As part of my software application, I distribute Microsoft Access 2003 MDB
database files. I digitally sign the VBA project in each file using a
VeriSign Class 3 Code Signing Certificate that is valid until November 1,
2009. I sign the Access database file with my computer’s locale setting set
to U.S. English.
The distributed Access database files can be opened fine on my customer’s
computers in the U.S., English Canada, French Canada, Hong Kong, Macau,
Brazil, the U.K., New Zealand, Australia, Colombia, Iceland, Poland, Germany,
Thailand, and China. These users can open the application with their Macro
Security Level set to Low, Medium, or High. This security level is the
setting that you can change by using the Access 2003 menu command
Tools|Macro|Security.

However, the users in Norway, Denmark, Finland, Croatia, Sweden, and
Slovenia have told me that they see this error message on their computers
when they have their Macro Automation Security Level set to Medium or High:
“Microsoft Office Access cannot open <database name> due to security
restrictions. Security settings restrict access to the file because it is not
digitally signed.” This error message is appearing even though the Access
database file is still signed.
The problem can be solved for these users if they drop their Macro Security
Level to the low setting. However, this setting cannot be changed for any
users who operate their computer in an enterprise environment where the IT
administrator can disable the changing of this setting by non administrators
of the computer. Furthermore, the low setting is not a recommended setting
for Microsoft Office, so I do not want to recommend that to my customers.
The problem can also be solved as well if the user changes their locale
setting from the problem locale (for example, Norwegian) to another
non-problem locale, such as U.S. English. However, this is not an acceptable
solution to a user who does not speak English as their primary language.

The problem does not seem to be related to non English versions of Microsoft
Windows or non English versions of Microsoft Access. For example, if I use
my development computer, which uses a U.S. English version of Windows XP with
Office 2003, then I can reproduce the problem simply by switching my computer
back and forth between U.S. English and Norwegian (Nynorsk). For example, if
I digitally sign the database file when my own computer is configured with a
locale set to a problem locale, such as Norwegian (Nynorsk), then I can open
the Access 2003 database file on other computers and my own computer with no
error messages as long as the computer is set to Norwegian (Nynorsk).
However, if I then try to open the database file in another locale, such as
U.S. English, then I begin to see the same error message that the users in
other countries see.
It seems to me that my only solution is to distribute versions of the
Microsoft Access 2003 databases that have been digitally signed in each
target locale. Since the distributed Access database files are 30MB in size,
this is not practical to do with a single installation program. It is also
error-prone and time-consuming.
I tried the same process using Access 2007, which is not used by most of my
users at present, and found the problem to be similar: Access 2007 will not
open the Access database signed using a locale dissimilar from the current.
However, Access 2007 does not even give as error message; it simply does not
open the database file after I click on the OK command button in the File
Open dialog.

Has anyone heard of this problem? Is there a workaround?

Thanks!

Dan Sabin <Dan (E-Mail Removed)> wrote:

>As part of my software application, I distribute Microsoft Access 2003 MDB
>database files. I digitally sign the VBA project in each file using a
>VeriSign Class 3 Code Signing Certificate that is valid until November 1,
>2009.

I have absolutely no idea. However this is very intriguing and I will
be asking my fellow MVPs and Microsoft to take a look at this.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
Granite Fleet Manager http://www.granitefleet.com/

"Tony Toews [MVP]" <(E-Mail Removed)> wrote:

>Dan Sabin <Dan (E-Mail Removed)> wrote:
>
>>As part of my software application, I distribute Microsoft Access 2003 MDB
>>database files. I digitally sign the VBA project in each file using a
>>VeriSign Class 3 Code Signing Certificate that is valid until November 1,
>>2009.

BTW you've done some excellent troubleshooting.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
Granite Fleet Manager http://www.granitefleet.com/

Hi Dan,

I, unfortunately, cannot be of direct help for you on this issue, but I can
suggest how to go about solving your problem. First, since it is a digital
signature, it is a VeriSign problem, not a Microsoft one. That said, I'd
almost bet that VeriSign will attempt to slough it off on Microsoft. They
will also most likely give it only cursory attention. If this happens, you
will need to get Microsoft involved to exert their influence on VeriSign.
The best way to do that is to open an incident with Microsoft Product
Support. If you have an MSDN subscription, I'd start by using one of your
support calls. If you don't, try and follow one of the phone or email
options in the Help menu.

Keep us informed. Although I doubt we can help directly, we may know someone
at Microsoft who either can help, or can point you somewhere where that help
may be forthcoming.
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.mvps.org/access
http://www.accessmvp.com


"Dan Sabin" <Dan (E-Mail Removed)> wrote in message
news:17ADD05C-D003-4F99-8987-(E-Mail Removed)...
> As part of my software application, I distribute Microsoft Access 2003 MDB
> database files. I digitally sign the VBA project in each file using a
> VeriSign Class 3 Code Signing Certificate that is valid until November 1,
> 2009. I sign the Access database file with my computer's locale setting
> set
> to U.S. English.
> The distributed Access database files can be opened fine on my customer's
> computers in the U.S., English Canada, French Canada, Hong Kong, Macau,
> Brazil, the U.K., New Zealand, Australia, Colombia, Iceland, Poland,
> Germany,
> Thailand, and China. These users can open the application with their
> Macro
> Security Level set to Low, Medium, or High. This security level is the
> setting that you can change by using the Access 2003 menu command
> Tools|Macro|Security.
>
> However, the users in Norway, Denmark, Finland, Croatia, Sweden, and
> Slovenia have told me that they see this error message on their computers
> when they have their Macro Automation Security Level set to Medium or
> High:
> "Microsoft Office Access cannot open <database name> due to security
> restrictions. Security settings restrict access to the file because it is
> not
> digitally signed." This error message is appearing even though the Access
> database file is still signed.
> The problem can be solved for these users if they drop their Macro
> Security
> Level to the low setting. However, this setting cannot be changed for any
> users who operate their computer in an enterprise environment where the IT
> administrator can disable the changing of this setting by non
> administrators
> of the computer. Furthermore, the low setting is not a recommended
> setting
> for Microsoft Office, so I do not want to recommend that to my customers.
> The problem can also be solved as well if the user changes their locale
> setting from the problem locale (for example, Norwegian) to another
> non-problem locale, such as U.S. English. However, this is not an
> acceptable
> solution to a user who does not speak English as their primary language.
>
> The problem does not seem to be related to non English versions of
> Microsoft
> Windows or non English versions of Microsoft Access. For example, if I
> use
> my development computer, which uses a U.S. English version of Windows XP
> with
> Office 2003, then I can reproduce the problem simply by switching my
> computer
> back and forth between U.S. English and Norwegian (Nynorsk). For example,
> if
> I digitally sign the database file when my own computer is configured with
> a
> locale set to a problem locale, such as Norwegian (Nynorsk), then I can
> open
> the Access 2003 database file on other computers and my own computer with
> no
> error messages as long as the computer is set to Norwegian (Nynorsk).
> However, if I then try to open the database file in another locale, such
> as
> U.S. English, then I begin to see the same error message that the users in
> other countries see.
> It seems to me that my only solution is to distribute versions of the
> Microsoft Access 2003 databases that have been digitally signed in each
> target locale. Since the distributed Access database files are 30MB in
> size,
> this is not practical to do with a single installation program. It is
> also
> error-prone and time-consuming.
> I tried the same process using Access 2007, which is not used by most of
> my
> users at present, and found the problem to be similar: Access 2007 will
> not
> open the Access database signed using a locale dissimilar from the
> current.
> However, Access 2007 does not even give as error message; it simply does
> not
> open the database file after I click on the OK command button in the File
> Open dialog.
>
> Has anyone heard of this problem? Is there a workaround?
>
> Thanks!
>

"Arvin Meyer [MVP]" <(E-Mail Removed)> wrote:

>I, unfortunately, cannot be of direct help for you on this issue, but I can
>suggest how to go about solving your problem. First, since it is a digital
>signature, it is a VeriSign problem, not a Microsoft one.

I don't think it is a VeriSign problem. This looks much more like a
MS problem. I don't know if the digital signing cares about the
locale. If I had a digital certificate myself I'd test it. Hmm,
actually you can make self signed certificates good only on your own
system for testing purposes.

Dan

Have you tried making your own self signed certificate and testing
that?

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
Granite Fleet Manager http://www.granitefleet.com/

"Arvin Meyer [MVP]" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> since it is a digital
> signature, it is a VeriSign problem, not a Microsoft one.

I beg to differ. MS is the one who implemented such a stupid (and
expensive) faux security system.

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/

"Tony Toews [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Arvin Meyer [MVP]" <(E-Mail Removed)> wrote:
>
>>I, unfortunately, cannot be of direct help for you on this issue, but I
>>can
>>suggest how to go about solving your problem. First, since it is a digital
>>signature, it is a VeriSign problem, not a Microsoft one.
>
> I don't think it is a VeriSign problem. This looks much more like a
> MS problem.

Read the third paragraph of Dan's very careful analysis of the problem. It
seems to me that the certificate is not properly recognizing certain
locales, and when built in those locals, it works, but not in the original
locale. The locales can remain stable, but the certificate creation changes.
I would think that it would be a VeriSign problem because the certificate
itself is not being correctly recognized.

> I don't know if the digital signing cares about the
> locale. If I had a digital certificate myself I'd test it. Hmm,
> actually you can make self signed certificates good only on your own
> system for testing purposes.
>
> Dan
>
> Have you tried making your own self signed certificate and testing
> that?

I don't think that self-signed certificates are authenticated by VeriSign,
and the process is different anyway, so I'm not sure that would help.
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.mvps.org/access
http://www.accessmvp.com

"David W. Fenton" <(E-Mail Removed)> wrote in message
news:Xns9C54BE9F67EEf99a49ed1d0c49c5bbb2@74.209.136.90...
> "Arvin Meyer [MVP]" <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>> since it is a digital
>> signature, it is a VeriSign problem, not a Microsoft one.
>
> I beg to differ. MS is the one who implemented such a stupid (and
> expensive) faux security system.

I don't think that the origin is the issue here, but be that as it may, it
won't be solved by complaining about it. It seems to me, a hotfix may be
needed, but first the exact cause of the problem needs to be identified.
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.mvps.org/access
http://www.accessmvp.com

Anyone know how to correct Windows Defender Error 0x800106ba. I went to
Microsoft.com and tried no luck. Thank you.
"Dan Sabin" <Dan (E-Mail Removed)> wrote in message
news:17ADD05C-D003-4F99-8987-(E-Mail Removed)...
> As part of my software application, I distribute Microsoft Access 2003 MDB
> database files. I digitally sign the VBA project in each file using a
> VeriSign Class 3 Code Signing Certificate that is valid until November 1,
> 2009. I sign the Access database file with my computer’s locale setting
> set
> to U.S. English.
> The distributed Access database files can be opened fine on my customer’s
> computers in the U.S., English Canada, French Canada, Hong Kong, Macau,
> Brazil, the U.K., New Zealand, Australia, Colombia, Iceland, Poland,
> Germany,
> Thailand, and China. These users can open the application with their
> Macro
> Security Level set to Low, Medium, or High. This security level is the
> setting that you can change by using the Access 2003 menu command
> Tools|Macro|Security.
>
> However, the users in Norway, Denmark, Finland, Croatia, Sweden, and
> Slovenia have told me that they see this error message on their computers
> when they have their Macro Automation Security Level set to Medium or
> High:
> “Microsoft Office Access cannot open <database name> due to security
> restrictions. Security settings restrict access to the file because it is
> not
> digitally signed.” This error message is appearing even though the Access
> database file is still signed.
> The problem can be solved for these users if they drop their Macro
> Security
> Level to the low setting. However, this setting cannot be changed for any
> users who operate their computer in an enterprise environment where the IT
> administrator can disable the changing of this setting by non
> administrators
> of the computer. Furthermore, the low setting is not a recommended
> setting
> for Microsoft Office, so I do not want to recommend that to my customers.
> The problem can also be solved as well if the user changes their locale
> setting from the problem locale (for example, Norwegian) to another
> non-problem locale, such as U.S. English. However, this is not an
> acceptable
> solution to a user who does not speak English as their primary language.
>
> The problem does not seem to be related to non English versions of
> Microsoft
> Windows or non English versions of Microsoft Access. For example, if I
> use
> my development computer, which uses a U.S. English version of Windows XP
> with
> Office 2003, then I can reproduce the problem simply by switching my
> computer
> back and forth between U.S. English and Norwegian (Nynorsk). For example,
> if
> I digitally sign the database file when my own computer is configured with
> a
> locale set to a problem locale, such as Norwegian (Nynorsk), then I can
> open
> the Access 2003 database file on other computers and my own computer with
> no
> error messages as long as the computer is set to Norwegian (Nynorsk).
> However, if I then try to open the database file in another locale, such
> as
> U.S. English, then I begin to see the same error message that the users in
> other countries see.
> It seems to me that my only solution is to distribute versions of the
> Microsoft Access 2003 databases that have been digitally signed in each
> target locale. Since the distributed Access database files are 30MB in
> size,
> this is not practical to do with a single installation program. It is
> also
> error-prone and time-consuming.
> I tried the same process using Access 2007, which is not used by most of
> my
> users at present, and found the problem to be similar: Access 2007 will
> not
> open the Access database signed using a locale dissimilar from the
> current.
> However, Access 2007 does not even give as error message; it simply does
> not
> open the database file after I click on the OK command button in the File
> Open dialog.
>
> Has anyone heard of this problem? Is there a workaround?
>
> Thanks!
>