How do I enable SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2?

OESIS Framework SDK Version 4 for Windows is equipped with a low level driver, which in certain situations may fail to install/start. This case is limited to Windows 7 and Windows Server 2008 R2 platforms (mostly confined to 64-bit architectures), and can be identified under the following circumstances:

  • Invoking OESIS method WAAPI_MID_MANAGE_DRIVER (29001) with the "start" operation returns error code -47 (Invalid Signature).

This is caused by a documented Microsoft limitation regarding to lack of SHA-2 code signing support for Windows 7 and Windows Server 2008 R2.

The following Microsoft KB explains this case in more detail, as well as steps to successfully remedy the situation.

Microsoft is announcing the reissuance of an update for all supported editions of Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and verification functionality. This update supersedes the 2949927 update that was rescinded on October 17, 2014 to address issues that some customers experienced after installation. As with the original release, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1 do not require this update because SHA-2 signing and verification functionality is already included in these operating systems. Detailed information about the shortcoming can be located in the 2015 Microsoft Security Advisory 3033929:
https://technet.microsoft.com/en-us/library/security/3033929

If you are running Windows 7 or Windows 2008 Server R2, please do the follow the steps below:

  1. Ensure that the platform is upgraded to at least Service Pack 1

  2. Install the appropriate Windows KB update for your operating system

Windows 7 (64-bit): Install the KB3033929 update: https://www.microsoft.com/en-us/download/details.aspx?id=46148

Windows Server 2008 R2 (64-bit): Install the KB3033929 update: https://www.microsoft.com/en-us/download/details.aspx?id=46083

If anyone is observing issues with other architectures for the aforementioned platforms, please reference the above Security Advisory for the most up-to-date links to download the appropriate update.

Note: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, Windows RT 8.1, and Windows 10 do not require this update because SHA-2 signing and verification functionality is already included in these operating systems.


This article was last updated on 2017-02-15
EA