Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
To prevent connection failure with local USB devices on a Windows 7 client machine, update the Windows machine with Microsoft Security Update KB3033929 before installing the USB Development Kit Driver (spice-usbdk-win). Failure to apply this update before installing the spice-usbdk-win driver otherwise results in USB connection loss and an error reporting an unsigned driver.
See https://technet.microsoft.com/en-us/library/security/3033929 for more information on this security update.
DescriptionAndrei Stepanov
2016-02-15 16:29:51 UTC
Created attachment 1127334[details]
Warning spice-usbdk-win-1.0-12 driver is not signed. Nevertherless, spice-usbdk-win 1.0-10 didn't show such warning.
Client loses connection with all local USB devices after installing spice-usbdk-win.
Client - is Windows 7 64 SP1 installed on bare-metal machine.
rpm -qf /usr/share/spice/usbdk-x64.msi
rhevm-spice-client-x64-msi-3.6-6.el6.noarch
rpm -q --changelog rhevm-spice-client-x64-msi | head -n 7
* Mon Jan 04 2016 Uri Lublin <uril> - 3.6-6
- mingw-virt-viewer 2.0.8
- mingw-spice-gtk 0.26-10
- mingw-libusbx 1.0.20-1
- spice-usbdk-win 1.0-10
- Send requests to usbdk asynchronously (rhbz#1144043)
How reproducible: Always.
Steps to Reproduce:
1. In www-browser go to home page "Red Hat Enterprise Virtualization Manager"
2. Click at select "Downloads -> Console Client Resources"
3. Download and install "UsbDk for 64-bit Windows"
4. Reboot client.
Actual results: After reboot, keyboard/mouse/usb_flash_driver connected to client machine doesn't respond.
Hint to recovery from this state: reboot the client, at startup press F8, select "Disable Driver Signature Enforcement", uninstall UsbDK.
Also, I have tested a build: spice-usbdk-win-1.0-12. Got the same result + warning about driver is not signed. (spice-usbdk-win 1.0-10 didn't show such warning).
Please note, that bug should be closed only as rhevm-spice-client-x64-msi RPM gets correct version of spice-usbdk-win.
A short update:
I reproduced this issue on my Win7 machine. Indeed the problem is related to UsbDk driver digital signature.
I verified digital signature of UsbDk.sys, it is absolutely fine but Windows cannot verify it for an unknown reason.
Continuing the investigation...
UsbDk.sys driver is signed by SHA-2 code certificate received by RedHat from Symantec.
There is a problem on Windows 7/2008R2 with SHA-2 code signing certificates. In some cases SHA-2 signed drivers fail to load on these systems while the signature is perfectly valid. Microsoft fixed this issue by security update 3033929. This update needs to be downloaded and installed in order to load such drivers.
The update may be downloaded from https://technet.microsoft.com/en-us/library/security/3033929.
Installation of this update fixed the problem I observe on my test systems.
Andrei, please verify that it fixes the problem you observe as well.
Thanks,
Dmitry
Created attachment 1127334 [details] Warning spice-usbdk-win-1.0-12 driver is not signed. Nevertherless, spice-usbdk-win 1.0-10 didn't show such warning. Client loses connection with all local USB devices after installing spice-usbdk-win. Client - is Windows 7 64 SP1 installed on bare-metal machine. rpm -qf /usr/share/spice/usbdk-x64.msi rhevm-spice-client-x64-msi-3.6-6.el6.noarch rpm -q --changelog rhevm-spice-client-x64-msi | head -n 7 * Mon Jan 04 2016 Uri Lublin <uril> - 3.6-6 - mingw-virt-viewer 2.0.8 - mingw-spice-gtk 0.26-10 - mingw-libusbx 1.0.20-1 - spice-usbdk-win 1.0-10 - Send requests to usbdk asynchronously (rhbz#1144043) How reproducible: Always. Steps to Reproduce: 1. In www-browser go to home page "Red Hat Enterprise Virtualization Manager" 2. Click at select "Downloads -> Console Client Resources" 3. Download and install "UsbDk for 64-bit Windows" 4. Reboot client. Actual results: After reboot, keyboard/mouse/usb_flash_driver connected to client machine doesn't respond. Hint to recovery from this state: reboot the client, at startup press F8, select "Disable Driver Signature Enforcement", uninstall UsbDK. Also, I have tested a build: spice-usbdk-win-1.0-12. Got the same result + warning about driver is not signed. (spice-usbdk-win 1.0-10 didn't show such warning). Please note, that bug should be closed only as rhevm-spice-client-x64-msi RPM gets correct version of spice-usbdk-win.