You may experience an ‘Installation did not Succeed’ error when installing newer versions of the dot net framework and other runtimes such as Microsoft Visual C++ in Windows 7.
In most cases, such as with .NET framework 4.8 and 4.7.2, Windows 7 SP1 is the minimum-supported OS. However, you may still experience installation errors even with this service pack installed.
The exact cause of this error is related to the certificate used to digitally sign the software, hence the error message: “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.“
Some tutorials online recommend installing the MicrosoftRootCertificateAuthority2011.cer certificate to fix this error. Based on my experience, this did not solve the error since this particular certificate expired in 2021.
It may have worked before then, but currently it does little to remedy installation. Instead, you may as I did, get another error: “The timestamp signature and/or certificate could not be verified or is malformed.” if you try installing the runtime after installing the certificate.
The real culprit behind this error is not actually the certificate but related to the fact the Windows 7 no longer receives updates. You see the new runtimes are being digitally signed using certificates using SHA-2 hash, which Windows 7 doesn’t support as it only shipped with support for the now retired SHA-1 certificates.
Fortunately, you can fix the issue by installing the necessary updates manually. Here’s how to go about it.
How to Install SHA-2 Code Signing Support Updates
As explained in this Microsoft article, you need to enable SHA-2 Code signing support by installing the following updates:
The above updates apply to those running Windows 7 SP1 or Windows Server 2008 R2 SP1. For Windows Server 2008 SP2 you’ll need to install:
The above links will take you to the Microsoft Catalog page for the respective update. You’ll need to download the correct package for your OS and architecture (x86/32-bit or x64/64-bit.)
Each package comes in a standalone MSU file. To install you only need to double-click on the file and Windows update will install it. Make sure the Windows Update service is not disabled, otherwise the updates will not install.
Once you’re done installing the updates, restart your computer and try installing the runtime again. They should work this time round.