Always getting "A referral was returned from the server"

I've suddenly getting the same error "a referral was returned from the server" on several programs.  These programs have been on my machine for months.  Turning off the UAC does not help.  Logging in as administrator does not help.  My computer is not connected to a domain.

Windows 7 64 bit

Just disabling that security feature is a really heavy handed approach.  That's in there to make it harder for your computer to be hacked; not to keep you from running programs you want to run.

Instead of completely opening your system up to running code that isn't signed or validated, you may be able to simply tell your system to trust the signer.  You have to click a lot more to do this, but I think it's the better solution.

• open Explorer to the program in question
• right-click on it and select Properties
• look for a tab named "Digital Signatures" and click on it. *** If that's not there, the code isn't signed and this isn't going to help you.
• hopefully there'll be exactly one signature in the list. Click on that and then click on Details.
• click on the View Certificate button
• click on Install Certificate
• click on Next
• * do NOT let it "Automatically select the certificate store". I've never had that work. Instead click on the "Place all certificates in the following store" radio button and then click Browse
• * take note of the certificate name! You'll need this later!
• select Trusted Root Certification Authorities. Click OK
• click Next and then Finish

Test you program - it should now run.

BUT if you stop here, you've opened yourself up to another security threat.  Albeit, a lesser one than just disabling code signature checking altogether.

To really do things right you need to tell Windows to only trust this new certificate for signing code- not for validating websites or anything else.

• start up the Certificate Manager (Start: Run: mmc, then File: Add/Remove Snapin, click Certificates, click Add, click Finish, click OK)
• right-click on Certificates, click on Find Certificates, then type in part of the name of the certificate (this is what you noted above).  Or you could browse the Trusted Root Certification Authorities store, but it's usually a lot a look through)
• now that you've found your certificate, right-click on it and click Properties
• in the General tab, select "Enable only the following purposes"
• uncheck everything except "Code Signing"

Now you're done!

This process sure could be simplified!

To me it seems that when you right-click on an executable in Explorer, Windows should check to see if it's trusted.  And if it isn't, there should be an option there in the Context Menu to let you add trust - maybe even a wizard to handle the deeper choices like to add trust for just this user or for the whole computer and whatever else there is.

Whenever I download a new program and attempt to install it I get the message "A referral was returned from the server". This includes Nvidia Win7 drivers. I have tried compatibility mode, but still get that error message!

I had the same problem installing a third party touch keyboard on my tablet.  I tried the other things in this thread first.  First, I am on regular Win8.1 and do not have access to GPEdit.msc nor SecPol.msc.  To attempt Brian's solution, I used regedit to find the key for **User Account Control: Only elevate executables that are signed and validated.**However, the registry setting was already disabled- so this property was not my issue.  (Note that my problem is with the app installation, so I was going to change the registry setting back after successful installation - thereby rendering Robert's "heavy-handed" objection moot.)

Then I tried the solution offered by Robert, but I could not access the details of the digital signature - another dead end, leaving me where?  So, as a last resort, I opened Properties from the install executable's context menu.  I checked the "Run this program as an administrator" box under Settings on the Compatibility tab.

I ran the installation exe and voila, there you go.

Hi Tom,

Thank you for visiting Microsoft Answers.

Is your computer attached to a domain? If so your post is closely related to the domain/server settings. Your post would be better suited in the Microsoft TechNet Community. Please visit the link below to find a community that will offer the support you request.

[http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/threads]

Thanks,

Hope this helps. Let us know the results.

Meghmala – Microsoft Support

Visit our [Microsoft Answers Feedback Forum] and let us know what you think