none
xpstar.dll fails to load because of certificate problem

    Question

  • Sorry, I couldn't find a localdb forum, so if this isn't the appropriate place for this question, please point me in the correct direction.

    OS: Windows 7 x64

    Database Server: Localdb

    When trying to create a database on a localdb instance I get the following errors in the error log:

    2012-07-12 17:40:22.39 spid51      Attempting to load library 'xpstar.dll' into memory. This is an informational message only. No user action is required.
    2012-07-12 17:40:22.39 spid51      Failed to verify Authenticode signature on DLL 'C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\\xpstar.dll'.
    2012-07-12 17:40:22.39 spid51      Error: 17750, Severity: 16, State: 0.
    2012-07-12 17:40:22.39 spid51      Could not load the DLL xpstar.dll, or one of the DLLs it references. Reason: (null).

    When I look at the certificate information for xpstar there is an error specifying that the revocation process could not continue ...

    When I drill into the certificate details the path to Microsoft Corp can't be resolved:

    I'm running the same code on another machine the same OS, same network and creating a database works fine.  The certificate on the file looks fine. 

    I've tried uninstalling and installing localdb and that has not resolved the problem.  I ran windows update and installed the latest updates after talking with IT as they stated there was a problem with microsoft having changed certificate paths in recent past.  Applying the latest windows updates did not resolve the problem.  I'm not sure what to try next.


    • Edited by alandhoyt Thursday, July 12, 2012 10:05 PM
    Thursday, July 12, 2012 10:04 PM

All replies

  • I did a little more digging into the certificate error.  I enabled CAPI2 logging and accessed the certificate details via file explorer as with the screenshots above and found errors in the CAPI logs. 

    I'm not sure if the proxy errors are the root of my problem or not, a the http request and response look successful?

    Also there is a BuildChain error log entry with the text "The revocation function was unable to check revocation because the revocation server was offline."  See the last log copy at the bottom of the post.

    I'm not sure where to go from here...

    Retrieve Object from Network Error Log:

    <RetrieveObjectByUrlWire>

    <URL scheme="http">http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl</URL>
    <Object type="CONTEXT_OID_CRL" constant="2" />
    <Timeout>PT20S</Timeout>
    <Flags value="202005" CRYPT_RETRIEVE_MULTIPLE_OBJECTS="true" CRYPT_WIRE_ONLY_RETRIEVAL="true" CRYPT_LDAP_SCOPE_BASE_ONLY_RETRIEVAL="true" CRYPT_PROXY_CACHE_RETRIEVAL="true" />
    <AuxInfo maxUrlRetrievalByteCount="104857600" fProxyCacheRetrieval="true" />
    - <AdditionalInfo>
    <NetworkConnectivityStatus value="1" _SENSAPI_NETWORK_ALIVE_LAN="true" />
    - <Action name="Call_WinHttpGetProxyForUrl">
    <Error value="2F94">The Proxy Auto-configuration URL was not found.</Error>
    </Action>
    <Action name="NoProxy" />
    - <Action name="Call_WinHttpGetProxyForUrl">
    <Error value="2F94">The Proxy Auto-configuration URL was not found.</Error>
    </Action>
    <Action name="NoProxy" />
    - <HTTPRequestHeadersInfo>
    <Header>GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1</Header>
    <Header>Accept: */*</Header>
    <Header>If-None-Match: "fde1e8cc7e4dcd1:0"</Header>
    <Header>If-Modified-Since: Mon, 18 Jun 2012 18:18:46 GMT</Header>
    <Header>Cache-Control: max-age = 900</Header>
    <Header>User-Agent: Microsoft-CryptoAPI/6.1</Header>
    <Header>Connection: Keep-Alive</Header>
    </HTTPRequestHeadersInfo>
    - <HTTPResponseHeadersInfo>
    <Header>HTTP/1.1 304 Not Modified</Header>
    <Header>Cache-Control: max-age=900</Header>
    <Header>Connection: keep-alive</Header>
    <Header>Date: Fri, 13 Jul 2012 11:57:23 GMT</Header>
    <Header>Content-Type: application/pkix-crl</Header>
    <Header>Last-Modified: Mon, 18 Jun 2012 18:18:46 GMT</Header>
    <Header>ETag: "fde1e8cc7e4dcd1:0"</Header>
    </HTTPResponseHeadersInfo>
    - <Action name="PendingNetworkRetrievalComplete">
    <Error value="36">The network is busy.</Error>
    </Action>
    </AdditionalInfo>
    - <CacheInfo lastSyncTime="2012-07-13T11:57:23.395Z">
    <URLCacheFlushInfo expireTime="2012-09-12T10:28:36Z" />
    <URLCacheResponseInfo responseType="CRYPTNET_URL_CACHE_RESPONSE_HTTP" responseValidated="true" lastModifiedTime="2012-06-18T18:18:46Z" maxAge="900" eTag=""fde1e8cc7e4dcd1:0"" />
    </CacheInfo>
    - <RetrievedObjects>
    <CertificateRevocationList fileRef="E791AE90EE93322D5B725398D44F888F4D8FEEF0.crl" issuerName="Microsoft Code Signing PCA" />
    </RetrievedObjects>
    <EventAuxInfo ProcessName="explorer.exe" />
    <CorrelationAuxInfo TaskId="{0EC3108A-FF86-461F-89EE-69F3382A95C7}" SeqNumber="3" />
    <Result value="0" />

    </CryptRetrieveObjectByUrlWire>

    BuildChain error listed in the CAPI logs:
    <ChainElement>
    <Certificate fileRef="8849D1C0F147A3C8327B4038783AEC3E06C76F5B.cer" subjectName="Microsoft Corporation" />
    <SignatureAlgorithm oid="1.2.840.113549.1.1.5" hashName="SHA1" publicKeyName="RSA" />
    <PublicKeyAlgorithm oid="1.2.840.113549.1.1.1" publicKeyName="RSA" publicKeyLength="2048" />
    - <TrustStatus>
    <ErrorStatus value="1000040" CERT_TRUST_REVOCATION_STATUS_UNKNOWN="true" CERT_TRUST_IS_OFFLINE_REVOCATION="true" />
    <InfoStatus value="102" CERT_TRUST_HAS_KEY_MATCH_ISSUER="true" CERT_TRUST_HAS_PREFERRED_ISSUER="true" />
    </TrustStatus>
    - <ApplicationUsage>
    <Usage oid="1.3.6.1.5.5.7.3.3" name="Code Signing" />
    </ApplicationUsage>
    <IssuanceUsage />
    - <RevocationInfo>
    <RevocationResult value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</RevocationResult>
    </RevocationInfo>
    </ChainElement>



    • Edited by alandhoyt Friday, July 13, 2012 12:11 PM
    Friday, July 13, 2012 12:05 PM
  • can you download latest version of LocalDB and reproduce the issue you mentioned.

    http://www.microsoft.com/betaexperience/pd/SQLEXPCTAV2/enus/default.aspx

    Please uninstall  older copies of localDB before you reinstall

    Thanks

    Sethu Srinivasan [MSFT]

    SQL Server

    Monday, August 13, 2012 1:24 AM
    Moderator
  • The version from your download link is the same version that is installed.  I downloaded and peformed a binary comparison of the package that I installed and the package from your link are the same files.  Still have the same problem.

    I have also uninstalled and installed and have the same problem.


    This same problem is happening on another computer as well.  We would like to find a solution to this before we ship our product to customers.
    • Edited by alandhoyt Friday, September 07, 2012 2:42 PM
    Friday, September 07, 2012 2:33 PM