VMware Tools upgrade fails on Windows without SHA-2 code signing support
search cancel

VMware Tools upgrade fails on Windows without SHA-2 code signing support

book

Article ID: 320066

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Symptoms:
  • Installer throws out a message box regarding to some driver x: "Setup failed to install xxx driver automatically.  This driver will have to be installed manually".
  • A Windows Security warning may precede the message box: "Windows can't verify the publisher of this driver software".
  • In vminst.log file, you may see:
"Signature verification failed while checking integrity of driver package 'x.inf"
or
"driver x.inf was signed by UNTRUSTED root, will recheck"


Environment

VMware Tools 11.x

Cause

Microsoft have changed Windows driver signing to use SHA-2 algorithm exclusively starting December 3, 2019, legacy Windows systems without SHA-2 code signing support will fail driver signature verification, for more information see UPDATE: Hardware Partner Center – SHA 1 signing deprecation notice.

Resolution

To resolve this issue,
  1. Follow 2019 SHA-2 Code Signing Support requirement for Windows and WSUS.
  2. Download and install the required Windows updates available at SHA-2 code signing support update for Windows Server 2008 R2, Windows 7, and Windows Server 2008: September 23, 2019  and  Servicing stack update for Windows 7 SP1 and Windows Server 2008 R2 SP1: March 12, 2019 on Windows 7 SP1 & Windows Server 2008 R2 SP1.
Note: The following driver packages updated in VMware Tools version 11.1.0 are signed by Microsoft using SHA-2.
vnetwfp.inf
vsepflt.inf
giappdef.inf
vmhgfs.inf
vm3d.inf
 
  • If some other drivers change in future VMware Tools releases, they will also be signed by Microsoft using SHA-2.
  • If you build a new Windows 7 SP1 or Windows Server 2008 R2 SP1 VM from scratch, you can still possibly use VMware Tools version 11.1.0, its pvscsi & vmxnet3 driver packages were signed using SHA-1 before.
  • If you are using vmxnet3 device and you cannot install VMware Tools version 11.1.0 to get network connection because some other driver fails the installation, follow the below sequence:
    1. Start with VMware Tools version 11.0.6.
    2. Upgrade Windows.
    3. Upgrade to the latest VMware Tools version.


Powered by Wolken Software