Menu
▾
▴
Re: [Wrapper-user] Wrapper 3.5.7 cannot be started
|
From: Asawari P. <ass...@gm...> - 2012-09-04 14:39:09
|
Hi Christian, I tried what you said For testing, can you try running as console application in the session of the currently logged on User? This can be easily done by running: $(PATH_TO_WRAPPER)\bin\wrapper.exe -c $(PATH_TO_WRAPPER_CONF_FILE)\wrapper.conf It is running as console application but it is not still running as a service.. How should I process ahead? Thanks, Asawari On Mon, Aug 27, 2012 at 1:42 PM, Christian Mueller < chr...@ta...> wrote: > Hi, > > thank you for your mail. > > Could you please be a bit more specific in what you have tried and what > you are seeing? > > How is the system evaluating the digital signature of the binary? > The easiest way to display that information is if you do a right-click on > the Wrapper.exe file and open "Properties" from Windows Explorer. > On the Tab "Digital Signatures", click the "Details" button and you see > how the system verifies the certificate. > It should say "This digital signature is OK." > > There was another minor bug in 3.5.7, where the error code of the > certificate validation was not correctly displayed. In your case > "Errorcode: 0x48d5a0" isn't sufficient to actually tell the exact meaning > of the error. > > Have you tried to upgrade to a later version of the Wrapper? It would > help very much to see what the exact error is, which leads to the > verification problem. > > On the production system, are you running as Service? If so, what account > is the service running under? > > For testing, can you try running as console application in the session of > the currently logged on User? > This can be easily done by running: > $(PATH_TO_WRAPPER)\bin\wrapper.exe -c > $(PATH_TO_WRAPPER_CONF_FILE)\wrapper.conf > > > Cheers, > Christian > > > > > On Sat, Aug 25, 2012 at 3:06 AM, Asawari Pawar <ass...@gm...>wrote: > >> Hello Christian, >> >> Thanks for your recommendations! >> >> I have followed most of them but still my issue persists. >> >> >> >> Thanks, >> Asawari >> >> On Wed, Aug 22, 2012 at 8:28 AM, Christian Mueller < >> chr...@ta...> wrote: >> >>> Hello Asawari, >>> >>> I'm very sorry for the trouble. >>> >>> If the Commodo code signing certificate "UTN-USERFirst-Object" is being >>> present in the Third Party Certificates, please make sure "Code Signing" >>> and "Time Stamping" is activated. >>> >>> >>> >>> If it is present this might mean, the Local (or Domain) Security Policy >>> of the server is too tight to allow the certificate to be verified. This >>> settings can be found in the Local Security Policy of the server the "Public >>> Key Policies"\"Certificate Path Validation Settings" and allows for the >>> Root Certificate Store "Third-Party Root CAs and Enterprise Root CAs". >>> >>> >>> If this doesn't/can't be set to active, another option would be to move >>> the "UTN-USERFirst-Object Certificate" from the "Third Party Root CA"folder to the "Trusted >>> Root Certificate Authorities" folder. >>> >>> >>> After we started to sign our binaries with version 3.5.7, we received >>> reports from some customers about the same troubles you are having related >>> to the code signing certificate. Therefore starting with version 3.5.8 we >>> changed the way the Wrapper is handling certificate errors regarding the >>> code signing/timestamping certificate. The Wrapper will now only shutdown >>> itself if the signature of the binary was not successfully verified because >>> the binary or signature has been malformed but not if any problem with the >>> counter-signer has been found. >>> >>> There is also another slight change, which was made in version 3.5.11 >>> and might be worth noted. If the Commodo Root certificate is not installed >>> on a server, the Windows API call WinVerifyTrust ( >>> http://msdn.microsoft.com/en-us/library/aa388208%28v=vs.85%29.aspx) to >>> verify the certificate tries internally to retrieve the certificate online. >>> If the server is however not exposed to the internet, the WinVerifyTrust >>> may take up to 15 seconds to return, which slows down the start up quite a >>> bit. Therefore, we moved the certificate validation into a separate thread, >>> so if the WinVerifyTrust call takes longer than the configured >>> wrapper.startup_thread.timeout property then the Wrapper will continue to >>> startup without further delay. >>> >>> http://wrapper.tanukisoftware.com/doc/english/prop-startup-thread-timeout.html >>> >>> Hope this information helps you out. >>> >>> Best Regards, >>> >>> Christian Mueller >>> Tanuki Software, Ltd. >>> >>> On Tue, Aug 21, 2012 at 6:32 PM, Asawari Pawar <ass...@gm...>wrote: >>> >>>> Hi, >>>> >>>> I am using wrapper 32-bit on windows 3.5.7 version. >>>> >>>> I get following exception while starting the wrapper service. >>>> >>>> STATUS | wrapper | 2012/07/23 16:40:18 | Java Service Wrapper >>>> Professional Edition 32-bit 3.5.7 >>>> STATUS | wrapper | 2012/07/23 16:40:18 | Copyright (C) 1999-2010 Tanuki >>>> Software, Ltd. All Rights Reserved. >>>> STATUS | wrapper | 2012/07/23 16:40:18 | >>>> http://wrapper.tanukisoftware.com >>>> STATUS | wrapper | 2012/07/23 16:40:18 | Licensed to BMC Software India >>>> Pvt. Ltd. for BPPM >>>> STATUS | wrapper | 2012/07/23 16:40:18 | >>>> FATAL | wrapper | 2012/07/23 16:40:18 | A signature was found in >>>> "D:\Apps\BMCPortal\appserver\websdk\bin\wrapper.exe", but checksum failed: >>>> (Errorcode: 0x48d5a0) wrapper.collect_sysinfo >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Signer Certificate: >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Serial Number: >>>> FATAL | wrapper | 2012/07/23 16:40:18 | 00 97 06 fe b5 6e 56 cc cb 66 >>>> 3a bb 55 a7 a0 e4 76 >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Issuer Name: >>>> UTN-USERFirst-Object >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Subject Name: Tanuki Software >>>> Ltd. >>>> FATAL | wrapper | 2012/07/23 16:40:18 | TimeStamp Certificate: >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Serial Number: >>>> FATAL | wrapper | 2012/07/23 16:40:18 | 47 8a 8e fb 59 e1 d8 3f 0c e1 >>>> 42 d2 a2 87 07 be >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Issuer Name: >>>> UTN-USERFirst-Object >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Subject Name: COMODO Time >>>> Stamping Signer >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Date of TimeStamp : 2010/12/20 >>>> 03:31 >>>> FATAL | wrapper | 2012/07/23 16:40:18 | The Wrapper will shutdown! >>>> >>>> I have followed the link >>>> >>>> http://wrapper.tanukisoftware.com/doc/german/troubleshooting.html#13 >>>> >>>> >>>> which talks about installing the certificate and the server policy but >>>> still the issue is not resolved. >>>> >>>> Can anyone help me with the above issue? >>>> >>>> Thanks, >>>> Asawari >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Live Security Virtual Conference >>>> Exclusive live event will cover all the ways today's security and >>>> threat landscape has changed and how IT managers can respond. >>>> Discussions >>>> will include endpoint security, mobile security and the latest in >>>> malware >>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>> _______________________________________________ >>>> Wrapper-user mailing list >>>> Wra...@li... >>>> https://lists.sourceforge.net/lists/listinfo/wrapper-user >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Wrapper-user mailing list >>> Wra...@li... >>> https://lists.sourceforge.net/lists/listinfo/wrapper-user >>> >>> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Wrapper-user mailing list >> Wra...@li... >> https://lists.sourceforge.net/lists/listinfo/wrapper-user >> >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Wrapper-user mailing list > Wra...@li... > https://lists.sourceforge.net/lists/listinfo/wrapper-user > > |
