Summary

Directory Server 10 updates may not complete successfully for organizations that choose to import a certificate from a PFX file during the initial Directory Server installation. You may not receive a visible error message when running the MSP file for an update; the installation process displays a progress bar and appears to complete, but no files are updated. The Windows Application Log may contain an MsiInstaller entry similar to the following:

Product: Laserfiche Directory Server 10.0 - Update 'Laserfiche Directory Server x64 10.0.0.222 Update 1 (KB 1013748)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages.

If you log the patch installation, the installation log will include the following error messages:

Invoking remote custom action. DLL: C:\Windows\Installer\MSI7F4B.tmp, Entrypoint: InstallCertificates
InstallCertificates: Error 0x80070057: Failed to read PFX file:
InstallCertificates: Error 0x80070057: Failed to read certificate from file path.
InstallCertificates: Error 0x80070057: Failed to resolve certificate: SSLCertificate2
CustomAction InstallCertificates returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

Workaround

The update process does not have access to the PFX certificate and password specified during the original Directory Server installation process. As a workaround, use a command prompt to manually run the Microsoft Windows Installer patch file (.MSP) and pass in the certificate and password.

msiexec /p SampleDirectoryServerUpdate.msp SELECTEDCERTPATH=PathToPFXFile SELECTEDCERTPASS=PFXCertFilePassword

For example, to install Laserfiche Directory Server 10 Update 1:

msiexec /p C:\Temp\LFDS_x64_100222_KB1013748.msp SELECTEDCERTPATH=C:\Certs\SampleCertificate.pfx SELECTEDCERTPASS=SampleCertPassword

Related Links

1013748 List of Changes for Directory Server 10 Update 1