Summary

After successful installation and activation of DSA on Windows 2008 / 2008 R2 Server, the Intrusion Prevention and Firewall Engine becomes offline on Deep Security Manager (DSM) console.

The root cause of this issue is that the network engine driver was not successfully installed. Windows did not trust the driver because it is signed with SHA-2 by Microsoft. Legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) do not support drivers signed with SHA-2.

Starting January 1, 2020, drivers used by the Deep Security Agents on Windows are signed using SHA-2 by Microsoft (and no longer dual signed using SHA1 and SHA2).

Below is the sample entries of driver verification when the DSA driver is being installed. The log entries are found in C:\Windows\INF\setupapi.dev.log.

! sig: Verifying file against specific Authenticode(tm) catalog failed! (0x800b010a)
! sig: Error 0x800b010a: A certificate chain could not be built to a trusted root authority.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b010a)} 12:46:56.642
!!! sto: An unexpected error has occurred while validating the Driver Package. Assuming that the Driver Package is unsigned. Catalog = C:\Windows\system32\DriverStore\Temp\{0b954d2c-6f52-41b1-a307-3c0e513091a1}\Package\tbimdsa.cat, Error = 800b010a
!!! sto: The driver package is considered unsigned.
!!! sto: Driver package failed signature verification.
!!! sto: Error = 800b010a