When you try to install a large Microsoft Windows Installer (.msi) package or a large Microsoft Windows Installer patch (.msp) package on a computer that is running Windows Server 2003 Service Pack 2, you receive the following error message: Show Error 1718. File FileName was rejected by digital signature policy. Additionally, the following event may be logged in the Application log: CauseThis problem occurs if the Windows Installer process has insufficient contiguous virtual memory to verify that the .msi package or the .msp package is correctly signed. ResolutionUpdate download information119591 How to obtain Microsoft support files from online services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file. PrerequisitesYou must have Windows Server 2003 Service Pack 2 installed to apply this update. Restart requirementYou must restart your computer after you apply the update. Update replacement informationThis update does not replace any other updates. File informationThe English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel. Update for Windows Server 2003 (KB973825)File name File version File size Date Time Platform SP requirement Service branch Advapi32.dll 5.2.3790.4555 619,008 18-Jul-2009 15:58 x86 SP2 SP2GDR Advapi32.dll 5.2.3790.4555 619,008 18-Jul-2009 16:19 x86 SP2 SP2QFE Update for Windows Server 2003, x64 Edition (KB973825)File name File version File size Date Time Platform SP requirement Service branch Advapi32.dll 5.2.3790.4555 1,052,160 18-Jul-2009 21:45 x64 SP2 SP2GDR Wadvapi32.dll 5.2.3790.4555 619,008 18-Jul-2009 21:45 x86 SP2 WOW Advapi32.dll 5.2.3790.4555 1,065,984 18-Jul-2009 16:32 x64 SP2 SP2QFE Wadvapi32.dll 5.2.3790.4555 619,008 18-Jul-2009 16:32 x86 SP2 WOW Update for Windows Server 2003 for Itanium-based Systems (KB973825)File name File version File size Date Time Platform SP requirement Service branch Advapi32.dll 5.2.3790.4555 1,482,752 18-Jul-2009 21:44 IA-64 SP2 SP2GDR Wadvapi32.dll 5.2.3790.4555 619,008 18-Jul-2009 21:44 x86 SP2 WOW Advapi32.dll 5.2.3790.4555 1,483,776 18-Jul-2009 16:32 IA-64 SP2 SP2QFE Wadvapi32.dll 5.2.3790.4555 619,008 18-Jul-2009 16:32 x86 SP2 WOW WorkaroundImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 How to back up and restore the registry in WindowsTo work around this problem, change the PolicyScope registry value to 1 before you try to install the package. To do this, follow these steps. Note If the computer is joined to a domain, a domain policy update may override the registry changes that you make. We strongly recommend that you disconnect the computer from the domain before you follow these steps.
If the previous steps did not resolve the issue, follow these steps:
Important After you follow the previous steps, local administrators can install the .msi package or the .msp package. After the package is installed, reset the enforcement level by following the previous steps. In step 5, click All users instead of All users except local administrators. Notes
More InformationStarting with Windows XP, a security policy that is named Software Restriction Policies (also known as SAFER) was introduced to help users avoid running unsafe files. Windows Installer uses software restriction policies to verify the signatures of signed .msi package files and signed .msp package files. Windows Installer does this to make sure that the files were not tampered with before they are installed on the computer. Windows XP and Windows Server 2003 require that the whole .msi package file or the whole .msp package file to be loaded into one contiguous piece of memory in the address space of the Windows Installer process. If an .msi package file or an .msp package file is too large to fit into a contiguous piece of virtual memory, Windows Installer cannot verify that the package is correct. In this scenario, you experience the symptoms that are described in the “Symptoms” section. The fix that is described in this article enables software restriction policies to use less virtual memory to perform the signature verification. Therefore, Windows Installer can verify any size files. |