Menu
▾
▴
Re: [Wrapper-user] Wrapper 3.5.7 cannot be started
|
From: Christian M. <chr...@ta...> - 2012-08-22 03:04:29
|
Hello Asawari, I'm very sorry for the trouble. If the Commodo code signing certificate "UTN-USERFirst-Object" is being present in the Third Party Certificates, please make sure "Code Signing" and "Time Stamping" is activated. If it is present this might mean, the Local (or Domain) Security Policy of the server is too tight to allow the certificate to be verified. This settings can be found in the Local Security Policy of the server the "Public Key Policies"\"Certificate Path Validation Settings" and allows for the Root Certificate Store "Third-Party Root CAs and Enterprise Root CAs". If this doesn't/can't be set to active, another option would be to move the "UTN-USERFirst-Object Certificate" from the "Third Party Root CA" folder to the "Trusted Root Certificate Authorities" folder. After we started to sign our binaries with version 3.5.7, we received reports from some customers about the same troubles you are having related to the code signing certificate. Therefore starting with version 3.5.8 we changed the way the Wrapper is handling certificate errors regarding the code signing/timestamping certificate. The Wrapper will now only shutdown itself if the signature of the binary was not successfully verified because the binary or signature has been malformed but not if any problem with the counter-signer has been found. There is also another slight change, which was made in version 3.5.11 and might be worth noted. If the Commodo Root certificate is not installed on a server, the Windows API call WinVerifyTrust ( http://msdn.microsoft.com/en-us/library/aa388208%28v=vs.85%29.aspx) to verify the certificate tries internally to retrieve the certificate online. If the server is however not exposed to the internet, the WinVerifyTrust may take up to 15 seconds to return, which slows down the start up quite a bit. Therefore, we moved the certificate validation into a separate thread, so if the WinVerifyTrust call takes longer than the configured wrapper.startup_thread.timeout property then the Wrapper will continue to startup without further delay. http://wrapper.tanukisoftware.com/doc/english/prop-startup-thread-timeout.html Hope this information helps you out. Best Regards, Christian Mueller Tanuki Software, Ltd. On Tue, Aug 21, 2012 at 6:32 PM, Asawari Pawar <ass...@gm...> wrote: > Hi, > > I am using wrapper 32-bit on windows 3.5.7 version. > > I get following exception while starting the wrapper service. > > STATUS | wrapper | 2012/07/23 16:40:18 | Java Service Wrapper Professional > Edition 32-bit 3.5.7 > STATUS | wrapper | 2012/07/23 16:40:18 | Copyright (C) 1999-2010 Tanuki > Software, Ltd. All Rights Reserved. > STATUS | wrapper | 2012/07/23 16:40:18 | http://wrapper.tanukisoftware.com > STATUS | wrapper | 2012/07/23 16:40:18 | Licensed to BMC Software India > Pvt. Ltd. for BPPM > STATUS | wrapper | 2012/07/23 16:40:18 | > FATAL | wrapper | 2012/07/23 16:40:18 | A signature was found in > "D:\Apps\BMCPortal\appserver\websdk\bin\wrapper.exe", but checksum failed: > (Errorcode: 0x48d5a0) wrapper.collect_sysinfo > FATAL | wrapper | 2012/07/23 16:40:18 | Signer Certificate: > FATAL | wrapper | 2012/07/23 16:40:18 | Serial Number: > FATAL | wrapper | 2012/07/23 16:40:18 | 00 97 06 fe b5 6e 56 cc cb 66 3a > bb 55 a7 a0 e4 76 > FATAL | wrapper | 2012/07/23 16:40:18 | Issuer Name: UTN-USERFirst-Object > FATAL | wrapper | 2012/07/23 16:40:18 | Subject Name: Tanuki Software Ltd. > FATAL | wrapper | 2012/07/23 16:40:18 | TimeStamp Certificate: > FATAL | wrapper | 2012/07/23 16:40:18 | Serial Number: > FATAL | wrapper | 2012/07/23 16:40:18 | 47 8a 8e fb 59 e1 d8 3f 0c e1 42 > d2 a2 87 07 be > FATAL | wrapper | 2012/07/23 16:40:18 | Issuer Name: UTN-USERFirst-Object > FATAL | wrapper | 2012/07/23 16:40:18 | Subject Name: COMODO Time Stamping > Signer > FATAL | wrapper | 2012/07/23 16:40:18 | Date of TimeStamp : 2010/12/20 > 03:31 > FATAL | wrapper | 2012/07/23 16:40:18 | The Wrapper will shutdown! > > I have followed the link > > http://wrapper.tanukisoftware.com/doc/german/troubleshooting.html#13 > > > which talks about installing the certificate and the server policy but > still the issue is not resolved. > > Can anyone help me with the above issue? > > Thanks, > Asawari > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Wrapper-user mailing list > Wra...@li... > https://lists.sourceforge.net/lists/listinfo/wrapper-user > > |
