enter: makecert -r -k:mykey.pvk -d:"My Test Certificate" mykey.cer 3. At a command prompt, type the following command line exactly as it appears here, and then press Enter: cert2spc mykey.cer mykey.spc 4. At a command prompt, type the following command line exactly as it appears here, and then press Enter: signcode -spc mykey.spc -v mykey.pvk Where is the path and filename of the file that you want to sign. To test the certificate of any file, at a command prompt, type the following: chktrust MORE INFORMATION ================ Certificates may also be obtained from one of two sources: a certificate authority (CA), such as VeriSign or GTE, can provide certificates, or a privately controlled certificate server can issue certificates. You must accept the certificate on your computer. The wizard prompts you to select the publisher certificates you will use to sign the files in your package. After obtaining a certificate, you will need to sign the code. Tools for signing code, such as the Code Signing wizard (Signcode.exe), are available in the \Program Files\ODK\Reskit\Addons\Tools folder. For more information about signing code, see the Microsoft Security Advisor Web site at http://www.microsoft.com/security/. Additional query words: ====================================================================== Keywords : Technology : kbOutlookSearch kbOutlookDeployKitSearch kbOutlook98DeployKit Version : WINDOWS:98 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.