SecurityException / ‘The process was terminated’ errors installing SQL 2008 when .Net Framework 4.0 is installed

When installing SQL 2008 on a newer OS or a machine that has .NET Framework 4.0, you can encounter errors if the SQL installation media is running from a UNC path. The application log can throw an error such as the one below:

 

Log Name: Application

Source: .NET Runtime

Date: 6/30/2013 4:20:04 PM

Event ID: 1026

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: Machine.Domain.com

Description:

Application: setup100.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.Security.SecurityException

Stack:

  at Microsoft.SqlServer.Chainer.Setup.Setup.DebugBreak()

  at Microsoft.SqlServer.Chainer.Setup.Setup.Main()

 

Event Xml:

<Event xmlns="https://schemas.microsoft.com/win/2004/08/events/event">

<System>

   <Provider Name=".NET Runtime" />

   <EventID Qualifiers="0">1026</EventID>

    <Level>2</Level>

    <Task>0</Task>

    <Keywords>0x80000000000000</Keywords>

   <TimeCreated SystemTime="2013-06-30T20:20:04.000Z" />

    <EventRecordID>33228</EventRecordID>

    <Channel>Application</Channel>

    <Computer>Machine.Domain.com</Computer>

   <Security />

</System>

<EventData>

   <Data>Application: setup100.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.Security.SecurityException

Stack:

  at Microsoft.SqlServer.Chainer.Setup.Setup.DebugBreak()

  at Microsoft.SqlServer.Chainer.Setup.Setup.Main()

</Data>

</EventData>

</Event>

 

There are significant changes in CAS in .net 4.0 - https://blogs.msdn.com/b/shawnfa/archive/2010/02/24/so-is-cas-dead-in-net-4-or-what.aspx which result in this. In the .NET Framework version 3.5 and earlier versions, if you loaded an assembly from a remote location, the assembly would run partially trusted with a grant set that depended on the zone in which it was loaded. For example, if you loaded an assembly from a website, it was loaded into the Internet zone and granted the Internet permission set. In other words, it executed in an Internet sandbox. If you try to run that assembly in the .NET Framework 4 and later versions, an exception is thrown; you must either explicitly create a sandbox for the assembly.

More details on the .NET Framework 4.0 Security model: https://msdn.microsoft.com/en-us/magazine/ee677170.aspx

There has been an article very recently released on the same but doesn’t list all the workarounds https://support.microsoft.com/kb/971269

 

There are several workarounds here, either of which can help.

 

1. Install the Media from a Local drive

 

2. Remove the V4.0 Config element from the setup file ( setup.exe.config) of the SQL setup directory ( make a copy of the file before doing that)

<configuration>

  <startup useLegacyV2RuntimeActivationPolicy="true">

    <supportedRuntime version="v4.0"/>

    <supportedRuntime version="v2.0.50727"/>

  </startup>

 

3. Turn off LegacyCasPolicy and allow remote assemblies to be run in the Setup.exe.config of the SQL setup directory, and add the highlighted element. The <loadFromRemoteSources> element lets you specify that the assemblies that would have run partially trusted in earlier versions of the .NET Framework are to be run fully trusted in the .NET Framework 4 and later versions. By default, remote assemblies do not run in the .NET Framework 4 and later (https://msdn.microsoft.com/en-us/library/dd409252.aspx )

 

<runtime>
< legacyCasPolicy enabled="false" />
<loadFromRemoteSources enabled="true"/>
< /runtime>

 

4. Use CasPol to trust the UNC share (Using CasPol to Fully Trust a Share ). Please understand the security ramifications of doing this

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe -m -ag 1 -url "file:\\share\sqlinstall\*" FullTrust -exclusive on

 

5. Uninstall Microsoft .NET Framework 4 / Microsoft .NET Framework 4 Client Profile ( more of a last resort unless you don’t need it).

Denzil Ribeiro – Sr. Premier Field Engineer

(@denzilribeiro)