Page 1 of 1

.NET 4.7.2 failing to install on server 2008 r2

PostPosted: 26.09.2018, 18:07
by trodemaster
I'm seeing failures of .NET 4.7.2 failing to install on Windows Server 2008 r2. This a prerequisite for a lot of other patches as well. The error from the log is.
Code: Select all
Tue 09/25/2018 16:02:31.89 - Warning: Installation of ..\dotnet\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /passive /norestart /lcid 1033     failed (errorlevel: -2146762487)


Running this update via gui it gives the error
Code: Select all
.NET Framework 4.7.2 has not been installed because:

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


I found this article that discusses the issue.
https://blogs.msdn.microsoft.com/vsnets ... thority-2/

Based on that I suspect NDP472-KB4054530-x86-x64-AllOS-ENU.exe is attempting to download certs from the internet during installation and then fails if it can't. Maybe a prerequisite task needs to install those certs before running the .net 4.7.2 installer?

I'm looking into workarounds today but if anybody has ideas to share please advise?

Thanks,
Blake

Re: .NET 4.7.2 failing to install on server 2008 r2

PostPosted: 26.09.2018, 20:03
by trodemaster
As a workaround I'm scripting installation of this cert. Doing this before running the patching process allows .net 4.7.2 install to succeed.
Code: Select all
$client = new-object System.Net.WebClient
$client.DownloadFile( "http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt", "C:\windows\temp\MicRooCerAut2011_2011_03_22.crt" )
certutil -addstore -f root C:\windows\temp\MicRooCerAut2011_2011_03_22.crt

Re: .NET 4.7.2 failing to install on server 2008 r2

PostPosted: 26.09.2018, 21:36
by boco
See this old thread, the problem is not new: viewtopic.php?f=6&t=6098&p=22376

The thread also includes dumps of the root certs from MS. So, they could be imported, even when being completely offline.

Re: .NET 4.7.2 failing to install on server 2008 r2

PostPosted: 26.09.2018, 22:42
by aker
Or use these files:
:arrow: viewtopic.php?f=7&t=6653

Re: .NET 4.7.2 failing to install on server 2008 r2

PostPosted: 27.09.2018, 00:13
by trodemaster
Ah yeah missed those threads in my searching. So should we fix the wsusoffline to handle this? I have been using these exact tools for a couple years now and never ran into this problem. Seems like something external has changed recently?