This past week I battled to install MSCRM for almost 6 hours. I've done countless and fought every problem so believe me when I say this is such an odd event in my life now days that it actually is enjoyable trying to find out the problem. Now normal MSCRM install issues happen either at the environmental diagnostic wizard stage, or during the actual install. This happened much earlier, in fact when I tried to add a license key. When Adding the key and hitting
add I got a dialog saying:
The specified license is invalid.
For additional details see logfile C:\Documents and Settings\XXX\Application Data\Microsoft\MSCRM\Logs\crm30svrsetup.log.
Odd, but maybe it is wrong. I try it a few times and think well I'll pop on my trust 90 day trial to get up and running and deal with Microsoft on issuing a new key. Guess what he trial key failed too.
I'm not posting this on my IW blog (see right bar) because it's more than a MSCRM issue, because then I thought maybe something in the OS is wrong so lets install all the patches and reboot. One of the patches was Internet Explorer 7 which also refused to install with an error: Setup could not verify the integrity of the installation files. Make sure the Cryptographic service is running on this computer.
What now? I tried numerous articles and suggestions gleamed from the Internet including a monster (http://support.microsoft.com/kb/822798) on from Microsoft which has reinstall Windows as an option listed (no I didn't do that, this box is running other applications just fine). But from what I learnt is that all Microsoft software is digitally signed but if something goes wrong with the certificates on the machine then it's borks the installation of those applications. MSCRM in my mind had the same problem since (I guess) it uses the digital certif to do the CRC (or similar) check on the key I used.
What was interesting was all the certificates were 100% fine, but if I right clicked on the MSCRM install MSI file and checked it kept saying the certificate had been revoked. Odd? Since it's not revoked on my machine or any other machine. And if Microsoft revoked a certificate like this why don't I know, hell, why are they still shipping IE with it? Something must be wrong.
What I found was a rouge revoked certificate had been installed, where it came from I do not know but it was there. To remove it I opened IE 6, went to the Tools Menu -> Internet Options. Then on the Content tab clicked Certificates, and on the last tab (Untrusted Publishers) I was able to see the rogue certificate and remove it. After that all installed ok.
Now just a side thought round this, but Microsoft recommends digitally signing all software. So if I was an anti-virus company or security company that took this serious I would not only sign the install of the software but the runtimes and update definitions. The downside is that if a virus/trojen could install a revoked certificate (not sure what privileges you need on XP, but I guess this is a UAC controlled operation on Vista) then it could bork all your security. Scary how 1 file can do that.
Update 13 Feb 2008: Trust me to have the wrong link for the monster article, then send it to a client as the solution to there problem. DOH! Fixed now.