OpenVPN TAP driver is recognised as unsigned by Windows 2008

[gespenst]

Hello All! Help plz with error 52!

I have an up-to-date Windows Server 2008 R2 Standard and want to install OpenVPN 2.2.2. Everything during installation seems to be OK, however, after install I see that TAP901 driver is marked with exclamation mark and writes following:

Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)

Is far as I can tell, kernel drivers with unverifiable or non-existent signature in 64-bit systems are not allowed. However, I'm pretty sure, that TAP driver is signed, because several other OpenVPN servers on Windows Server 2008 R2 that I administer, have this driver installed and running OK.

I googled alot and found no solution. If I load my Windows with disabled signature checks by pressing F8 and choosing this option my TAP driver works fine and my VPN is estableshed OK. However, I'm unable to do that using "bcdedit.exe -set TESTSIGNING ON". My server enters this mode OK, and I can observe it with a lower-right corner writing "testing mode", but driver gets aforementioned error 52.

Anyways, running Windows in testing mode by always tapping F8 during boot is not what I'm looking for.

Any ideas? Suggestions? What can I check? Anyone with links on detailed explanation of signature verifying mechanics? Maybe my server screwed somehow some root certificate?

[gespenst]

Anyone? Is this THAT hard-to-crack and unclear problem? Or my description isn't clear enough?

[Mimiko]

However, I'm pretty sure, that TAP driver is signed, because several other OpenVPN servers on Windows Server 2008 R2 that I administer, have this driver installed and running OK.

As you writted, other same system are working fine and the causing system is working "normally" in safe mode, then its definatelly a policy rule to enforce driver signing checking. Check this url for tips: http://forums.techarena.in/operating-sy ... 234705.htm

[gespenst]

then its definatelly a policy rule to enforce driver signing checking.

Nope, it is not. This is 64-bit system and unsigned drivers just can't be installed. There are two methods to use unsigned drivers, one with bcdedit (it doesn't help, as it is described in topic), and other with pressing F8 during boot (it helps, but I can't and don't want to do that every reboot).

The point is the fact, that OpenVPN obviously has its TAP driver signed, because otherwise it wouldn't work on many and many Windows Servers 2008 R2 installations.

So how it has got to that, I do not understand why Windows marks TAP driver as unsigned.

[Mimiko]

gespenst, I've installed OpenVPN TAP driver on different systems, starting with Windows XP x32 and finishing Windows 2008 R2 x64. Every time I was asked to confirm that I really intend to install unsigned drivers. There were not any need to tapper with bcdedit or booting in safe mode.

Start with a fresh install from licensed distributives.

[ronaldlw]

gespenst, not sure if you were able to resolve this or not, but I ran into the same issue with a windows 7 x64 install and was able to resolve it by:

1) open device manager.
2) left click on the tap adapter
3) choose uninstall
4) check "delete the driver software for this device"
5) click ok
(repeat for all adapters if you have more than one)
6) run the Add a new TAP virtual Ethernet adapter from the OpenVPN/Utilities section in all programs
7) you should now be prompted to accept the unsigned driver.

Works now for me!

[theodorthegreathe]

then its definatelly a policy rule to enforce driver signing checking.

Nope, it is not. This is 64-bit system and unsigned drivers just can't be installed. There are two methods to use unsigned drivers, one with bcdedit (it doesn't help, as it is described in topic), and other with pressing F8 during boot (it helps, but I can't and don't want to do that every reboot).

The point is the fact, that OpenVPN obviously has its TAP driver signed, because otherwise it wouldn't work on many and many Windows Servers 2008 R2 installations.

So how it has got to that, I do not understand why Windows marks TAP driver as unsigned.

If permanent testmode does not help, get sure to have the KB3033929 system update installed.

[gift4you]

then its definatelly a policy rule to enforce driver signing checking.

Nope, it is not. This is 64-bit system and unsigned drivers just can't be installed. There are two methods to use unsigned drivers, one with bcdedit (it doesn't help, as it is described in topic), and other with pressing F8 during boot (it helps, but I can't and don't want to do that every reboot).

The point is the fact, that OpenVPN obviously has its TAP driver signed, because otherwise it wouldn't work on many and many Windows Servers 2008 R2 installations.

So how it has got to that, I do not understand why Windows marks TAP driver as unsigned.

If permanent testmode does not help, get sure to have the KB3033929 system update installed.

My PC running Windows 7 and the KB3033929 is useful. TAP driver is being installed. Thanks for your help