TL;DR: I am now able to sign in and submit my driver. MS rejects it with an
empty report. I have no clue what needs to be fixed.
I am documenting everything in the hope it will help someone else, and the
good karma will come back to help me.
I received another email from the Microsoft support bot:
I hope you are having a nice day.
After further research we were able to confirm that you will not be
able to use the domain ‘nlited’ as it’s currently in use by another
account.
If you know the person of the company that has used the domain, you
can have that AAD added to the Hardware account or have the user added
to your account.
If you create a new AAD for a Hardware account you will need to use
a different domain. Please let me know if you have any further
questions or if this case may be marked as complete.
I am filled with dismay that Microsoft support will try to solve this
problem by sending an email once every 3 days for the next 10 years.
The last line prompted me to try to create a new Azure AD account using a
different domain name. I expected this to fail, complaining that either the
contact info or the EV certificate was already in use. But this time I paid
closer attention to what was happening. The site let me create a new Azure
AD domain “nlited1.onmicrosoft.com”, which included creating a new user
“xxxxx@nlited1.onmicrosoft.com”. The site then dumped me back to the “Get
Started” page.
This time it dawned on me that I had created a whole new class of accounts
under the nlited1.onmicrosoft.com domain. I signed out of the my SysDev
account and this time I selected “Some other account” from the sign in
dialog and entered the “@nlited1.onmicrosoft.com”. This allowed me to enter
the inner sanctum. With this new knowledge, I went back through my notes and
found the original account “@nlited.onmicrosoft.com” and I was finally able
to sign in.
At this point I don’t know whether to feel sad, stupid, ashamed, or angry.
If the Hardware Dashboard site had given even the slightest indication *why*
it was silently rejecting my sign in I would have known to try a different
account and I would have eventually tried the onmicrosoft.com account.
Unfortunately, I became fixated on the sign in failure, and without any
information from the site I assumed it was a site bug. As I was also busy on
other things, this festered for *three weeks* of frustration. If any of the
support technicians (or bots) would have simply told me to look for a new
“onmicrosoft.com” account, I would have quickly solved the problem.
At least now I can move forward again.
I went through the process to register my EV certificate. (Apparently any
information from SysDev was not migrated.) I was then able to find my way to
the page to upload my driver. (The EV certificate is from Comodo, the Class3
certificate is from Symantec.)
I added my Class3 certificate by signing the test file:
cd “C:\Program Files (x86)\Windows Kits\10\App Certification Kit”
signtool sign /s MY /n nlited /i Symantec Signable.bin
CREATING THE CAT
I need to package the driver into a .cat package that includes:
- CryptDisk.inf: This provides the package information.
- CryptDriver2.sys: The driver binary to be signed.
NOTE: I am only including the 64bit driver. The unsigned driver runs fine on
Windows 10 1703, I am using it now.
Create a “fake” inf file:
[Version]
Signature = “$Windows NT$”
Class = USB
ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}
Provider = %Mfg%
DriverVer = 03/20/2018,3.1.0.1172
CatalogFile = CryptDisk.cat
[SourceDisksNames]
3426=Our Disk
[SourceDisksFiles]
CryptDriver2.sys=3426,\64
[SourceDisksFiles.NTamd64]
CryptDriver2.sys=3426,\64
[DestinationDirs]
xxxx.copy
[Manufacturer]
%Mfg%=nlited,NTamd64
[nlited]
%DeviceDesc% = xxxx, ROOT\FAKE_0001
[nlited.NTamd64]
%DeviceDesc% = xxxx, ROOT\FAKE_0001
[xxxx.NT]
CopyFiles= xxxx.copy
[xxxx.NTamd64]
CopyFiles= xxxx.copy
[xxxx.copy]
CryptDriver2.sys
[Strings]
Mfg=“nlited systems inc.”
Add the WDK tools to the PATH:
PATH=“C:\Program Files (x86)\Windows Kits\10\x86\bin”;%PATH%
PATH=“C:\Program Files (x86)\Windows Kits\10\App Certification Kit”;%PATH%
Copy the files to a staging directory:
xcopy /y Bin\CryptDisk.inf Out\winx64Release\cat\
xcopy /y Out\winx64Release\CryptDriver2.sys Out\winx64Release\cat\64\
Build the .cat file:
inf2cat /driver:Out\winx64Release\cat /os:10_X64 /uselocaltime
Inf2Cat complained “DriverVer missing or incorrect.” The date must be
specified as MM/DD/YYYY with 2 digits for month and
day. The version should match the “File version” from the Explorer
Properties/Details page, 3.1.0.1172.
Following instructions from href=“https://www.osronline.com/showthread.cfm?link=275229”>OSROnline
I created an option file “MakeCab.txt”:
.option explicit
.set CabinetFileCountThreshold=0
.set FolderFileCountThreshold=0
.set FolderSizeThreshold=0
.set MaxCabinetSize=0
.set MaxDiskFileCount=0
.set MaxDiskSize=0
.set Cabinet=on
.set Compress=on
.set CabinetNameTemplate=CryptDisk.cab
.set DestinationDir=Package
.set DiskDirectoryTemplate=.
cat\CryptDisk.inf
.set DestinationDir=cat\64
cat\64\CryptDriver2.sys
And built the .cab:
makecab /f …..\Bin\MakeCab.txt
Cabinet Maker - Lossless Data Compression Tool
103,995 bytes in 2 files
Total files: 2
Bytes before: 103,995
Bytes after: 49,960
After/Before: 48.04% compression
Time: 0.17 seconds ( 0 hr 0 min 0.17 sec)
Throughput: 590.45 Kb/second
And signed the .cab:
signtool sign /s my /n nlited /i symantec /t
http://timestamp.VeriSign.com/scripts/timstamp.dll CryptDisk.cab
I can verify the signature using File Explorer.
I uploaded the signed .cab to the Hardware Dashboard. HINT: Each submission
should have an easy to recognize, unique name link “CryptDisk
20180321-1420”.
MS complained that “This submission does not include symbols.” This appears
to be optional. I clicked OK to continue.
After about 10 minutes, it passed “Scanning” and failed “Validation”. The
downloaded report was an empty (0 bytes) file. I have no clue what went
wrong or how to fix it.
I tried to submit a trouble ticket, but this routed me back to the generic
Microsoft Support page which won’t accept my nlited.onmicrosoft.com
account.
Sincerely,
A Very Frustrated Windows Developer