xpstar.dll fails to load because of certificate problem
-
Thursday, July 12, 2012 10:04 PM
Sorry, I couldn't find a localdb forum, so if this isn't the appropriate place for this question, please point me in the correct direction.
OS: Windows 7 x64
Database Server: Localdb
When trying to create a database on a localdb instance I get the following errors in the error log:
2012-07-12 17:40:22.39 spid51 Attempting to load library 'xpstar.dll' into memory. This is an informational message only. No user action is required.
2012-07-12 17:40:22.39 spid51 Failed to verify Authenticode signature on DLL 'C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\\xpstar.dll'.
2012-07-12 17:40:22.39 spid51 Error: 17750, Severity: 16, State: 0.
2012-07-12 17:40:22.39 spid51 Could not load the DLL xpstar.dll, or one of the DLLs it references. Reason: (null).When I look at the certificate information for xpstar there is an error specifying that the revocation process could not continue ...
When I drill into the certificate details the path to Microsoft Corp can't be resolved:
I'm running the same code on another machine the same OS, same network and creating a database works fine. The certificate on the file looks fine.
I've tried uninstalling and installing localdb and that has not resolved the problem. I ran windows update and installed the latest updates after talking with IT as they stated there was a problem with microsoft having changed certificate paths in recent past. Applying the latest windows updates did not resolve the problem. I'm not sure what to try next.
- Edited by alandhoyt Thursday, July 12, 2012 10:05 PM
All Replies
-
Friday, July 13, 2012 12:05 PM
I did a little more digging into the certificate error. I enabled CAPI2 logging and accessed the certificate details via file explorer as with the screenshots above and found errors in the CAPI logs.
I'm not sure if the proxy errors are the root of my problem or not, a the http request and response look successful?
Also there is a BuildChain error log entry with the text "The revocation function was unable to check revocation because the revocation server was offline." See the last log copy at the bottom of the post.
I'm not sure where to go from here...
Retrieve Object from Network Error Log:
<RetrieveObjectByUrlWire>
<URL scheme="http">http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl</URL><Object type="CONTEXT_OID_CRL" constant="2" /><Timeout>PT20S</Timeout><Flags value="202005" CRYPT_RETRIEVE_MULTIPLE_OBJECTS="true" CRYPT_WIRE_ONLY_RETRIEVAL="true" CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL="true" CRYPT_PROXY_CACHE_RETRIEVAL="true" /><AuxInfo maxUrlRetrievalByteCount="104857600" fProxyCacheRetrieval="true" /><NetworkConnectivityStatus value="1" _SENSAPI_NETWORK_ALIVE_LAN="true" /><Error value="2F94">The Proxy Auto-configuration URL was not found.</Error></Action><Action name="NoProxy" /><Error value="2F94">The Proxy Auto-configuration URL was not found.</Error></Action><Action name="NoProxy" /><Header>GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1</Header><Header>Accept: */*</Header><Header>If-None-Match: "fde1e8cc7e4dcd1:0"</Header><Header>If-Modified-Since: Mon, 18 Jun 2012 18:18:46 GMT</Header><Header>Cache-Control: max-age = 900</Header><Header>User-Agent: Microsoft-CryptoAPI/6.1</Header><Header>Connection: Keep-Alive</Header></HTTPRequestHeadersInfo><Header>HTTP/1.1 304 Not Modified</Header><Header>Cache-Control: max-age=900</Header><Header>Connection: keep-alive</Header><Header>Date: Fri, 13 Jul 2012 11:57:23 GMT</Header><Header>Content-Type: application/pkix-crl</Header><Header>Last-Modified: Mon, 18 Jun 2012 18:18:46 GMT</Header><Header>ETag: "fde1e8cc7e4dcd1:0"</Header></HTTPResponseHeadersInfo><Error value="36">The network is busy.</Error></Action></AdditionalInfo><URLCacheFlushInfo expireTime="2012-09-12T10:28:36Z" /><URLCacheResponseInfo responseType="CRYPTNET_URL_CACHE_RESPONSE_HTTP" responseValidated="true" lastModifiedTime="2012-06-18T18:18:46Z" maxAge="900" eTag=""fde1e8cc7e4dcd1:0"" /></CacheInfo><CertificateRevocationList fileRef="E791AE90EE93322D5B725398D44F888F4D8FEEF0.crl" issuerName="Microsoft Code Signing PCA" /></RetrievedObjects><EventAuxInfo ProcessName="explorer.exe" /><CorrelationAuxInfo TaskId="{0EC3108A-FF86-461F-89EE-69F3382A95C7}" SeqNumber="3" /><Result value="0" /></CryptRetrieveObjectByUrlWire>
BuildChain error listed in the CAPI logs:<ChainElement><Certificate fileRef="8849D1C0F147A3C8327B4038783AEC3E06C76F5B.cer" subjectName="Microsoft Corporation" /><SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" /><PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="2048" /><ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" /><InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" /></TrustStatus><Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" /></ApplicationUsage><IssuanceUsage /><RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult></RevocationInfo></ChainElement>
-
Monday, August 13, 2012 1:24 AMModerator
can you download latest version of LocalDB and reproduce the issue you mentioned.
http://www.microsoft.com/betaexperience/pd/SQLEXPCTAV2/enus/default.aspx
Please uninstall older copies of localDB before you reinstall
Thanks
Sethu Srinivasan [MSFT]
SQL Server
-
Friday, September 07, 2012 2:33 PM
The version from your download link is the same version that is installed. I downloaded and peformed a binary comparison of the package that I installed and the package from your link are the same files. Still have the same problem.
I have also uninstalled and installed and have the same problem.
This same problem is happening on another computer as well. We would like to find a solution to this before we ship our product to customers.
