Menu
▾
▴
[Wrapper-user] Fwd: Wrapper 3.5.7 cannot be started
|
From: Asawari P. <ass...@gm...> - 2012-09-10 17:07:29
|
Hi, Since the wrapper is not started as windows service due to server security policy is tight. Can you guide on what exactly to check for in the security policy? Thanks, Asawari ---------- Forwarded message ---------- From: Asawari Pawar <ass...@gm...> Date: Tue, Sep 4, 2012 at 8:09 PM Subject: Re: [Wrapper-user] Wrapper 3.5.7 cannot be started To: wra...@li... Hi Christian, I tried what you said For testing, can you try running as console application in the session of the currently logged on User? This can be easily done by running: $(PATH_TO_WRAPPER)\bin\wrapper.exe -c $(PATH_TO_WRAPPER_CONF_FILE)\wrapper.conf It is running as console application but it is not still running as a service.. How should I process ahead? Thanks, Asawari On Mon, Aug 27, 2012 at 1:42 PM, Christian Mueller < chr...@ta...> wrote: > Hi, > > thank you for your mail. > > Could you please be a bit more specific in what you have tried and what > you are seeing? > > How is the system evaluating the digital signature of the binary? > The easiest way to display that information is if you do a right-click on > the Wrapper.exe file and open "Properties" from Windows Explorer. > On the Tab "Digital Signatures", click the "Details" button and you see > how the system verifies the certificate. > It should say "This digital signature is OK." > > There was another minor bug in 3.5.7, where the error code of the > certificate validation was not correctly displayed. In your case > "Errorcode: 0x48d5a0" isn't sufficient to actually tell the exact meaning > of the error. > > Have you tried to upgrade to a later version of the Wrapper? It would > help very much to see what the exact error is, which leads to the > verification problem. > > On the production system, are you running as Service? If so, what account > is the service running under? > > For testing, can you try running as console application in the session of > the currently logged on User? > This can be easily done by running: > $(PATH_TO_WRAPPER)\bin\wrapper.exe -c > $(PATH_TO_WRAPPER_CONF_FILE)\wrapper.conf > > > Cheers, > Christian > > > > > On Sat, Aug 25, 2012 at 3:06 AM, Asawari Pawar <ass...@gm...>wrote: > >> Hello Christian, >> >> Thanks for your recommendations! >> >> I have followed most of them but still my issue persists. >> >> >> >> Thanks, >> Asawari >> >> On Wed, Aug 22, 2012 at 8:28 AM, Christian Mueller < >> chr...@ta...> wrote: >> >>> Hello Asawari, >>> >>> I'm very sorry for the trouble. >>> >>> If the Commodo code signing certificate "UTN-USERFirst-Object" is being >>> present in the Third Party Certificates, please make sure "Code Signing" >>> and "Time Stamping" is activated. >>> >>> >>> >>> If it is present this might mean, the Local (or Domain) Security Policy >>> of the server is too tight to allow the certificate to be verified. This >>> settings can be found in the Local Security Policy of the server the "Public >>> Key Policies"\"Certificate Path Validation Settings" and allows for the >>> Root Certificate Store "Third-Party Root CAs and Enterprise Root CAs". >>> >>> >>> If this doesn't/can't be set to active, another option would be to move >>> the "UTN-USERFirst-Object Certificate" from the "Third Party Root CA"folder to the "Trusted >>> Root Certificate Authorities" folder. >>> >>> >>> After we started to sign our binaries with version 3.5.7, we received >>> reports from some customers about the same troubles you are having related >>> to the code signing certificate. Therefore starting with version 3.5.8 we >>> changed the way the Wrapper is handling certificate errors regarding the >>> code signing/timestamping certificate. The Wrapper will now only shutdown >>> itself if the signature of the binary was not successfully verified because >>> the binary or signature has been malformed but not if any problem with the >>> counter-signer has been found. >>> >>> There is also another slight change, which was made in version 3.5.11 >>> and might be worth noted. If the Commodo Root certificate is not installed >>> on a server, the Windows API call WinVerifyTrust ( >>> http://msdn.microsoft.com/en-us/library/aa388208%28v=vs.85%29.aspx) to >>> verify the certificate tries internally to retrieve the certificate online. >>> If the server is however not exposed to the internet, the WinVerifyTrust >>> may take up to 15 seconds to return, which slows down the start up quite a >>> bit. Therefore, we moved the certificate validation into a separate thread, >>> so if the WinVerifyTrust call takes longer than the configured >>> wrapper.startup_thread.timeout property then the Wrapper will continue to >>> startup without further delay. >>> >>> http://wrapper.tanukisoftware.com/doc/english/prop-startup-thread-timeout.html >>> >>> Hope this information helps you out. >>> >>> Best Regards, >>> >>> Christian Mueller >>> Tanuki Software, Ltd. >>> >>> On Tue, Aug 21, 2012 at 6:32 PM, Asawari Pawar <ass...@gm...>wrote: >>> >>>> Hi, >>>> >>>> I am using wrapper 32-bit on windows 3.5.7 version. >>>> >>>> I get following exception while starting the wrapper service. >>>> >>>> STATUS | wrapper | 2012/07/23 16:40:18 | Java Service Wrapper >>>> Professional Edition 32-bit 3.5.7 >>>> STATUS | wrapper | 2012/07/23 16:40:18 | Copyright (C) 1999-2010 Tanuki >>>> Software, Ltd. All Rights Reserved. >>>> STATUS | wrapper | 2012/07/23 16:40:18 | >>>> http://wrapper.tanukisoftware.com >>>> STATUS | wrapper | 2012/07/23 16:40:18 | Licensed to BMC Software India >>>> Pvt. Ltd. for BPPM >>>> STATUS | wrapper | 2012/07/23 16:40:18 | >>>> FATAL | wrapper | 2012/07/23 16:40:18 | A signature was found in >>>> "D:\Apps\BMCPortal\appserver\websdk\bin\wrapper.exe", but checksum failed: >>>> (Errorcode: 0x48d5a0) wrapper.collect_sysinfo >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Signer Certificate: >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Serial Number: >>>> FATAL | wrapper | 2012/07/23 16:40:18 | 00 97 06 fe b5 6e 56 cc cb 66 >>>> 3a bb 55 a7 a0 e4 76 >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Issuer Name: >>>> UTN-USERFirst-Object >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Subject Name: Tanuki Software >>>> Ltd. >>>> FATAL | wrapper | 2012/07/23 16:40:18 | TimeStamp Certificate: >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Serial Number: >>>> FATAL | wrapper | 2012/07/23 16:40:18 | 47 8a 8e fb 59 e1 d8 3f 0c e1 >>>> 42 d2 a2 87 07 be >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Issuer Name: >>>> UTN-USERFirst-Object >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Subject Name: COMODO Time >>>> Stamping Signer >>>> FATAL | wrapper | 2012/07/23 16:40:18 | Date of TimeStamp : 2010/12/20 >>>> 03:31 >>>> FATAL | wrapper | 2012/07/23 16:40:18 | The Wrapper will shutdown! >>>> >>>> I have followed the link >>>> >>>> http://wrapper.tanukisoftware.com/doc/german/troubleshooting.html#13 >>>> >>>> >>>> which talks about installing the certificate and the server policy but >>>> still the issue is not resolved. >>>> >>>> Can anyone help me with the above issue? >>>> >>>> Thanks, >>>> Asawari >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Live Security Virtual Conference >>>> Exclusive live event will cover all the ways today's security and >>>> threat landscape has changed and how IT managers can respond. >>>> Discussions >>>> will include endpoint security, mobile security and the latest in >>>> malware >>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>> _______________________________________________ >>>> Wrapper-user mailing list >>>> Wra...@li... >>>> https://lists.sourceforge.net/lists/listinfo/wrapper-user >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> Wrapper-user mailing list >>> Wra...@li... >>> https://lists.sourceforge.net/lists/listinfo/wrapper-user >>> >>> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Wrapper-user mailing list >> Wra...@li... >> https://lists.sourceforge.net/lists/listinfo/wrapper-user >> >> > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Wrapper-user mailing list > Wra...@li... > https://lists.sourceforge.net/lists/listinfo/wrapper-user > > |
