WIX CAQuietExec NETSH Command Fails

Question

I would like my WIX Installer to quietly invoke a NETSH command to bind a self-signed certificate to an IP address:port.

The CAQuietExec is being invoked, but the NETSH command fails.

MSI (s) (C4:84) [16:19:50:455]: Executing op: CustomActionSchedule(Action=customQtExecRtBindCertToPort,ActionType=3137,Source=BinaryData,Target=CAQuietExec,CustomActionData="netsh" http add sslcert ipport=0.0.0.0:8080 certhash=2B2C23C6B1334F886B9FFD827D64BDC072BBEFD7 appid={123456-7890-12345-4567-AAABBBCCCDDDFFFF})
MSI (s) (C4:8C) [16:19:50:457]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI87DB.tmp, Entrypoint: CAQuietExec
MSI (s) (C4:78) [16:19:50:457]: Generating random cookie.
MSI (s) (C4:78) [16:19:50:458]: Created Custom Action Server with PID 2588 (0xA1C).
MSI (s) (C4:38) [16:19:50:477]: Running as a service.
MSI (s) (C4:38) [16:19:50:479]: Hello, I'm your 32bit Elevated custom action server.
CAQuietExec:  
CAQuietExec:  SSL Certificate add failed, Error: 1312
CAQuietExec:  A specified logon session does not exist. It may already have been terminated.

A specified logon session does not exist. It may already have been terminated.

When I run the exact same command from a command shell, I am successful:

>SSL Certificate successfully added

My code is fairly simple:

    <CustomAction
        Id="customQtExecRtBindCertToPortData"
        Property="customQtExecRtBindCertToPort"
        Value="&quot;netsh&quot; http add sslcert ipport=0.0.0.0:[RT_PORT] certhash=[CERT_THUMBPRINT] appid={123456-7890-12345-4567-AAABBBCCCDDDFFFF}"
        />
    <CustomAction 
        Id="customQtExecRtBindCertToPort" 
        BinaryKey="WixCA" 
        DllEntry="CAQuietExec"
        Execute="deferred" 
        Return="ignore" 
        Impersonate="no"
        />

I've tried running with elevated privileges in Windows Server 2008 R2, but still receive the same log output.

score 2 · Answer 1 · edited May 23 '17 at 12:20

In an attempt to revise my installer to call a custom Console application that, instead, calls NETSH under the hood (and some other tasks), I arrived at what I believe was the actual issue.

While my CustomAction declaration has properties for Execute="deferred" and Impersonate="no" set correctly, I believe the install sequence at that time was not correctly defined to occur between InstallInitialize and InstallFinalize, as was stated in this link: Installation change do not ask for UAC permissions.

Deploying to W2K12 with UAC and all that fun stuff, brought about the same error, then upon setting my custom action installer sequence to the following, I was able to over come the problem defined.

        <Custom
            Action="customQtExecRTBindCertToPortData"
            Before="InstallFinalize"
            >
            <![CDATA[NOT Installed AND CERTIFICATE_NEEDED = "TRUE" AND &featureServices = 3 ]]>
        </Custom>
        <Custom
            Action="customQtExecRTBindCertToPort"
            After="customQtExecRTBindCertToPortData"
            >
            <![CDATA[NOT Installed AND CERTIFICATE_NEEDED = "TRUE" AND &featureServices = 3 ]]>
        </Custom>

WIX CAQuietExec NETSH Command Fails

1 Answers1