First published on MSDN on Sep 18, 2013
When installing SQL 2008 on a newer OS or a machine that has .NET Framework 4.0, you can encounter errors if the SQL installation media is running from a UNC path. The application log can throw an error such as the one below:
Log Name: Application Source: .NET Runtime Date: 6/30/2013 4:20:04 PM Event ID: 1026 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Machine.Domain.com Description: Application: setup100.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Security.SecurityException Stack: at Microsoft.SqlServer.Chainer.Setup.Setup.DebugBreak() at Microsoft.SqlServer.Chainer.Setup.Setup.Main()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name=".NET Runtime" /> <EventID Qualifiers="0">1026</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-06-30T20:20:04.000Z" /> <EventRecordID>33228</EventRecordID> <Channel>Application</Channel> <Computer>Machine.Domain.com</Computer> <Security /> </System> <EventData> <Data>Application: setup100.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Security.SecurityException Stack: at Microsoft.SqlServer.Chainer.Setup.Setup.DebugBreak() at Microsoft.SqlServer.Chainer.Setup.Setup.Main()</Data> </EventData> </Event>
There are significant changes in CAS in .net 4.0 - http://blogs.msdn.com/b/shawnfa/archive/2010/02/24/so-is-cas-dead-in-net-4-or-what.aspx which result in this. In the .NET Framework version 3.5 and earlier versions, if you loaded an assembly from a remote location, the assembly would run partially trusted with a grant set that depended on the zone in which it was loaded. For example, if you loaded an assembly from a website, it was loaded into the Internet zone and granted the Internet permission set. In other words, it executed in an Internet sandbox. If you try to run that assembly in the .NET Framework 4 and later versions, an exception is thrown; you must either explicitly create a sandbox for the assembly.
More details on the .NET Framework 4.0 Security model: http://msdn.microsoft.com/en-us/magazine/ee677170.aspx
There has been an article very recently released on the same but doesn’t list all the workarounds http://support.microsoft.com/kb/971269
There are several workarounds here, either of which can help.
1. Install the Media from a Local drive
2. Remove the V4.0 Config element from the setup file ( setup.exe.config) of the SQL setup directory ( make a copy of the file before doing that)
<configuration> ... <startup useLegacyV2RuntimeActivationPolicy="true"> <supportedRuntime version="v4.0"/> <supportedRuntime version="v2.0.50727"/> </startup> ... </configuration>
3. Turn off LegacyCasPolicy and allow remote assemblies to be run in the Setup.exe.config of the SQL setup directory, and add the highlighted element. The <loadFromRemoteSources> element lets you specify that the assemblies that would have run partially trusted in earlier versions of the .NET Framework are to be run fully trusted in the .NET Framework 4 and later versions. By default, remote assemblies do not run in the .NET Framework 4 and later ( http://msdn.microsoft.com/en-us/library/dd409252.aspx )
<runtime> < legacyCasPolicy enabled="false" /> <loadFromRemoteSources enabled="true"/> </runtime>
4. Use CasPol to trust the UNC share ( Using CasPol to Fully Trust a Share ). Please understand the security ramifications of doing this
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe -m -ag 1 -url "file:\\share\sqlinstall\*" FullTrust -exclusive on
5. Uninstall Microsoft .NET Framework 4 / Microsoft .NET Framework 4 Client Profile ( more of a last resort unless you don’t need it).
Denzil Ribeiro – Sr. Premier Field Engineer
Updated Apr 28, 2020
Version 4.0SQLPFE
Brass Contributor
Joined March 15, 2019
Core Infrastructure and Security Blog
Follow this blog board to get notified when there's new activity