OpenVPN TAP driver is recognised as unsigned by Windows 2008

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
gespenst
OpenVpn Newbie
Posts: 4
Joined: Mon Feb 20, 2012 12:57 pm

OpenVPN TAP driver is recognised as unsigned by Windows 2008

Post by gespenst » Mon Feb 20, 2012 1:34 pm

Hello All! Help plz with error 52!

I have an up-to-date Windows Server 2008 R2 Standard and want to install OpenVPN 2.2.2. Everything during installation seems to be OK, however, after install I see that TAP901 driver is marked with exclamation mark and writes following:
Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)
Is far as I can tell, kernel drivers with unverifiable or non-existent signature in 64-bit systems are not allowed. However, I'm pretty sure, that TAP driver is signed, because several other OpenVPN servers on Windows Server 2008 R2 that I administer, have this driver installed and running OK.

I googled alot and found no solution. If I load my Windows with disabled signature checks by pressing F8 and choosing this option my TAP driver works fine and my VPN is estableshed OK. However, I'm unable to do that using "bcdedit.exe -set TESTSIGNING ON". My server enters this mode OK, and I can observe it with a lower-right corner writing "testing mode", but driver gets aforementioned error 52.

Anyways, running Windows in testing mode by always tapping F8 during boot is not what I'm looking for.

Any ideas? Suggestions? What can I check? Anyone with links on detailed explanation of signature verifying mechanics? Maybe my server screwed somehow some root certificate?

gespenst
OpenVpn Newbie
Posts: 4
Joined: Mon Feb 20, 2012 12:57 pm

Re: OpenVPN TAP driver is recognised as unsigned by Windows

Post by gespenst » Thu Feb 23, 2012 10:31 am

Anyone? Is this THAT hard-to-crack and unclear problem? Or my description isn't clear enough?

User avatar
Mimiko
Forum Team
Posts: 1568
Joined: Wed Sep 22, 2010 3:18 am

Re: OpenVPN TAP driver is recognised as unsigned by Windows

Post by Mimiko » Mon Feb 27, 2012 6:06 pm

However, I'm pretty sure, that TAP driver is signed, because several other OpenVPN servers on Windows Server 2008 R2 that I administer, have this driver installed and running OK.
As you writted, other same system are working fine and the causing system is working "normally" in safe mode, then its definatelly a policy rule to enforce driver signing checking. Check this url for tips: http://forums.techarena.in/operating-sy ... 234705.htm

gespenst
OpenVpn Newbie
Posts: 4
Joined: Mon Feb 20, 2012 12:57 pm

Re: OpenVPN TAP driver is recognised as unsigned by Windows

Post by gespenst » Sun Mar 11, 2012 7:03 pm

Mimiko wrote: then its definatelly a policy rule to enforce driver signing checking.
Nope, it is not. This is 64-bit system and unsigned drivers just can't be installed. There are two methods to use unsigned drivers, one with bcdedit (it doesn't help, as it is described in topic), and other with pressing F8 during boot (it helps, but I can't and don't want to do that every reboot).

The point is the fact, that OpenVPN obviously has its TAP driver signed, because otherwise it wouldn't work on many and many Windows Servers 2008 R2 installations.

So how it has got to that, I do not understand why Windows marks TAP driver as unsigned.

User avatar
Mimiko
Forum Team
Posts: 1568
Joined: Wed Sep 22, 2010 3:18 am

Re: OpenVPN TAP driver is recognised as unsigned by Windows

Post by Mimiko » Mon Mar 12, 2012 9:26 am

gespenst, I've installed OpenVPN TAP driver on different systems, starting with Windows XP x32 and finishing Windows 2008 R2 x64. Every time I was asked to confirm that I really intend to install unsigned drivers. There were not any need to tapper with bcdedit or booting in safe mode.

Start with a fresh install from licensed distributives.

ronaldlw
OpenVpn Newbie
Posts: 1
Joined: Fri Oct 26, 2012 8:48 pm

Re: OpenVPN TAP driver is recognised as unsigned by Windows

Post by ronaldlw » Fri Oct 26, 2012 9:11 pm

gespenst, not sure if you were able to resolve this or not, but I ran into the same issue with a windows 7 x64 install and was able to resolve it by:

1) open device manager.
2) left click on the tap adapter
3) choose uninstall
4) check "delete the driver software for this device"
5) click ok
(repeat for all adapters if you have more than one)
6) run the Add a new TAP virtual Ethernet adapter from the OpenVPN/Utilities section in all programs
7) you should now be prompted to accept the unsigned driver.

Works now for me!

theodorthegreathe
OpenVpn Newbie
Posts: 1
Joined: Sun Aug 30, 2020 3:24 pm

Re: OpenVPN TAP driver is recognised as unsigned by Windows

Post by theodorthegreathe » Sun Aug 30, 2020 3:25 pm

gespenst wrote:
Sun Mar 11, 2012 7:03 pm
Mimiko wrote: then its definatelly a policy rule to enforce driver signing checking.
Nope, it is not. This is 64-bit system and unsigned drivers just can't be installed. There are two methods to use unsigned drivers, one with bcdedit (it doesn't help, as it is described in topic), and other with pressing F8 during boot (it helps, but I can't and don't want to do that every reboot).

The point is the fact, that OpenVPN obviously has its TAP driver signed, because otherwise it wouldn't work on many and many Windows Servers 2008 R2 installations.

So how it has got to that, I do not understand why Windows marks TAP driver as unsigned.
If permanent testmode does not help, get sure to have the KB3033929 system update installed.

Post Reply