Ready to rip my hair out!
My filter driver is installed along with a service. Everything is great.
The service can update itself (based on a command from the user from a
different machine). The service launches a batch file (so in the service
WinStation) which stops the service, runs the installer, and then restarts
the service. All of this goes great EXCEPT the driver that gets installed
as part of the install fails to install.
If the end user runs a batch that contains rundll32.exe
setupapi,InstallHinfSection . everything is great, but this forces a user to
visit each machine after an update 
This afternoon I’ve learned about client vs server installs, and I had hoped
I’d done everything to qualify as a server install (.sys is signed, .inf
refers to .cat, .cat is signed).
SetupAPI.log on a Win 2003 machine shows an error during the
InstallHinfSection request, but I don’t know what it means:
@ 16:23:01.775 #I329 Verifying catalog “c:\progra~1\pfe~1\mfx86.cat” failed.
Error 87: The parameter is incorrect.
@ 16:23:01.775 #I438 Verifying catalog “c:\progra~1\pfe~1\mfx86.cat” using
Authenticode™ policy failed. Error 0x800b0100: No signature was present
in the subject.
I’m (perhaps naively) signing the .cat file the same way as the .sys, and it
appears to work:
signtool.exe sign /a /v /ac C:\certs\MSCV-GlobalSign.cer /s MY /t
http://timestamp.globalsign.com/scripts/timestamp.dll mfx86.cat
The digital signature shows up in the .cat file if viewed from Explorer, and
signtool shows success. But InstallHInfSection is still not happy.
Does anyone have any ideas? Is it simply impossible to install/update a
driver from a service?
Thanks a lot.
Doug