Freigeben über


Windows Server 2012 R2: Install unsigned drivers

Hello,
We launched Windows Server 2012 R2 few months ago https://www.microsoft.com/en-us/server-cloud/products/windows-server-2012-r2 and I started to update the couple of servers running in my rack from 2012 to 2012 R2. As I evaluated the beta releases, the only way to complete the upgrade to the final version is to reinstall fully the servers (https://technet.microsoft.com/en-us/library/dn303416.aspx).

One of the bad surprises we all experienced with new releases is the “driver story”. In my servers, I run Infiniband HCA from Mellanox (for 10Gbps network / SAN).

As usual, the HCA is shown like this after a fresh install:

The set of drivers I use comes from the Open Fabrics Alliance, and they installed very well on Win 2008 R2 and Win 2012 (after a little trick to unlock the OS version check in the installer).
But, with 2012 R2, I had this:

- Everything goes fine:

- Then

And that’s it.

The explanation I finally found is: the signed drivers enforcement is stricter in Windows Server 2012 R2, than previous OS. So, for whatever reason, a driver working in 2012 may not be accepted on 2012 R2, even if the kernel core is the same (more info on Signed drivers here: https://msdn.microsoft.com/en-us/library/windows/hardware/ff544865%28v=vs.85%29.aspx) .

My solution: remove the stronger signature enforcement, by changing the OS boot options. The official solution being to contact your vendor for a signed driver (that may not be available for your hardware anymore ….)

To implement my solution, I had to:
1. Display the Windows Charms (Windows + C)

2. Click on  “Settings”
3. Click “Power”
4. then Click “Restart” WHILE PRESSING THE LEFT SHIFT KEY!!!

 5. With this action, the following menu appears before the shutdown:

6. Click on “Troubleshoot”
7. Then “Startup settings”:

8. Then, click “Restart”

9. The server finally reboots
10. And present the “Advanced Boot Options” (do you remember “F8”?)

 
11.    You can now select the Option “Disable Driver Signature Enforcement”
 

12.    Press “Enter”
13.    The server boots normally
14.    Install the exact same driver package:
14a.    Click “Install this driver software anyway” (you don’t want to pay for new hardware and drivers):

14b.    Do it as many times as required (in my case 5 times)
14c.    Then the drivers setup ends:

15.    And the HCA card is here:

 
And enjoy your hardware until the next major release of Windows Server.
<Emmanuel/>

P.S.: If you want to be sure it is a driver signature issue, try to update the driver and check the message:

Comments

  • Anonymous
    May 28, 2014
    Thank you for this information. It was invaluable to me.

  • Anonymous
    June 15, 2014
    Thanks for the clear description of the workaround.

  • Anonymous
    July 15, 2014
    Thanks for the post- sorted out my driver update. Much appreciated

  • Anonymous
    September 25, 2014
    Hi there.   What is your trick for getting the driver installer to run on 2012R2?  I was looking at the .msi with a text editer but didn't know what to change.  Any help would be appreciated.

  • Anonymous
    October 15, 2014
    This is great if you have access to the server directly.  What do you do if the server is on the Cloud?  There is no direct access.  I've looked all over to find how to disable the requirement for a signed driver, but all state this works if you have direct access.  There is no F8 option, nor is there any way to get to the option to disable asking for signed drivers. Any clue on what to do here?

  • Anonymous
    October 19, 2014
    @Loren McGuire: see: community.spiceworks.com/.../69062-installing-unsigned-drivers-windows-8-8-1-2012-2012r2 quoted from site: On occasion we might need to install unsigned drivers. Due to new security settings on later MS Windows     versions (8, 8.1, Server 2012 and Server2012 R2 at time of writing), unsigned drivers are blocked by default without the option to override. This is a quick guide to enable unsigned driver installations.

Open a Command Prompt (Run as Administrator) 2. Enter the following command and press Enter: BCDEDIT /Set LoadOptions DDISABLE_INTEGRITY_CHECKS 3. If this completes successfully, enter the next command: BCDEDIT /Set TESTSIGNING ON 4. Once competed, restart the server

  • Anonymous
    December 18, 2014
    The restart option might not appear, if it does not, log on with the built-in admin(.administrator) directly on the machine or if it is a VM, directly through the console and not via RDP.

  • Anonymous
    December 24, 2014
    Thank you friend this was so muuch helpfull and also a new knowledge for me i will tell about it to my friends we are the students of MCSE and we were facing this problem that is solved by your help. Thank you again!

  • Anonymous
    December 27, 2014
    Worked perfectly, so after the unsigned driver is installed and everything is working, would you re-enable driver signing by doing the reverse to ensure nothing else "unsigned" could be installed?

  • Anonymous
    July 05, 2015
    Thanks very much for this information. It worked like a charm!

  • Anonymous
    October 01, 2015
    I've been looking for over an hour and tried several suggestions. This one worked. Thank you.