Error 1625 When Installing Service Pack or Hotfix

  • 7021865
  • 12-Feb-2009
  • 01-Apr-2018

Environment

INFOConnect Enterprise Edition for Airlines, IBM and Open Systems
INFOConnect Airlines Gateway
INFOConnect Enterprise Edition for Airlines PTR Plus
INFOConnect Enterprise Edition for Unisys, IBM and Open Systems
INFOConnect Enterprise Edition for Airlines PTR Server
INFOConnect Enterprise Edition for Unisys
INFOConnect Enterprise Edition for Airlines
Reflection for Secure IT Windows Client

Situation

When attempting to install a service pack or hotfix (*.msp file), you may see the following error:
Figure 1. Attachmate Patch Wizard: 'The patch was unsuccessful. It returned error number: 1625' Figure 1. Attachmate Patch Wizard: 'The patch was unsuccessful. It returned error number: 1625'

The installation log may contain lines similar to the following:

MSI (s) (DC:E4) [08:38:19:984]: Validating digital signature of file 'C:\WINDOWS\Installer\16c197e6.msp'
MSI (s) (DC:E4) [08:38:20:046]: Certificate of signed file 'C:\WINDOWS\Installer\16c197e6.msp' does not match certificate authored in the package
MSI (s) (DC:E4) [08:38:20:046]: Product: Attachmate Reflection for Secure IT Client 7.0 - Update '{C720E524-1842-47F8-8FAA-D8C6146C9DB5}' could not be installed. Error code 1625. Additional information is available in the log file C:\DOCUME~1\myusername\LOCALS~1\Temp\atmpatch381952392.log.

This issue occurs only when all of the following are true:

  • You are using Microsoft Windows Installer (MSI) version 4.0 or higher. Note the following:
    • Version 4.0 is provided with Windows Vista and Windows Server 2008 R1.
    • Version 4.5 (released June 2008) is available for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 and is redistributed with some third-party products.
    • Reflection and INFOConnect products (listed in Applies To section) do not distribute MSI version 4.x. (On Windows XP and Windows Server 2003, setup.exe updates MSI to version 3.1 if necessary.)
  • Installation of the service pack or hotfix is being performed as a non-administrative user.
  • The service pack or hotfix was created by Attachmate on or after 04-Feb-2009.

Resolution

To resolve this error, you can either install as an administrative user, or add a new certificate to your product(s) before installing as a non-administrative user.

Install as Administrative User

Instead of using LUA patching, the service pack or hotfix can be installed as a user with administrative privileges.

Add Installer Certificate to Enable Non-Administrative Patching

If LUA support is required in your environment, you can add a new certificate to your installed Attachmate product(s) by downloading and running the Attachmate Installer Certificate Update 2009, T102009.exe.

Note: You must install items in the following order:

1. Reflection or INFOConnect product(s)
2. Attachmate Installer Certificate Update 2009 (T102009.exe)
3. Service Pack or Hotfix

If you subsequently install an additional Attachmate product (listed in the Applies To section above), then the Installer Certificate Update 2009 must be uninstalled and re-installed.

To verify that the Installer Certificate Update 2009 has been successfully applied, go to Add/Remove Programs (on Windows XP) or Programs and Features (on Windows Vista) and examine the Reflection or INFOConnect product’s installed updates.

Cause

Typically, installation tasks are performed by a user with administrative rights (member of the Administrators group). However, Microsoft Windows Installer version 4.0 and higher includes support for Least-privileged User Account (LUA) installation and patching. Vendors can designate installer packages as not requiring elevated (administrative) privileges to install, thus allowing installation by a non-administrative user without prompting for administrative credentials.

Installer packages use internal digital certificates to ensure patch files are authentic and unaltered, and to enable LUA patching. Each certificate is valid for a limited time. Service packs or hotfixes created by Attachmate on or after 04-Feb-2009 are signed with a new certificate. LUA support requires matching certificates, so the originally-installed product must be updated to add a new certificate.

Additional Information

Legacy KB ID

This document was originally published as Attachmate Technical Note 2336.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.