“A digitally signed driver is required” warning when you install SQL Server packages in Windows Server 2016 and Windows 10

Applies to: Windows Server 2016Windows 10, version 1607SQL Server 2016 Developer More

Symptoms


You install a SQL Server cumulative update or an installation of SQL Server that includes a cumulative update (also referred to as a slip-streamed installation) on a version of Windows Server 2016 that has Secure Boot enabled. 

In this scenario, the Setup program either reports an error and fails or else it succeeds while triggering warnings and error messages that resemble the following.

Error message when Filestream feature is selected during Setup or is already enabled on an existing installation of SQL Server to which a cumulative update is being applied:

The following error has occurred:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Click ‘Retry’ or retry the failed action, or click ‘Cancel’ to cancel this action and continue setup.


And this:

Program Compatibility Assistant

A digitally signed driver is required

RsFx Driver
Microsoft Corporation




Warning message when the Filestream feature is not selected during a slip-streamed installation of SQL server that includes a cumulative update:




Note In this scenario, you cannot enable the Filestream feature by using SQL Server Configuration Manager after setup is completed.

The following table summarizes the combinations by which these symptoms may occur in various versions of SQL Server.

SQL Server 2016 (affects CU2 for RTM)
CombinationFilestream feature Error/Warning?
CU2 on SQL 2016EnabledError
SQL 2016+ CU2 SlipstreamEnabledError
SQL 2016+ CU2 SlipstreamDisabled or not selected (default)Warning


SQL Server 2014 (affects CU9 for SP1)
CombinationFilestream feature Error/Warning?
CU9 on SQL 2014 SP1EnabledError
SQL 2014+ SP1+ CU9 SlipstreamEnabledError
SQL 2014+ SP1+ CU9 SlipstreamDisabled or not selected (default)Warning


SQL Server 2012 (affects CU5 for SP3 and CU14 for SP2)
CombinationFilestream feature Error/Warning?
CU5 on SQL 2012 SP3EnabledError
SQL 2012+ SP3+CU5 SlipstreamEnabledError
SQL 2012+ SP3+CU5 SlipstreamDisabled or not selected (default)Warning
CU14 on SQL 2012 SP2EnabledError
SQL 2012+ SP2+CU14 SlipstreamEnabledError
SQL 2012+ SP2+CU14 SlipstreamDisabled or not selected (default)Warning


Note Hyper-V Gen2-type VMs have Secure Boot enabled by default, and therefore users are more likely to encounter this issue when they install SQL 2016 and Cumulative Update 2 (CU2) on Windows Server 2016 or Windows 10 on a Gen2 Hyper-V VM. However, the issue may also occur on physical servers if Secure Boot is turned on.

Resolution


Cumulative Update 16 for SQL Server 2012 SP2


Recommendation: Install the latest cumulative update for SQL Server 
Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. We recommend that you download and install the latest cumulative updates for SQL Server:


Workaround

To work around this issue, use one of the following methods as applicable to your environment:
  • If the Filestream feature is not in use for your environment, this issue won't affect you except for the warning message that pops up at the end of the installation process. You can safely ignore the warning in this scenario.
  • If the Filestream/FileTable feature is in use for your environment and if you plan to install one of the affected cumulative updates described in the "Symptoms" section on Windows Server 2016, you may opt to temporarily disable Secure Boot. This lets you work around the issue until the upcoming servicing release that contains the code-signed RsFx driver is released.
  • If the Filestream/FileTable feature is in use for your environment and if you plan to install SQL Server 2016 on Windows Server 2016 and cannot disable Secure Boot, we recommend that you do not install the affected cumulative updates. Instead, wait for a future cumulative update release that has a signed RsFx driver.