After having some performance issues with VMware server 1.x, we decided to upgrade to the 2.x release. It wasn’t long after executing the setup binary that I had issues…
Because most apps allow an upgrade path, I made a backup of my main configurations, and executed the v2 installer. I was prompted that if I was to continue, v1 would be removed first. Letting it do this simple action, the services were uninstalled… This is where I was promptly flashed a nice little error… I don’t remember the exact verbiage, but it went something along the lines of “Your group policies restrict access to running this application, please contact your system administrator”. Two issues with this:
- I am the system administrator
- I don’t have any defined policies blocking the running of applications
Checking the windows event logs showed the following error too:
Event Type: Error Event Source: MsiInstaller Event Category: None Event ID: 1008 Date: 10/30/2008 Time: 12:04:04 PM User: MYDOMAIN\jangliss Computer: VMHost Description: The installation of C:\DOCUME~1\jangliss\LOCALS~1\Temp\1\{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}~setup\VMware Server.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
There is a little bit of a hint in the error message, but it’s also a little misleading. The hint is at the end, the misleading portion is the rest of the message. “The object cannot be trusted” seemed to strike a trigger in my memory of a war with service pack 1 for Visual Studio. During that install, I was told the signature couldn’t be validated, and a google around eventually redirected me to KB925336.
On a whim, I attempted installing the same package on this host, rebooted, and tried the installer again. This time, no issues. So it seems the MSI provided by VMware is considered “large”, which causes Windows not to be able to validate the digital signature.