A referral was returned from the server error with Rnx 3.2.1

[roneil]

We are receiving an “A referral was returned from the server” error message when trying to use Ranorex 3.2.x on a Windows 7 x86 test system with enhanced security. We can use Ranorex 3.0.2 and 3.1.3 with no issues on the same test system. Disabling UAC fixes the issue with 3.2.1, but 3.0.2 and 3.1.3 worked fine with the UAC enabled.

We can run a test script developed under 3.2.1 on the test system upon which either a licensed 3.2.1 runtime or an evaluation version of 3.2.1 is installed. The executed script(s) will ask to extend the evaluation period or allow you to install a license. We simply cannot directly execute a Ranorex 3.2.1 executable – including the Ranorex License and Ranorex Report Viewer executables.

We performed a direct comparison by starting with the same test system image and installing different versions of Ranorex. We ensured the "Launch Ranorex Studio when setup ends" was checked in each installation. We made no other changes or installed any other software during the comparisons. We reset the test system using the image after each test.

Upon request, we will send you a PDF with screenshots and details about the installation via email or by FTP upload.

The licensing dialog appears after clicking the Finish button at the end of the installation when installing versions 3.0.2 and 3.1.3. Ranorex Studio then launches after clicking ‘Continue Evaluation’ on the license dialog. Note: Ranorex Studio won’t launch if a runtime license is installed, but the Ranorex Report Viewer will.

When installing version 3.2.0 and 3.2.1, however, the licensing dialog does NOT appear when clicking the Finish button at the end of the installation. Neither does Ranorex Studio. No error messages appeared, either.

We next tried to launch various Ranorex applications directly. We used desktop shortcuts, taskbar shortcuts, and the Start Menu – both normally and by right click then ‘Run as Administrator’. All of these methods gave us the “A referral was returned from the server” error message.

We even tried launching the executables through Windows Explorer. We tried double clicking on the executable files, by right clicking the executable files and clicking Open, and by right clicking the executable files and clicking ‘Run as Administrator’. We received the same error message no matter how we tried to launch the executables.

We did, however, manage to get the licensing dialog to appear by executing a test script built on a developer system using Ranorex Studio 3.2.1. Any test script would work. The Ranorex Report Viewer, however, will not open to display the Ranorex Logs created by the scripts. We get the same error trying to run the Report Viewer executable directly using Windows Explorer.

We can open the logs on systems with the UAC disabled, so we're sure the logs are valid and that UAC is the most likely culprit.

Our contract with our customer requires we deliver system images with the application and its dependencies and components already installed. These images are then installed on their hardware. These images must meet strict security requirements, including the use of UAC and Group Policies.

Until Ranorex 3.2.x, we were able to perform tests on the ‘stock’ system images in a state very close to what we deliver. We only disabled screen savers and power save options; all other security requirements remained enabled.

Our contract makes it imperative that we test these systems and applications in their fielded security configurations. This means we need a work-around or fix that does not require we disble the UAC in Windows Server 2008 R2 (x64) and Windows 7 (x86 and x64) to upgrade to 3.2.1.

[Support Team]

What changed with the Ranorex 3.2 release is that all Ranorex Tools executables (Spy, Recorder, Studio, ...) are now digitally signed. This is recommended from Microsoft and will be required for Windows 8. In order to check the digital signature, the system time of the machine must be correct.

Moreover, if your system is not up to date (Windows Updates) and consequently does not have up-to-date Verisign certificates installed, Windows will try to connect to the Internet in order to validate the digital signature. This only happens for the first time you start a Ranorex Tool in order to update the Verisign certificates.

Alternatively, you can also manually install the newest Verisign certificates from their website:
WebSite: http://www.verisign.com/support/roots.html
Direct Link: http://www.verisign.com/support/roots.zip

Regards,
Alex
Ranorex Team

[roneil]

Alex,

Out of date certificates appears to have been our problem, as you indicated.

Installing the root certificate updates on our test systems using this URL fixed our issues.

Our images are updated for windows and other security issues quarterly; end users cannot run Windows Update so we supply quarterly security patches with all KBs, etc. approved by our customer. The last security update patch was in November and including issues fixed through the end of October 2011, which is why 3.2.1 couldn't find its certificate.

We're currently setting up to test the January security update to be released later this month. We will verify that these certificates are in that update.

Thank You.

[Support Team]

Installing the root certificate updates on our test systems using this URL fixed our issues.

Great, thank you for letting us know!

Regards,
Alex
Ranorex Team

[roneil]

Alex,

I spoke further with our system image security folks. They said that it would be better if we just installed or allowed access to the exact certs used by the Ranorex applications and not install everything as I did to prove the cause of our issue.

Can you give us a listing of the certs required by Ranorex?

If so, they say they can create a script to include or allow these certs for use during our test system setup, where we also install Ranorex, etc., without overriding all the certifucation security in our base system images.

Thanks

[roneil]

We found a reference in another thread:
http://www.ranorex.com/forum/ranorex-ie ... html#p9700

Are these still the certifications needed?

[Support Team]

Are these still the certifications needed?

Yes, these should still be valid.

You can also check which certificates are needed by inspecting the file properties of the Ranorex setup executable, specifically the tab "Digital Signatures".

Regards,
Alex
Ranorex Team

[roneil]

We tried installing the certificate imbedded in the installer, but still get the same issues. There must be other certificates needed -- maybe for the C++ 2008 and 2010 C++ runtime dependencies that get installed before Ranborex is installed.

Unless we can determine the exact dependency certificates that are missing, we will need to execute the full certificate update indicated in an earlier post.

Thank You for your assistance.