You all know that you need to install the SharePoint 2013 pre-requisites before installing SharePoint 2013 – this is done either online or offline using the pre-req installer. All the requirements are listed in the Hardware and Software requirements for SharePoint 2013 Technet article.
Once in a while you need to do the installation on a disconnected machine, that is a machine that is not connected to the interwebz. Then you typically Bing for a fancy script that downloads all the pre-reqs for you and you run the pre-reqs installer in unattended mode. That is where you pass in the local path to all the downloads either through a file or through the command line (I’m not going to cover that – it’s all over the web and even in the TechNet article mentioned before).
Trouble in paradise?
One thing that you might stumble upon when doing a disconnected install of the SharePoint 2013 pre-reqs is that your scripts or the pre-req installer just keeps asking you to run the installer again and it just says that you need to restart your server and run the installer again. After doing that for a couple of times you most likely start inspecting the log files and you will see stuff like this:
2012-12-03 21:38:40 - Installing Microsoft WCF Data Services 5.0
2012-12-03 21:38:40 - "\\server\SP2013\PrerequisiteInstallerFiles\WcfDataServices.exe" /quiet
2012-12-03 21:42:50 - Install process returned (-2146762486)
2012-12-03 21:42:50 - [In HRESULT format] (-2146762486)
2012-12-03 21:42:50 - Last return code (-2146762486)
2012-12-03 21:42:50 - Install needs restart
We’ll it looks like it needs a restart – but what about that HRESULT code? Let’s turn it into a hexadecimal representation – 0x800B010A. Ahaaa! Ya’ll know your HRESULTs, right. It starts with 0x800B01?? so it must be some certificate issue, and it sure is.
As you can see it fails when installing the WCF Data Services 5.0. Let’s run that installer by itself. When we do that we’ll see an error that clearly says that it is a certificate error – A certificate chain could not be built to a trusted root authority.
The installer log file for WCF Data Services also tells it right in our face:
[0B48:0C78][2012-12-03T21:52:06]: Error 0x800b010a: Failed to verify certificate chain policy status.
[0B48:0C78][2012-12-03T21:52:06]: Error 0x800b010a: Failed to get certificate chain for authenticode certificate.
[0B48:0C78][2012-12-03T21:52:06]: Error 0x800b010a: Failed to verify signature of payload: wcf_dataservices
So there’s something wrong with our certificate validation chain here…
These darn certificates!
Having disconnected machines means one or two things with regards to patching – either they are not patched at all or the admins control the patching themselves and don’t let the right ones through. The problem here is that the machine experiencing this problem does not have its root certificates updated. It’s an easy fix – make sure you let those updates from Windows Update through or update the root certificates manually.
A manual update, which should only be your last resort, can be done by downloading the Update for Root Certificates for Windows XP [April 2013] (KB931125). Yup, they are for Windows XP but works perfectly on a Windows Server 2008 R2 (that’s where I tested it). Download the rootsupd.exe file and run it on your server before the running the pre-req installer and all should be running fine from now on.
Summary
A short explanation and solution for something that hopefully isn’t that common – since all of you have patched servers right?