New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to install - Failed to create the npcap service: 0xe0000247 #233
Comments
Thanks for this report. This error indicates a signature validation problem. Can you run the following PowerShell commands on the affected system? The files will be present while the error message box is shown, but they will be deleted after you click "OK," so the commands must be run while the error message box is still present.
|
I have requested this be ran in Powershell whilst the error is present - will return the info as soon as I'm provided the outputs. |
OUTPUT OF “Get-AuthenticodeSignature "C:\Program Files\Npcap\npcap.cat" | select *” SignerCertificate : [Subject]
TimeStamperCertificate : [Subject]
Status : UnknownError OUTPUT OF “Get-AuthenticodeSignature "C:\Program Files\Npcap\npcap.sys" | select *” SignerCertificate : [Subject]
TimeStamperCertificate : [Subject]
Status : UnknownError |
In the meantime I have also asked the contact to provide the below to be attached for our internal support ticket. Happy to provide a copy of them here too.
Additionally the setupapi.dev log includes the line: So asked to check the event viewer results for any related Code Integrity logs which may also help us. |
Is there any update on this issue, or anything further we can provide to assist? |
@davepalmeruk We did make a change to driver signing in Npcap 1.00 which I neglected to put into the changelog: instead of dual-signing with SHA-1 and SHA-256 for all platforms, we now separately sign the driver for Windows 7 with SHA-1 only, and the drivers for all other platforms are signed with SHA-256. This eliminates a weird case of signature mismatch because the All that to say, please try Npcap 1.00 and see if that resolves the problem. |
still having this problem. on Windows 10 Pro 2004. Tried both 1.1.0 and 0.9997 version without luck. |
See the setup log from the failed attempt (15th Dec - v1.0)
|
Is there any further change to this issue? |
I checked the signature thumbprints and the INF DriverVersion in your logs against the files in the Npcap 1.00 installler and I found that it's trying to install the Windows 7-only build of the driver, which has been signed with our SHA-1 certificate only. The server is probably configured to not accept SHA-1 certificates, but a bigger problem is that Windows Server 2012 R2 ought to be installing the Win8/Win8.1 build of the driver, which is signed with our SHA-2 cert. Can you provide the |
@davepalmeruk as a Npcap OEM licensee, you may contact us via email for technical support. We'd like to get this resolved for you. |
@dmiller-nmap, thanks. Please see the logs requested. |
I have the same issue. Was a solution found? |
Same issue here with Win8.1 |
We're experiencing the same issue with Npcap 1.10 and Npcap 1.20 on Windows 2012 R2 (Win8.1). |
Some of you have the following text in your output: StatusMessage : A certificate chain could not be built to a trusted root authority The fix for me was to manually install the trust chains required by npcap.cat and npcap.sys. Those were the following:
Once all those are imported in the local certificate store, the application installed for me. I'm in an offline environment, so some of the certs may already exist if you're Internet connected. |
Did anyone get the issue resolved? |
Thanks everyone! We are planning to add the extra certs for the next upcoming Npcap release, which should improve compatibility for systems which are missing any of them for one reason or another. |
@fyodor One of the certificates mentioned above is actually expired now. (Re-pasting part of that comment here to fix the formatting; the dates are shown as DD/MM/YYYY in UTC+1.) This was used to sign npcap 1.31 which was released 2 weeks before the certificate expired. I'm not familiar with how validation works in this context — is it enough for the signature to have been created during the certificate's validity period? Either way, I assume a new signing certificate needs to be obtained if it has not been already.
|
@dpward We renewed our certificates which will be used for the next release. All signed files are countersigned by a trusted timestamping authority which proves the certificate was valid at the time of signature. |
OK we made these changes in the new Npcap 1.50 release so please let us know if it resolves the problem or if anyone is still having signature validation problems like this. Cheers! |
I had the same issue with 1.50. Solution was to export the two root certificates from the trusted publisher store and import them into the trusted root store. Once this was done install completed successfully. |
@tjsqrd Thanks for the update. We can make this change to the next release of our installer. |
We run Server 2012 R2 in a very closed environment. We are trying to install Npcap 1.50 and the installation fails with "Failed to create the npcap service 0x0000247. Please try installing Npcap again or use the latest official Npcap installer from https://hmap.ort/npcap/. I did download my installer from the official site. The failure event in the install.log file is: 2097152,"Failed to create the npcap service: 0xe0000247. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/" I need this installation to work correctly in order to get Tenable Nessus Manager to install. Any assistance would be greatly appreciated. |
There is also a registry setting that disables the check of Root Certificate authorities. It can be found at: |
Hi there.
As part of OEM usage our contact is attempting to silent install 0.9983 which fails (this way allows npcap to show as installed in Apps/Features, yet the setipapi.dev log still shows a cert install failure). As part of troubleshooting we've moved to the latest version 0.9997 via the GUI installer to attempt forward fixing and troubleshooting. As a baseline install of 0.9997 via installer .exe was also attempted on a new, previously not installed host.
The installation fails on existing or new servers and provides exception error and continued events in setupapi.dev. log. The client is running on Win Server 2012 R2 with admin rights.
setupapi.dev.txt
The text was updated successfully, but these errors were encountered: