KB932596 problem x64
HiI logged on this morning to having 7 new updates, as usual I checked the comments and installed. Restarted my computer and waited for it to reboot...went through all the usual configurating updates etc.. then went to the Welcome, then froze. Waited about 2 minutes for it to unfreeze, keyboard wasn't responding although hard drives were moving. the Welcome spinner wasn't moving. I restarted in safe mode and removed each update restarted to see which one it was. Eventually I found KB932596 to be causing the problem. It was declaring my tcpip.sys file as not signed. But instead of doing anything it was just sitting there. I copied over a backup of the tcpip.sys file but it still wouldn't load.From Event Viewer:-The TCP/IP Protocol Driver service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.The following boot-start or system-start driver(s) failed to load: TcpipTask Scheduler service has encountered RPC initialization error in "RpcServerUseProtseq:ncacn_ip_tcp". Additional Data: Error Value: 1703.My system specsMSI P6N SLI 680i (Nvidia Reference P30 BIOS)Intel Q6600 C2D4GB RAM Nvidia 8800GTX 768Ageia Physx 128SB X-FI GamerRemoving the update solves the issue, but I'm sure I won't be the only one with problems on installing this update. I think that it should have been made more clear or made it fool proof if released onto the Windows Update system.I'll probably get it working eventually, but there are going to be others out there that aren't going to realise whats going on.Anyway rant over I hope this helps someonePaul
August 16th, 2007 3:47am

Hi, i got the Same problem, a solution would be highly appreciatedrob
Free Windows Admin Tool Kit Click here and download it now
August 16th, 2007 4:29am

Fixed it, by pulling out SFC I recommend everyone to run SFC /SCANNOW in command prompt as administrator BEFORE installing this update, if you have installed goto safe mode and uninstall the update (control panel --> programs and features --> (top left) view installed updates). Then type SFC /SCANNOW in your command prompt wait along time for it to complete and then restart. Restart again...(it generally copies the files over now and restarts for you) then install the windows update. This worked for me after I had attempted the copy the file myself. I tried doing the file with SFC /SCANFILE=c:\windows\system32\drivers\tcpip.sys which may be easier for some people, but I had quite a few others not working too.Hope this helpsPaul
August 16th, 2007 5:23am

HiI have exactly the same problem. A lot of services depending on TCP/IP protocol couldn't be loaded. Unistalling the update recovers the system.Miroslav
Free Windows Admin Tool Kit Click here and download it now
August 16th, 2007 10:02am

hello all .. i have problem with the same update (KB932596) but with different behaviour , i installed updates but KB932596 failed , so i tryed again to install KB932596 alone , after install it told to reboot , so i did reboot and after the reboot it displayed windows logon "configuring updates" and after a few sec displayed "shutting down" and rebooted again , this time it rebooted AGAIN and even before windows logon displayed .. after this reboot system is up and working but KB932596 install failed with Code 80004005 if any body know how to solve this .. it would be great .. it is the same on my 2 x64 vista computers .. thanx
August 16th, 2007 11:42am

Hello,i have the same problem with KB932596 and error Code 80004005.the computer reboots 3 times and this patch will not be install.my hardware is ...mainboard: evga 680icpu: q6600ram: 4g cell shock 1000mhzvista runs on raid0 on the highpoint rocketraid 2320 on 2x wd74gd.the next problem i have, is vista often hangup on booting (green running bar). sometimes the green running bar will not stopping or will to stand remain.please can you help me ?thanks a lotelio
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2007 9:34am

Well, let me join the pile-on. The update did not break my TCP/IP but it did break VMWare Server on Vista X64. I didn't try uninstalling but, instead - because I wasn't initially sure which update was the culprit , I rolled back to a restore point previous to the update and was able to run VMWare Server again. After re-reading all of the other 8 update descriptions, this seemed to be the only possible culprit so I installed all of the other updates from this month's round and VMWare Server still runs. KB932596 is definitely an update to avoid.I certainly hope that Microsoft undoes this undocumented change. This is an unacceptable behavior on the part of Microsoft.
August 17th, 2007 11:47pm

Hi, I have the same problem that you, whit the update and vmware workstation 6, howI look microsofthave a proble with this update. we wait moving. P.d. You have reason in all the rest. Regards
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2007 12:25am

I have exactly the ame problem that everyone is talking about. I isolated all the remaining update and this one is causing to freeze while booting. Uninstlling solves the problem however everytime i restart my system the update this file again.
August 19th, 2007 5:52pm

The update also broke my Virtual Server 2005 R2 SP1. The admin web site would just hang and the Virtual Server service appeared as started but would not stop.Ended up going back to Virtual Server 2005 R2 to get things going. I suppose I could roll back the hotfix and go back up to SP1 also. I thought that ther might be some regression testing with at least Microsoft products before a fix was put on as an automatic update. Thank god it wasn't a production server I'll post the Event Log so if anyone else searches they might have half a chance. Event Type:WarningEvent Source:Virtual ServerEvent Category:Virtual ServerEvent ID:1130Date:8/19/2007Time:3:05:41 PMUser:NT AUTHORITY\NETWORK SERVICEComputer:ABCDEFDescription:The service principal names for Virtual Server could not be registered. Constrained delegation cannot be used until the SPNs have been registered manually. Error 0x80072098 - Insufficient access rights to perform the operation. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2007 2:14am

I see that the majority we used software, that it makes use of virtual devices, that as well, they create network bridges, or they bear relation to the device tcpip.sys then the first symptom, is that the network devices stop being operative. So far Microsoft has not said anything on the matter, because it is obvious that him this information cannot be sent automatically. We will hope to that they are not made delay too much, although not to what extent this update is for benefit of the end user, but all the opposite, is for benefit of them. So the best thing than we can do is to hide it so that it does not warn but the operating system to us, of which this slope to execute itself. Regards.
August 20th, 2007 9:53am

my system problems were different to the ones displayed so far. my firewall shut down and wouldnt re-start, my wireless connection failed and various other services shut down. and as with the other posts only deleting this upgrade and doing a previous restore fixed the problem. and as with the others i cannot install this upgrade and have had to disable it from auto installing. come on bill get sorted.
Free Windows Admin Tool Kit Click here and download it now
August 20th, 2007 4:24pm

This Windows update killed the internet on my Windows XP SP2 machine! No internet connection with any browser. ipconfig no longer worked. It took me a while to figure it out. My anti-virus software AVG thought the tcpip.sys file in the update was a virus and had blocked its installation into the following two directories: \WINDOWS\SYSTEM32\DLLCACHE \WINDOWS\SYSTEM32\DRIVERS I fixed it by saving the file (it was in AVG's virus vault) into the two directories and restarting. Internet connectivity back after that. I'd advise looking at your firewall/security software and see if it blocked any files as viruses when you allowed the Windows update.
August 21st, 2007 7:21pm

Hi, I have problems with this update also, I can advise anyone to remove the KB932596 update with system restore ASAP. Why? I use the well known: "bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS" instruction to make sure I CAN load unsigned drivers and services. With this patch I cannot anymore. I am a programmer, I can't work like that. If I want someting unsigned loaded, it MUST load, becouse I want it to load. I have a (working)PeerGuardianVista x64 version that cannot load pgfilter.sys anymore, a very important program for file sharing use. I removed the update and have hidden it, if you value control over your computer instead the other way around. I suggest you do the same. If you do not remove, you are in trouble. I hope Microsoft takes note of this. And if fixed, let me know some how. I hate it when my computer is not fully updated. But in this case I am against the wall, I have no choiche, I cannot install this update. As advanced user (and programmer)I MUST maintain the ability to load unsigned drivers. Please Microsoft, take note. This is the update I just can't do. Kindest regards, UncleX C++/C# ProgrammerUncleXNL@hotmail.com
Free Windows Admin Tool Kit Click here and download it now
August 29th, 2007 11:01pm

Hi, I resolver like you,(uninstalling and hiden),but there is another more problem whit the KB938979 to this week, and resolver uninstalling and hide it. My cause its, what i have patch the tcpip.sys, for another whit more conections. and the onwer of signature it,s not of Microsoft, and the KB932596 look all the signature in the boot, of main kernel, if there is any driver not original, dont booting on the run of windows, and the service of tcpip dont work and all the network target it missing. Regars
August 29th, 2007 11:24pm

Ok so we fixed the problem, and now a few updates later, again same problem. And I did not install KB932596. It appears Microsoft decided to ship this patch in another package. After system restore the problem disappeared again. I'n now busy installing them one by one to find out the one causing it AGAIN... MICROSOFT PLEASE STOP FUCKING MY COMPUTER!!! I DON'T WANT THIS PATCH, IN ANY FORM. I RATHER HAVE SOME VIRUSES. Shiping KB932596 in another patch like a virus or Trojan is not nice, WE DON"T WANT IT. I JUST CAN"T HAVE THIS. It cost me time system restore, patch by patch. THIS so called update fucks my computer up!!! I like to stay in charge here. I want to be able to install unsigned drivers!!! Nowan in the future. I'm now installing update by update, to prevent this from happening again. I'm getting angry here!! So much time lost for no reason! MICROSOFT STOP THIS MADDNESS. C'mon Bill, call Steve to order. I fear he's gone insane. READ IZAAK AZIMOVS LAWS OF ROBOTICA. If the computer prevents me from doing someting, I NEED A CANCEL BUTTON. I NEED TO BE ABLE TO INSTALL UNSIGNED DRIVERS.
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2007 4:27am

Strange, I have TCP connection limit removed, also but never experienced this problem. Is Microsoft targetting file sharing? Or has Steve Baldwin gone insane? I whas just so happy about my system and Vista, and now these fuckups. Setting a TCP limit is another fuckup never restored by Microsoft. The nerve, limiting the internet connection I pay for at my provider. See it from a programmers point of view, I want to make a driver.... you get the point how can you debug if each build need to be signed???????? I'm normally100% pro Microsoft also as programmer, now it's down to 98% I see any limiting to my computer as bad. Limiting is ok, as long as a way to override the action decided by the OS exists. Making updates that limit a installed computer is evil, who knows what you might disable for the happy user.
September 1st, 2007 4:38am

Ok I found the next "evil update" KB932596 and KB938979 BOTH have this problem, if you install one of the or both: "bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS" Will not work, as a result it will be impossible to install unsigned drivers. If you use unsigned drivers, these updates will malfunction these drivers, and the programs that use them. Do not install this. Or remove with system restore.
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2007 5:44am

Uncle X, Thanks for posting the results of your test. That will save me a lot of time validating the test. Now I can test KB938979 in one test and all of the other patches this week in another test. This sneaking in feature changes under the guise of bug fixes really sucks. I don't have a spare VMWare host server that I can take test on to keep from taking down my production VMWare server. That means that 12 servers are down for the duration of this testing - perhaps 3 or 4 hours all told. There is nothing at all in the write up for KB938979 that says anything about signed drivers so I'll let you know if my tests backup what you found. Dale
September 1st, 2007 5:08pm

I'm quite sure you will back me up on this... But Microsoft, this is a fuckup. Removing features under the "motto bug fix" and not mentioning them anyware. How can I ever trust Microsoft again? How can I ever install an update without worry again? Telling lies and sneakingout features...... Not someting I expect from Microsoft. This is the way a Trojan Horse functions. What if I had not noticed? Or I had system restore turned off? Or just no restore point available before this update? I would be seriously fucked! Even now when I install Windows, I must take care not to install these updates. This is dangerous and unresponsible behaviour on the part of Microsoft. And why would Microsoft?Microsoft thinks the x64 users of Vista are stupid or someting? There is only one way to restore my trust. I need excuses from Microsoft, plus an update that; -restores TCP connections previously removed -restores the "bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS" functionality. -The promise never to limit computer features, without a way to override it. -A company policy that follows the Izaac Azimovs laws of robotica, in laymans terms; I need to be able to override anyting. Since the user is higher in intelligence than the system. My computer is nothing more, but a slave to me. I have no usefor slaves that do not follow orders. Kindest regards, Unlce X
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2007 1:04pm

dood .. i totally agree .. but i think that u'r expecting too much from microsoft .. i must to say .. i'm really dissapointed on Microsoft too .. Iam a c++/asm programmer from abt. 8 yrs .. and i am dissapointed on ms from few reasons . (eg hiding api of aero to cpp programmers to force them to use c# and other stupid politics .. ) to be honest - i really consider a transfer to linux based system .. i use suse distro paralelly with windows .. and planning to stay @ suse coz they're not hiding any api etc btw. did you ever really trusted microsoft ?
September 2nd, 2007 1:19pm

Hey guys,search in google this > VistaTcpPatch.exe <, its the solution for the KB932596, but you need the original tcpip.sys, to do it,(there is a command that forces to verifies that it is the original one, and if it it was not it, restore it Automatic), and Also you can install the KB938979, before applying the patch. I have verified it and it works perfectly. Usage Instruction for VistaTcpPatch.exe Open an elevated elevated command prompt with administrator rights Enter the following command and then press Enter: VistaTcpPatch /n X where X is the new TCP connection limit that you want to use in Vista. For example, VistaTcpPatch /n 512 will set the concurrent outbound half open TCP connection limit to 512. Restart computer. Make sure that you go to the correct folder the VistaTcpPatch.exe file is located (where you save it). For example, if you place the executable at C:\Users\Administrator\ folder, then you must change directory to that folder too. For some system, you may have to copy VistaTcpPatch.exe file into \Windows\System32\ folder, and run the command above from there. Code SnippetThe Vista TCP Patch Its not clear if the utility works with tcpip.sys version 6.0.6000.20583 installed on Vista after installing KB932596 kernel patch protection update. However, no sweat and worry over it, as the program will prompt a stop error message if the version of tcpip.sys is unmatched with the one its able to patch, or incorrect or invalid. Regars
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2007 3:20pm

I was able to confirm that the only flawed patch for this week's round was KB938979. That gives two, so far, patches that break unsigned drivers - or more accurately, break the BCDEDIT option to remember that you chose to ignore the unsigned drivers. The tcpip.sys hack Mr_bytes suggested will not work for me because these patches do not appear to be breaking tcpip.sys; they are breaking VMWare Server. Besides, what makes you think I would download a patch from an unknown source? I can't even trust Microsoft patches anymore and you want me to trust something like that? Dale
September 2nd, 2007 6:54pm

I dont say thatyou trusting or not, only that this one is the solution that I have taken and it me works, The problem with vmware I have solved it with the last update of vmware, with de drivers signed by microsoft. I you remembe that the patch tcpip is without lucrative ends/purposes. Free of virus, Trojans and " boil others poisonous ". Regards
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2007 8:24pm

Linux? Sorry man, one step to far.... LINUX SUCKS. No, I just don't install these updates and hope Microsoft comes to its senses and soon releases a patch that makes it possible again to load unsigned drivers. They must, becouse these updateswill be unworkable for a lot of programmers and companies and they will complain. As do I. It must be possible to load unsigned drivers for advanced users. I hope Microsoft soon realises that, else an unworkable situation is the result. I still have a lot of trust in Microsoft, I know they will realize these 2 patches just aren't a good idea. Sooner or later, but I expect them to recieve complains about these patches from within their own company also. So, I'm confident we get a patch real soon, that re-enables the possibility to load unsigned drivers. If we don't they are stupid or ignorant and I seriously doubt that is the case. Uncle X
September 3rd, 2007 8:13pm

I suggest, if you don't like the situation about these two patches and you have problems. Complain to Microsoft this MUST come under attention. Also some media attention would be good, because forcing signed drivers (that cost money) is an unfair way of business, it also hurts the freeware comunnity. You cannot expect a developer to pay for driver signing for a program that is free. Programmers point of view, and this might be an intresting point of discussionfor the guys at Microsoft: As I see it Microsoft has 2 options (one better then the other): 1. Re-enabeling loading of unsigned drivers. 2. Make software available to let the user sign drivers he totally trusts with a personal signature. So they can loadon his own system. < This is the solution I would pick, if I where Microsoft. It gives the intended protection, but with a way for the user to override and load that driver. Safe and fair. Kindest regards, Uncle X
Free Windows Admin Tool Kit Click here and download it now
September 5th, 2007 10:30pm

OK, Now this sucks, I have this other Vista PC at work. Tried to install Realtec AC97 audio drivers, default Windows drivers do not work. So I have no sound at all. Realtec AC97 Driver can't install even if I choose install anyway. All that happens is after a wile the "install anyway box comes up again"I think this behaviour is caused by these two patches. It is a bug, because why leave the selection install anyway in while it does not work? That makes no sense. There is no way to get the Vista drivers installed now. This is a very new computer, I cannot even test if sound works now. Microsoft, thanks for these IDIOT updates....NOT Make a patch to undo these updates or atleast the unwanted behaviour of signed driver forcing. Even the OS has problems with it since the option install anyway does not work anymore. What if I want to install a BETA driver? Is Microsoft gone mad? Uncle X
September 7th, 2007 10:33am

Well, the lack of action or word from Microsoft tells me that the behavior is by design and not an accident or bug. It is funny that the Vista SP1 announcement emails I have been getting from Microsoft says that there are no new features in SP1. But it doesn't say that SP1 will be removing existing features. We shall see about that but I will bet money that this change in features will be in SP1. Dale
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2007 2:56pm

It is a bug. They will realize it, sooner or later. If we all send at least one complaint to Microsoft about not being able to load unsigned drivers. Maybe they will listen, Microsoft is know to listen to customers sometimes. Especially when they are right. Microsoft has to realize the situation is unworkable. Say you are a programmer, programming some driver, how are you going to test your product? You just can't go and sign every debug build. Impossible! It would cost to much time. So a way must come to load unsigned drivers. Else we could not develop new Vista drivers for new products with an updated PC. And that is totally unworkable for every programmer in the business. So if you are a programmer, complain now, before the day comes you want to write a driver. Technically there can be only 2 solutions for this dilemma; 1. re-enable unsigned driver loading or 2. enable the user to quickly sign the driver himself (and for free) Both options would make it possible to load unsigned drivers again. So one way or the other, I'm quite sure this patch will be undone by Microsoft. We programmers don't like this hassle we need to be productive. Uncle X(NL)
September 7th, 2007 9:05pm

Good, to take note of the following thing, and to realize it to the letter. This one, is the only onesolution for those that the problem we it have because of the driver tcpip.sys that is not the (patched) original one "signed". Microsoft has a hot fix for this driver, for those users who have a connection shared to Internet (ISC), this hot fix solves the problem of limiting the connection to only 10 connections. Because the users with active ICS need morefrom 10 connections. This hot fix its not public only send microsoft by order form, you see this link: Code Snippet http://go.microsoft.com/?linkid=6294451 You need fill the Fields Needed, and microsoft It will be sent by return mail (its free), with a password to be able to install it. the KB937168 its the reference of this hot fix. Well, when you have, Install it, and then restar the system. Now you can install the KB932596, if you do not find it, because you concealed it, then go to: Code Snippet http://www.microsoft.com/downloads/details.aspx?FamilyId=85039817-81FA-4DAE-B42C-E53C1015F7F4&displaylang=en and download it. install it, and restart the system Once again. Immediately afterwards it unloads the KB938979 in this link: Code Snippet http://www.microsoft.com/downloads/details.aspx?familyid=24EAD3A0-77F6-4196-8A3F-78C1470AC18E&displaylang=en and install it. restart please once again. If beams all this, you will have resolute the problem of driver without signature (tcpip.sys patched), and in addition you have driver that it allows you more than 10 connections, and in addition your system will be left proweave with the so important KB932596 for the security of our equipment. greetings
Free Windows Admin Tool Kit Click here and download it now
September 8th, 2007 12:19am

Ok, sounds intresting but I have no problem with TCP limit or tcpip.sys or any other problems for that matter. As Microsoft expert I have no problems and my PC is pimped to the max and I run every Microsoft development tool you could think of. I only want "bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS" to work. (it still does, but not would I install these patches) Since I'm not an idiot I have not installed "Evil updates" and my system thus is still trouble free. Would I install,my life as programmerwill becomeimpossible after installing the 2 evil patches from Microsoft. Anyway, your storysound kinda intresting I'll check it out.To inform myself a little better.However I have no computer problems at all now. (and a good motto with computers is, if it aint broke don't fix it) The only problem I have, I can't install the 2 evil patches, or else I would ask for problems and get them. These patches must be battled with a; in WAR everyting is allowed mentality. So I need all the help I can get for writing complaints to Microsoft.
September 9th, 2007 1:10am

Sorry pal these links are only dangerous, links to the deadly patches we try to avoid so hard on this board. I don't need a hotfix on a driver.... I need to be able to load any driver I want.
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2007 1:15am

strange enough that some experts equal HALFOPEN CONNECTION ATTEMPTS with ESTABLISHED CONNECTIONS.That tcpip.sys doesnt hinder you to have more than 10 connections...it just doesnt allow a massive flood of halfopenconnection attempts..which is a big difference.For P2P unless you contantly share a HUGE LOAD of files and set your Clients to idiotic connection numbersyou will not have problems. And with downloading stuff i doubt u will have any problem at all.I dont have any problem with p2p at all...and i use ICS through a unpatched XP Pro machine with a Vista X64 client using U*TOR*RENT i can get max speed. If u rely on E*MUL*E or other stuff...well...i doubt theres any realiable proof that the original tcpip.sys actually destroys or severely cripplesyour ability to use P2P in a satisfactory way. Rather superstitous babble imho.Signed driver setting was ignored? Yeah true but i think it was only present in RC1 and has not been workingin Final Vista anyway at least only for 1 boot?*Btw Technet something is wrong with replying to this thread and hitting cancel on teh notificationscreen. Result: "Post cant be found or was deleted by a moderator" Post will be still posted though.Will delete needless test post by hand now.
October 31st, 2007 5:19am

well yes, all my problems are from superstitious babble! wow thanks that solved my connection problems with utorrent...well no it didn't. my problem is i am not a major uploader i download on occasion as i pay for each gb i download. my regular download speed with utorrent should be around 700k...and upload 25k...i was getting 25k upload...and 15k download...consistently. So i was paying more to upload stuff than download.Event Viewer logs for TCPIP signed TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.I did have utorrent on the lowest connections i possibly could and still maintain any sort of speed. i install the 4226 patch...i get full speed straight after reboot. so i go from paying 80 a month to around 50 a month...i install the signed package...my bill goes back up...i just use my pc (vista home x64) connected to a wired router to adsl...nothing else. i understand the difference between half open connections per second and 10 connections...but when i cant surf the web and get timed out constantly with the above 4226 errors appearing in the event log then something is very wrong. so please don't dismiss peoples problems as superstitious. i didn't look for a solution until i realised i had a problem. i wasn't out there reading everything i could to find the best speed etc...i want a stable, fast and secure pc. at the moment i have fast but stable and secure are no where near what they should be. i can't install 3 patches now all because they enforce driver signing. i not only use it for my tcpip.sys but there are many other drivers i need to use for old apps. which is limiting me. All i ask is not to force people to have to have drivers signing. the latest update is something i need according to problem / solution thingy. to do with my explorer crashing. but i can't install as it enforces driver signing as well...as fixing explorer. infact there is a massive list of things the patch fixes...why not just 1 patch per item...?rant over.
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2007 4:48am

well, i can also confirm this, i'll list specs at the bottom, but, yeah.I just use vista ultimate 64 on my computer at home for gaming, we haven't been using it for customers in our data centers yet (thankfully) and hope we never have to support it in use for servers as techs, from problems like this.nvidia beta video drivers for the 8800gtx aren't signed, rivatuner used to force the video card fan to 100% (the ONLY program for vista-64 that will do this) doesn't have a signed driver, everest ultimate edition (the only tempature monitoring program that works on my board) doesn't have a signed driver.In essence, my PC is unsuable if i install this patch, i haven't checked the other listed patch yet, but i'll look for it in the list.In short, It's not a problem with tcpip.sys, the problem is that Vista Ultimate 64-bit is SUPPOSED to require signed drivers, for every single driver in the system. And, we've been able to disable that with BCDEDIT and use our computers in bliss. That is until this "hotfix". Microsoft does not post anything in the description of this hotfix about drivers, driver signing, or anything like that on the description page, they just merely re-enabled requiring signed drivers without telling us, and hoped no one would notice. Slip it in under our noses, so to speak.Well, i had to go through 1 by one and install driver, reboot, install driver, reboot, find this one, it's been a slow process but this one is what does it. So if you don't have 100% signed WHQL drivers on your system, don't install this!and in the instance of the tcpip.sys issue, this brings to light other questions. So there's parts of the OS that came from microsoft that aren't even signed by microsoft as a safe driver? Wow....
December 8th, 2007 8:23am

I just can't figure out why Microsoft spent what probably amounts to millions of dollars creating the X64 versions of Windows and then fails to convince software and hardware vendors to create software for 64-bit versions. But then, they haven't even made much 64-bit software themselves. Even their own Office suites are not available in 64-bit. Think about the history of the PC as we know it. The original IBM PC came out in 1981 with a 16-bit 8086 processor. By 1985, the first 32-bit PCs were available with the 80385 processor. And now, 22 years later, we are still using 32-bit processors even though 64-bit processors have been out for about 5+ years. Just a few years ago, a gigabyte of RAM was a huge amount in a home PC. Now,2 gigabyte of RAM is the minimum RAM I would even turn on a Vista PC with and the 3 gigabyteof RAM available in 32-bit Windows is just not enough in many cases. That is why I run 64-bit Vista. I currently have 8 gigabyte of RAM but it is still not always enough. I am going to have to upgrade to 16 gigabyte soon. Microsoft and both hardware and software vendors are going to have to get with the program. I don't feel like an early adopter since I have only been using 64-bit for 6 months when others I know have used 64-bit versions of Windows for years. So, why do we still have such a hard time getting 64-bit to work?
Free Windows Admin Tool Kit Click here and download it now
December 8th, 2007 4:55pm

Okay, so i've been going through the updates, one by one. Rebooting every single update, even if it doesn't tell me to, so i can see which updates re-enable driver signing and disable stuff. And surprisingly, i've found several. I thought i'd share that list here:KB943078KB932596KB938979KB941649I'm going to be looking up these updates on microsoft.com and see if they say -anything- about driver signing in the update descriptions, but some how i don't think they will.
December 16th, 2007 9:03pm

There isanotherpatch in last week's Patch Tuesday group that includes this undocumented feature removal. I don't remember the exact KB number but it is the update that references a security issue in ALPC. Since the referencedsecurity flaw can only occur if the attacker is logged in locally it isn't a big deal to me. No one logs in locally that I don't trust so I really don't see it as an issue I need to patchat this time. Thus, I can leave my X64 Vista working with the unsigned drivers I need. The day will come, though, that a significant security risk forces me to install a patch that includes this hidden feature removal - most likely it will be included in Vista SP1. What is weird about this undocumented feature removal is that it makes the core features of Vista X64 different than the core features of Vista X86. Well, hopefully VMWare will publish signed drivers for VMWare Server or they will be crushed by the giant blue alternative and they won't have anyone to blame but themselves. If they start yelling monopoly, I will be the first to speak out that they (VMWare) owned the virtualization market and just threw it away. Dale
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2007 9:36pm

Hello Dale, are refering to KB943078, labeled "A security issue has been identified in ALPC that could allow an attacker to compromise your Windows-based system and gain control over it."? If so, it's already included in Kithylin's Flop-4-AutoUpdate-list... (Thank you Kithylin, this list saved me a lot of time today...)This whole subject is very sad, Microsoft doesn't seem to be interested in the issue at all (or chooses not to respond on purpose).If the end user wishes to use unsigned drivers he/she should be allowed to do so. I am also a software developer and this whole issue annoys me. Does Microsoft want us to turn of automatic updates all together? That can't be the solution...I suggest we keep this thread up to date and post any updates that have this "special behaviour", so that other users won't tap into the same trap...
December 19th, 2007 2:46am

This is how I have eventually got around the whole issue and still maintain all the updates on my PC although to get it working properly I had to reinstall Vista as I had messed with the updates so much that my computer wasn't very stable.But now I have all the updates on, including SP1 on Vista Home Prem x64 and can still use drivers of my choosing, as long as I sign them manually...a bit of a pain but I have made a batch file to quickly do them for me.This is how to test sign your drivers...http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspxYou will end up with a watermark type thing in the corners saying it is in test mode. but that can be removed with (i think i haven't tried that bit)http://www.mydigitallife.info/2006/11/23/remove-and-disable-windows-vista-evaluation-watermark-fromdesktop/comment-page-1/anyway good luck to all.
Free Windows Admin Tool Kit Click here and download it now
December 19th, 2007 1:49pm

Hello pa215,sounds interresting... Could you share your batch file with us?Thanks in advance!
December 19th, 2007 4:54pm

not the batch file as there are 5 of them but the actual commands i can for surebcdedit /set testsigning on turns on test signing mode prob reboot at this pointmake sure u are in admin cmd prompt for all these btw1st u need to make a file with this code in called paj215.cdf[CatalogHeader]Name=paj215.catPublicVersion=0x0000001EncodingType=0x00010001CATATTR1=0x10010001SAttr:2:6.0[CatalogFiles]<hash>File1=pgfilter.sysi put pgfilter.sys in this example but basically change the filename to the one you want to sign.makecert.exe -r -pe -ss PrivateCertStore -n CN=paj215.com(Test) paj215.cermakecat v paj215.cdfSigntool sign /v /s PrivateCertStore /n paj215.com(Test) /t http://timestamp.verisign.com/scripts/timestamp.dll paj215.catcertmgr.exe /add paj215.cer /s /r localMachine rootThat should sign your files and they will work only in test mode.or something like that...
Free Windows Admin Tool Kit Click here and download it now
December 21st, 2007 9:41pm

is a : and O next to each other...damn forum keeps logging me out so can't edit ...hopefully this will go through
December 21st, 2007 9:48pm

As nobody has posted this in this thread, I thought I'd share this information;A Temporary SolutionIf you tap F8 during startup (to get the bootup menu where you select normal mode, safe mode etc.), at the bottom is an option "DISABLE DEVICE DRIVER SIGNATURE ENFORCEMENT". Select this and Vista will bootup without device driver signature enforcement. This works. No really, it works. This is different to "bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS" or any other such options. The "bcdedit" seems to be for device signing during runtime. The recent slew of updates however seem to be applying a BOOTUP signature enforcement, which obviously being bootup happens before runtime.Unfortunately there is no way to get this to automatically run every time - you have to go to your bootup menu every time you start your PC up. Somewhat of an annoyance, but I have got used to it as a way to remove the half-open connection limiter. I hope this helps other people. It helped me as I thought I had destroyed my internet when I patched my tcpip.sys without backing it up and suddenly found anythign related to networking was "broke" - any network related service not starting up etc., only to find this was because tcpip.sys was not loading due to it not passing this new bootup device driver signature check/enforcement.
Free Windows Admin Tool Kit Click here and download it now
January 9th, 2008 1:27pm

Okay, a NEW UPDATE PEOPLE!!!I've been going through the updates, one by one, for your enjoyment.A NEW BAD UPDATE!KB943899 - Also re-enables requiring driver signing, and again forces your OS to a state in which it is impossible to disable this.Come on microsoft, stop sneaking *** into your updates!GODS i pray Sp1 never does this.
January 11th, 2008 3:34am

If anyone's cleaned up and tested that driver-signing batch file above, would you mind posting it? I think if you check "This post contains a code sample" then the board will avoid putting smiley faces in it. Also, does attempting to turn off the watermark work or not?
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2008 2:14am

There's a new twist as of SP1 on 32-bit Vista systems:http://www.microsoft.com/whdc/winlogo/drvsign/drvsign.mspx"Driver binaries that load at boot time ("boot start drivers") must contain an embedded signature, for both x86 and x64 versions of Windows Vista and Windows Server 2008."Boot-start drivers. "In the special case of boot-start drivers--drivers that are loaded by the Windows Vista operating system loader--publishers must use an SPC to embedded-sign the driver binary image file. This requirement ensures optimal system boot performance."In tests using the publicly available 32-bit RC Refresh build, I found the experience identical to what's discussed above in the case of 64-bit: When booting, you're told that such-and-such a driver doesn't have a valid digital signature, and the only way around it is to use F8 for that boot only. In this particular case, I was testing tcpip.sys.32-bit SP1 drivers are digitally signed, unlike the original release. This is not surprising or even unwelcome, but the enforcement is.
January 24th, 2008 6:36am

This thread is about 64-bit windows vista, please re-read the subject line.32-bit windows does NOT apply to this thread.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2008 3:45pm

That was then, this is now. Read the post. As far as that kind of driver is concerned, as of SP1, 32-bit is in the same boat as 64-bit, so it's obviously on topic since the bits don't even matter anymore.
January 27th, 2008 5:14am

sorry its taken me so long to get back but for some reason i couldn't login and when i could it would log me out while i was typing.anyway...Make a file called paj215.cdfplace the following in, changing the file pgfilter.sys for any driver you want to sign, remember to use full address ie c:\windows\etc...but i find it easier to copy to sdk directory. Code Snippet [CatalogHeader]Name=paj215.catPublicVersion=0x0000001EncodingType=0x00010001CATATTR1=0x10010001:OSAttr:2:6.0[CatalogFiles]<hash>File1=pgfilter.systhis bit onwards is what you should type in to an admin cmd prompt (ie goto search type cmd then right click the cmd and run as admin) Code Snippet bcdedit /set testsigning onmakecert.exe -r -pe -ss PrivateCertStore -n CN=paj215.com(Test) paj215.cercertmgr.exe /add paj215.cer /s /r localMachine rootthat bit should only need to be done the 1st time Code Snippet makecat v paj215.cdfSigntool sign /a /v /s PrivateCertStore /n paj215.com(Test) /t http://timestamp.verisign.com/scripts/timestamp.dll paj215.catSigntool sign /a /v /s PrivateCertStore /n paj215.com(Test) /t http://timestamp.verisign.com/scripts/timestamp.dll pgfilter.systest your file is signed by using Code Snippet signtool verify /pa /v pgfilter.sysyou should be able to get all the files you need from the vista sdk...around this location ishhttp://www.microsoft.com/downloads/details.aspx?FamilyID=c2b1e300-f358-4523-b479-f53d234cdccf&DisplayLang=enalso you can remove the watermark with the http://www.mydigitallife.info/2006/11/23/remove-and-disable-windows-vista-evaluation-watermark-from-desktop/comment-page-1/ i mentioned before i didn't bother doing it til yesterday and now it just shows "" in each corner...which is better than before.good luck
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2008 3:45am

Thanks for the clarifying post, paj215. When I went through it, guided by the documentation as well as what you wrote, I discovered a couple things that I thought I should record here. 1) There's a new version of the signingtools (Jan. '08) in "Windows Driver Kit (WDK), Windows Logo Kit (WLK) and Windows Driver Framework (WDF)" here: https://connect.microsoft.com/site/sitehome.aspx?SiteID=148 If the link doesn't work the first time, go here instead and look for the WDK: https://connect.microsoft.com/availableconnections.aspx 2) The .CDF file needs to have a blank line at the end or the Makecat command later will not work. 3) The watermark removal procedure does work fully, butnote that Step #10 at that link is incomplete. See line 738? That "Test Mode" needs to be converted like all the others youve done. If you dont, youll still have four watermarks on the screen. And you don't need to use " " for any of the line changes, actually: they can simply be blank. Either way works.
February 26th, 2008 8:39am

There are a few guys making updates for a LOT of different systems with exponential numbers of configuration differences commanding specific needs... I believe windows as an OS should become more capable of 'growing' or making its own updates customized to the system where it lives....If there's a backdoor found opened-- close it, right there on the spot at THAT house... Making a backdoor closing mechanism in Redmond for all houses with backdoors, probably 2 or 3 % which need to be closed is becominging as out dated as............me.... cheers..!
Free Windows Admin Tool Kit Click here and download it now
July 31st, 2010 8:21pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics