SQL SERVER – ERROR: Failed to verify the Authenticode signature of FileName

Sometimes there is some malware which would do changes on the machine which is impossible to track. Most of the time, based on my interactions with various clients, we need to format and rebuild the OS because you never know what data is getting compromised using which program running in the background. In this blog, we would learn about an interesting error Failed to verify the Authenticode signature of the filename.

Here is the complete message which I saw in ERRORLOG shortly after startup.

2018-07-31 16:58:45.56 Server      Failed to verify the Authenticode signature of ‘C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn\sqlservr.exe’. Signature verification of SQL Server DLLs will be skipped. Genuine copies of SQL Server are signed. Failure to verify the Authenticode signature might indicate that this is not an authentic release of SQL Server. Install a genuine copy of SQL Server or contact customer support.

The same message was there in ERRORLOG for below files.
• sqlservr.exe
• SQLOS.dll
• sqlmin.dll
• sqllang.dll
• sqlTsEs.dll
• sqldk.dll
• opends60.dll
• qds.dll
• svl.dll
• secforwarder.dll
• Resources\1033\sqlevn70.rll
• hkruntime.dll
• hkengine.dll
• hkcompile.dll
• dbghelp.dll
• SqlAccess.dll
• BatchParser.dll
• ftimport.dll
• MSFTE.DLL
• xpsqlbot.dll
• xpstar.dll
• SQLSCM.dll
• Resources\1033\xpstar.rll

WORKAROUND/SOLUTION

I asked my customer about the history of this server and interestingly this was a brand-new installation of SQL Server 2014. I search on internet about how to check trust of a DLL and came across this article.

I captured Process Monitor and searched for 00AAC56B-CD44-11d0-8CC2-00C04FC295EE based on above SO link. I found below key was missing on the server.

HKLM\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}

SQL SERVER - ERROR: Failed to verify the Authenticode signature of FileName wintrust-err-01

To fix the issue, we registered Wintrust.dll using below command

regsvr32 C:\Windows\System32\wintrust.dll

SQL SERVER - ERROR: Failed to verify the Authenticode signature of FileName wintrust-err-02

And that’s it! After this, we restart the SQL Server service and we stop seeing those errors.

Reference: Pinal Dave (https://blog.SQLAuthority.com)

File format, SQL Error Messages, SQL Server, SQL Server Security, Windows
Previous Post
SQL SERVER – Script – Turn off Firewall Remotely (PowerShell, NetSh, PsExec)
Next Post
SQL SERVER – COUNT, FROM and a Query – Interesting Observation

Related Posts

2 Comments. Leave new

Leave a Reply