HLK submission and a lovely... deer!
On Mon, Jan 09, 2017 at 01:14:26AM -0500, email@example.com wrote:
> I have a File System Driver which I have had attestation signed. I am now
trying to make an HLK submission so that my FSD can run on Server 2016.
> After some pulling of hair I managed to create a signed .hlkx file and tried
to submit to Sysdev. No dice as I got the following message:
> Onwards then as I had only spent 6 out of the 8 hours I budgeted for what
should be a 5 minute process. I created another account, signed another
executable and entered my contact details, only to be greeted by... a lovely
> I kid you not. After all this I got the picture of a deer and the error
<...excess quoted lines suppressed...>
It took me over a month between the time they switched to the new portal
(10 Nov 2016) and the time I got a finished, signed driver out the other
side (23 Dec 2016). You're a bit lucky; you aren't stuck with being forced
to try and sign an .xml file with signtool (yes, they asked for this for
a time), nor are you stuck with the known issue that took 3 weeks to fix,
where you sign the file, upload it, only to have it come back to you and
say "this isn't the same file you downloaded.". Those, hopefully, are
I fought with it for a week before finally figuring out the best way to
get satisfaction was to open a ticket with support. It took me about two
weeks after that to finally get the ticket escalated to the right team.
Once it was there, it was only another 3 weeks to get to a point where I
could submit things. Now, thankfully, things seem to be stable - I've pushed
about 6 or 8 submissions through in the last week or so.
I never saw the deer, but I did have a bunch of random issues at the same
place you are at -
* check to make sure you are signing with an EV cert
+ make sure your EV cert is a SHA256 cert (someone told me all of them are,
but a forum post I found while debugging this claimed the portal does verify
* check to make sure you are signing with /fd SHA256. The default is sha1,
and the portal rejected those submissions when I submitted them (with a
cryptic error that needed support to decode)
* as before, you'll need to add in the embedded cross-certificate if you
are loading at boot (eg, "start=0"). I don't think this changed from
the old HLK, but it did trip me up for a day or so.
I can probably dig up some old emails for contact information if you
can't get any help opening your own ticket. I wish they had kept the old portal,
but support claimed they want to move everyone to a single portal (apparently
this is the same portal they use for windows store submissions?)
I do still see a few problems, but I can live with them -
* submission packages that have multiple drivers in them fail with an error
"it looks like this submission should have drivers but none were found".
Splitting these submissions into single submissions, one for each driver,
* .hckx submissions seem to be hit-and-miss, I've had about a 50/50 success
rate. If I just resubmit the same package, it eventually works. HLK
submissions seem to work for me consistently now, and from what I can tell,
these signed packages are accepted on Server 2012 R2, so I've just been
doing HLK tests.
Hope this helps.
> NTFSD is sponsored by OSR
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
> Details at
> To unsubscribe, visit the List Server section of OSR Online at