Another Possible Workaround for Error 1330
When installing Visual Studio 2008, you might run into an error dialog that reads,
Error 1330.A file that is required cannot be installed because the cabinet file D:\cab1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.
The path and name of the cabinet may be different, but might often be D:\cab1.cab, where D: refers to your DVD drive.
How to workaround this issue
Some time ago I blogged that you should try copying the installation locally as in some cases this is related to brief network disconnects or disc read lag, or even a bad burn of an ISO image. You should still try that and other methods in some of the comments on that post first since those are for more likely problems.
If you do not have Internet access, or have a restrictive firewall or proxy, setup may be failing to verify the signature because it cannot access the online certificate revocation list (CRL). This is most likely if you encounter the error on cab1.cab for VS2008 or MSDN.
You’ll need a copy of setreg.exe which is available in the .NET Framework SDK, which is now part of the Windows SDK.
By default, a revocation list is checked so Internet access is required. At any user privilege level, you can run the following command to disable CRL checks using option 3:
setreg.exe 3 FALSE
If you still cannot install VS2008 or MSDN with the same error 1330, make sure that option 9 is set to its default value of FALSE. If this option is TRUE, then the timestamp server is queried for a CRL as well and will fail under the same conditions.
Description of the issue
During installation, Windows Installer calls WinVerifyTrust() to verify that a signed file is valid. By default, a certificate revocation list (CRL) is downloaded and queried to determine if that certificate has been revoked. For VS2008, that CRL is located at http://crl.microsoft.com/pki/crl/products/CSPCA.crl. If an Internet connection is unavailable, WinVerifyTrust() cannot download the CRL.
In a Windows Installer verbose installation log, you may see the following:
MSI (s) (54:C4) [11:00:14:659]: Validating digital signature of file 'D:\cab1.cab'
MSI (s) (54:C4) [11:00:16:818]: File 'D:\cab1.cab' is not trusted. WinVerifyTrust returned 0x800B010E
MSI (s) (54:E4) [11:00:16:819]: Note: 1: 1330 2: D:\cab1.cab 3: 270
Running the following signtool.exe command – also in the Windows SDK – would yield the same error: 0x800B010E, which is CERT_E_REVOCATION_FAILURE.
Setting setreg.exe option 3 to FALSE will disable the online CRL check.
A similar problem may happen if option 9 is set to TRUE, which tells WinVerifyTrust() to check a CRL on the timestamp server if the signature is timestamped. The error returned is different, however: 0x80096005, which is TRUST_E_TIME_STAMP.
Setting setreg.exe option 9 to its default value of FALSE will disable the online timestamp CRL check.
For reference, running setreg.exe without any parameters will list the current options. All the defaults according to MSDN for VS2008-supported platforms are shown below.
Software Publishing State Key Values (0x22800): 1) Trust the Test Root........................... FALSE 2) Use expiration date on certificates........... TRUE 3) Check the revocation list..................... TRUE 4) Offline revocation server OK (Individual)..... FALSE 5) Offline revocation server OK (Commercial)..... TRUE 6) Java offline revocation server OK (Individual) FALSE 7) Java offline revocation server OK (Commercial) TRUE 8) Invalidate version 1 signed objects........... FALSE 9) Check the revocation list on Time Stamp Signer FALSE 10) Only trust items found in the Trust DB........ FALSE
Light
Dark
0 comments