SQL SERVER – ERROR: Failed to verify the Authenticode signature of FileName

5 years ago

Sometimes there is some malware which would do changes on the machine which is impossible to track. Most of the time, based on my interactions with various clients, we need to format and rebuild the OS because you never know what data is getting compromised using which program running in the background. In this blog, we would learn about an interesting error Failed to verify the Authenticode signature of the filename.

Here is the complete message which I saw in ERRORLOG shortly after startup.

2018-07-31 16:58:45.56 Server Failed to verify the Authenticode signature of ‘C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe’. Signature verification of SQL Server DLLs will be skipped. Genuine copies of SQL Server are signed. Failure to verify the Authenticode signature might indicate that this is not an authentic release of SQL Server. Install a genuine copy of SQL Server or contact customer support.

The same message was there in ERRORLOG for below files.
• sqlservr.exe
• SQLOS.dll
• sqlmin.dll
• sqllang.dll
• sqlTsEs.dll
• sqldk.dll
• opends60.dll
• qds.dll
• svl.dll
• secforwarder.dll
• Resources\1033\sqlevn70.rll
• hkruntime.dll
• hkengine.dll
• hkcompile.dll
• dbghelp.dll
• SqlAccess.dll
• BatchParser.dll
• ftimport.dll
• MSFTE.DLL
• xpsqlbot.dll
• xpstar.dll
• SQLSCM.dll
• Resources\1033\xpstar.rll

WORKAROUND/SOLUTION

I asked my customer about the history of this server and interestingly this was a brand-new installation of SQL Server 2014. I search on internet about how to check trust of a DLL and came across this article.

I captured Process Monitor and searched for 00AAC56B-CD44-11d0-8CC2-00C04FC295EE based on above SO link. I found below key was missing on the server.

HKLM\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}