Welcome to MSDN Blogs Sign in | Join | Help

Workaround for Error 1718

When installing Visual Studio 2005 Service Pack 1, you may see an error like the following (file name will vary):

Error 1718.File D:\WINDOWS\Installer\50baad.msp was rejected by digital signature policy.

Knowledge Base article 925336 had originally documented instructions using the Local Security Policy UI to work around this issue based on my previous blog post. While both Windows XP and Windows Server 2003 are theoretically susceptible to this issue, to date it's only been observed on Windows Server 2003 – particularly on machines in an Active Directory domain.

Investigations showed that when there's a conflict with domain policy, the UI instructions I documented won't set the registry value that SAFER – the software restriction policy API introduced in Windows XP – uses to determine whether to validate all files.

To reliably workaround this issue, you should follow the instructions below. It is highly recommended that you remove your machine from any domain while installing Visual Studio 2005 Service Pack 1 if you've encountered this problem. Otherwise a domain policy refresh could override the registry value during installation and block the installation.

  1. Leave your domain if belong to a domain and reboot
  2. Set the DWORD registry value PolicyScope to 1 in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers registry key
  3. From an elevated command prompt, run "net stop msiserver" (without quotes) or simply reboot your machine
  4. Install the patch
  5. Reset the registry value from step 2
  6. Re-join your domain if you previously belonged to a domain and reboot

This can be automated rather easily, as shown in the following batch script example.

rem It is recommended you leave a domain and reboot before running this script

rem Backup the registry key before changing it to save the current values
reg export HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers "%TMP%\safer.reg" /y

rem Set the new value and stop Windows Installer, which will automatically restart when the patch gets installed
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers /v PolicyScope /t REG_DWORD /d 1 /f
net stop msiserver

rem Replace the name of the patch below according to which patch you downloaded
rem This exmple silently installs the patch with verbose logging enabled
start /wait VS80sp1-KB926601-X86-ENU.exe /L*v+ "%TMP%\VS80sp1-KB926601-X86-ENU.log" /quiet

rem Delete the new value and restore previous registry values for SAFER
reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers /v PolicyScope /f
reg import "%TMP%\safer.reg"

Published Thursday, January 11, 2007 1:04 PM by Heath Stewart

Comments

Thursday, January 11, 2007 4:14 PM by Heath Stewart's Blog

# Known Issues with Visual Studio 2005 Service Pack 1

There are several known issues when installing Visual Studio 2005 Service Pack 1 . I've documented these

Thursday, January 11, 2007 4:20 PM by Heath Stewart's Blog

# Known Issues with Visual Studio 2005 Service Pack 1

There are several known issues when installing Visual Studio 2005 Service Pack 1 . I've documented these

Thursday, January 11, 2007 9:15 PM by Hendrik

# re: Workaround for Error 1718

To prevent domain policy refresh, can I simply unplug my network cable to LAN while I'm installing?

Friday, January 12, 2007 9:04 AM by Patrick

# re: Workaround for Error 1718

Heath, for some reason I don't have PolicyScope. Do I need to create it or am I missing something?

thanks,

Patrick

Friday, January 12, 2007 11:50 AM by Heath Stewart

# re: Workaround for Error 1718

Patrick, yes, you will need to create the value if it doesn't exist.

Friday, January 12, 2007 11:03 PM by Patrick

# re: Workaround for Error 1718

Heath, thanks for that workaround. I was finally able to install VS 2005 SP1 on Windows 2003.

Patrick

Thursday, January 18, 2007 11:41 AM by Dim Blog As New ThoughtStream(me)

# VS2005 SP1 Installation on Win2k3 Server - Error 1718 + Workaround

After much frustration trying to get Visual Studio 2005 Service Pack 1 installed on a Windows Server...

Monday, January 22, 2007 3:44 AM by Visual Studio Team System en direct de Microsoft France

# Team Foundation Server : migration de SP1 beta à SP1

Si certains d'entre vous ont installé la beta du SP1 sur leur Team Foundation Server, vous aurez certainement

Wednesday, January 24, 2007 7:54 PM by Toad

# re: Workaround for Error 1718

Thank you. I tried KB925336 with no luck. I'm glad I found your solution worked for me.

Thursday, January 25, 2007 1:29 AM by Heath Stewart

# re: Workaround for Error 1718

Glad it helped, Toad. Funny thing is that I created the basis for the KB article in a previous blog entry and reviewed the KB before it was publishd. At the time, no testing uncovered the problems exhibited with domain machines because our domains didn't have an active policy set, so the local override was effective.

Thursday, January 25, 2007 4:21 AM by John Apps

# re: Workaround for Error 1718

When and how can one delete the contents of the $PatchCache$ directory?

What about the contens of the Installer directory?

The above two are taking up several GBs of space on a rather small system drive; I have all the CDs so could easily provide them whenever an installation or patch requires them.

Thursday, January 25, 2007 1:25 PM by Heath Stewart

# re: Workaround for Error 1718

John, you can delete the $PatchCache$ directory anytime but your patch uninstall and binary delta patching scenarios will require original source for any products for which you deleted the baseline cache.

NEVER delete the contents directly under %WINDIR%\Installer, though. See http://blogs.msdn.com/heaths/archive/2007/01/17/the-patch-cache-and-freeing-space.aspx.

Sunday, January 28, 2007 10:31 PM by Sean @ Bcollar

# re: Workaround for Error 1718

Wow, yes, if your machine is in a domain, remove from domain and reboot.  After several 20 minute install attempts including the details laid out in 925336, thank god I finally found this site :)

Thanks!

Tuesday, January 30, 2007 2:35 PM by Cale Carter

# re: Workaround for Error 1718

This worked like a charm.  Thanks for the batch file.  That made updating several machines very simple.

Thursday, February 01, 2007 4:14 AM by Jim

# re: Workaround for Error 1718

Worked a treat for me after 925336 failed to solve the problem.  Note that I didn't bother with the domain removal though.

Thanks!

Thursday, February 01, 2007 4:35 AM by Matej

# re: Workaround for Error 1718

Great, worked for me with unplugged network cable.

Thanks!

Thursday, February 01, 2007 5:41 AM by Heath Stewart

# re: Workaround for Error 1718

Removing from the domain - or even unplugging the network cable - is just a precaution to avoid the situation where, in the middle of the installation (specifically inbetween periods when Windows Installer calls into SAFER), a domain policy overrides your local settings.

Monday, February 05, 2007 2:29 AM by Randy Garcia

# re: Workaround for Error 1718

I feel lucky that I stumbled upon this blog entry, but shouldn't you update the KB?

Thursday, February 08, 2007 4:16 AM by Alan

# It works superbly well

I'm able to just change the registry value and install the Service Pack direct without rebooting or disjoining the domain.

Thanks!

Friday, February 23, 2007 4:07 PM by Visgor

# re: Workaround for Error 1718

Works like a charm. Thanks a lot!!!!

Monday, February 26, 2007 6:08 PM by Heath Stewart's Blog

# KB925336 Updated with Better Workaround

When installing Visual Studio 2005 Service Pack 1 , users may see an error that reads, Error 1718.File

Tuesday, February 27, 2007 3:35 PM by Heath Stewart's Blog

# KB925336 Updated with Better Workaround

When installing Visual Studio 2005 Service Pack 1 , users may see an error that reads, Error 1718.File

Friday, March 02, 2007 9:19 PM by Travis Wright

# re: Workaround for Error 1718

You can just disable your network connection temporarily instead of going to all the trouble of leaving your domain.

Monday, March 12, 2007 2:47 PM by Life, Universe and Everything according to Dirk

# How To Install Visual Studio 2005 SP1

I had two big issues while installing Visual Studio 2005 SP1: installation takes ages, and on Windows

Thursday, March 29, 2007 5:33 AM by Yassi

# re: Workaround for Error 1718

Just wanted to thank you for your post.

Tuesday, April 24, 2007 4:42 PM by Heath Stewart's Blog

# Hotfix Published for KB925336

When installing Visual Studio 2005 Service Pack 1 , users may see an error that reads, Error 1718.File

Sunday, July 08, 2007 4:02 PM by Visual Studio Team System

# Team Foundation Server : migration de SP1 beta à SP1

Si certains d'entre vous ont installé la beta du SP1 sur leur Team Foundation Server, vous aurez certainement

Sunday, July 08, 2007 5:06 PM by Noticias externas

# Team Foundation Server : migration de SP1 beta à SP1

Si certains d'entre vous ont installé la beta du SP1 sur leur Team Foundation Server, vous aurez

Wednesday, August 15, 2007 9:25 AM by Tibor Csizmadia

# VS2005 SP1 on Windows Server 2003

Wer schonmal versucht hat das SP1 vom Visual Studio 2005 auf einer Windows Server 2003 Box zu installieren,

Friday, December 14, 2007 9:29 PM by Heath Stewart's Blog

# How to Workaround Error 1330 During Visual Studio 2008 Installation

When installing Visual Studio 2008, you might run into an error dialog that reads, Error 1330.A file

Monday, May 12, 2008 1:53 PM by Heath Stewart's Blog

# Changes for Microsoft Visual Studio 2008 Service Pack 1

Microsoft Visual Studio 2008 Service Pack 1 (Beta) has been released to web , along with Microsoft .NET

Tuesday, November 25, 2008 10:46 PM by Microsoft Japan Forum Operators Blog

# 【日本語版】 Visual Studio 2005 SP1 の既知の問題

こんにちは! フォーラム オペレーターの服部 清次です。 ここ最近、 MSDN フォーラムの「よくある質問」へのアクセスがだんだん増えてきています。 (^_^)v この勢いを失わないように、これからも皆さんにとって有益な情報をドシドシ載せていきたいと思います!

New Comments to this post are disabled
 
Page view tracker