'winload.exe' Windows cannot verify the digital signature for this file

Ryzaar

Member
EDIT: Windows is installed on my C:\ drive, however when running the command bcdedit /store C:\Boot\BCD\, I get 'The system cannot find the file specified.'
If, however, I run that same script for my D:\ drive, the Windows Boot Manager and Boot Loader appear (however they are labelled with partition=C: and whatnot). What's the go here?

EDIT2: I think the OS is installed on C:\ but all the boot stuff is on D:\... If I follow the guide in the link below, should I change any of the C:\ or D:\'s???

I followed the steps outlined here: http://neosmart.net/wiki/display/EBCD/Recovering+the+Windows+Bootloader+from+the+DVD to fix an error I previously encountered:
Status: 0xc000000e
Info: The boot selection failed because a required device is inaccessible.

However now I get the error 0xc0000428 'Windows cannot verify the digital signature for this file.' - \Windows\system32\winload.exe. From here, I am given the option to 'investigate further' by pressing ENTER, which display the boot menu. If I proceed, it shows one option - 'Microsoft Windows'. It states down the bottom that pressing F8 will provide me with more advanced options for my selection, however it only brings me back to the winload.exe error screen.

I have tried using the startup repair on my Win7 Recovery Disk, but returns the following error at the end:

Root cause found:
----------------------
Boot Manager failed to find OS loader.

Repair action: File repair
Result: Failed. Error code 0x490
Time taken = 4774 ms

Repair action: Boot configuration data store repair
Result: Failed. Error code 0x490
Time taken = 62 ms

Other things I have tried:

1. Tried disabling integrity checks

X:\windows\system32>bcdedit.exe /set nointegritychecks ON
An error occurred while attempting to reference the specified entry.
The system cannot find the file specified.

2. Checked the contents of the boot CD. Files found:
bcd
boot.sdi
bootfix.bin

This seemed odd when compared to this:
53600d1251414836-mbr-restore-windows-7-master-boot-record-mbr_18a.png


3. bootsect /nt60 SYS /mbr > Command prompt returned success messages, but no changes as far as boot up is concerned.

4. System scan

X:\windows\system32>sfc /SCANNOW /OFFBOOTDIR=c:\ /OFFWINDIR=c:\windows

Beginning system scan. This process will take some time.

Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log
 
Last edited:
How do I go about deleting the BOOTMGR file?

I made some sort of progress. Windows is now defaulting to the inbuilt startup repair option, rather than me having to boot it off my repair disc. However, I still get the same problem with the startup recovery "Boot Manager failed to find OS Loader"

I ran the following in the command prompt: bcdedit /set {default} recoveryenabled No

Which turned off the automatic start up repair, but that just brings me back to the winload.exe error I started with.
 
I am triing to set up a multiboot config using Windows 8 CP. I have two Win 7 installations booting from a VHD each (still running fine). Both VHD'S are located on first drive which is an SSD. With EasyBCD I added a third entry pointing to another VHD (on a different disk ). This VHD was created with Virtualbox, then I installed W8 CP on it and it ran fine in Virtualbox. Finally I "syspreped" this installation. The new entry in BCD points to this VHD and should boot into W8. The boot menu appears like before and I still can start both of the W7 installs, but when I choose the W8 install, I ran into that "0xc0000428 'Windows cannot verify the digital signature for this file.' - \Windows\system32\winload.exe" error - ending in the same loop as the starter of this thread. Before I try to delete bootmgr (which one - W8 on VHD or W7 on SSD ?) I wonder which repairtool to apply ? W8 or W7 ? Has anybody tried a VHD boot of W8 ?
 
I am triing to set up a multiboot config using Windows 8 CP. I have two Win 7 installations booting from a VHD each (still running fine). Both VHD'S are located on first drive which is an SSD. With EasyBCD I added a third entry pointing to another VHD (on a different disk ). This VHD was created with Virtualbox, then I installed W8 CP on it and it ran fine in Virtualbox. Finally I "syspreped" this installation. The new entry in BCD points to this VHD and should boot into W8. The boot menu appears like before and I still can start both of the W7 installs, but when I choose the W8 install, I ran into that "0xc0000428 'Windows cannot verify the digital signature for this file.' - \Windows\system32\winload.exe" error - ending in the same loop as the starter of this thread. Before I try to delete bootmgr (which one - W8 on VHD or W7 on SSD ?) I wonder which repairtool to apply ? W8 or W7 ? Has anybody tried a VHD boot of W8 ?

I haven't tried a VHD boot of W8, but I did install W8 after W7 in a manner that gave me the same error.

I just renamed the W7 bootmgr bootmgr.old for safekeeping, then copied the W8 bootmgr and BOOTNXT files to the W7 system partition. (What are system partitions and boot partitions)

I guess in your case you need to copy the files into your VHD on the active partition or wherever the bootmgr called by the VBR is located.

My problem was created when I made a W8 install media UFD, changed BIOS HDD order to install and back again, then restored a GRUB2 MBR, then booted to the W8 install media to recreate the BCD on the W7 side. EasyBCD helped with the BCD tweaks, but I was still left with no W8 boot until I copied those files.

Anyway, it appears the bootmgr looks for a particular digital signature for winload.exe, so if you install a newer Windows version but somehow do it in a way that circumvents the new Windows installer from copying the system files to the system partition, you will be using an old bootmgr that doesn't know the signature of your new winload.exe.

Windows/System32/bcdboot.exe in your NEW Windows install should be able to transfer the appropriate files to the system volume on your active partition, but I haven't tried it. In your case I guess it wouldn't work anyway due to the VHD method.
 
Last edited:
Hi guys,
I'm new to this site but know a bit about computers and general electronics, but recently had this problem with the file winload.exe etc etc... but found a solution. This is what I did:

I borrowed a friends windows 7 laptop that was the same as the laptop I had (both 64bit) and copied his version of winload.exe from C:\Windows\System32 and put it onto a memory stick.

I then downloaded a copy of Ubuntu 11.04 64bit from his laptop and burnt it to a DVD.

Boot into the copy of Ubuntu and used the try now option without installing.

I inserted the memory stick into the laptop and deleted my copy of winload.exe from the local hard drive, once again in C:\Windows\System32\

I then copied the version of winload.exe from my memory stick to C:\Windows\System32 and reboot after I removed the DVD and memory stick, windows then loaded and opened up to the login screen

Sorry that my post was a long one but it worked for me and hope it will work for anyone else who is having troubles.
 
The problem is that an older bootmgr cannot recognize a newer winload as genuine.
Being backward compatible, a newer bootmgr does recognize and accept the validity of an older winload.
What you appear to have done is downgrade your Winload, which could have unintended consequences, as it will no longer perform whatever upgraded functions were included.
What you should have done was upgrade your bootmgr by copying the newer version from the system which had the "invalid" winload signature.
 
Terry fixed it for me...

My situation: I installed Win 8 as a dual boot with Win 7 using a flash drive. For some reason, on this notebook, the Win 8 install process did not create that nice Windows 8 boot manager. All that would happen instead is after Win 8 install completed it's first go-around, machine would reboot, but directly into Windows 7 again. No manner of reinstalls, BIOS settings whatever would get me out of this loop.

Finally I used EasyBCD 2.2 to add the Win 8 "E" drive to the boot menu. Ok that worked, but upon trying to boot into Win 8 from the boot menu, then I got that message 0xc000428 which *****ed about the digital signature on winload.exe in the E drive. Landing on this forum page after MUCH googling, I looked into Terry's post just preceeding this one. Indeed I observed that my flash drive with Win 8 RTM had a July 2012 bootmgr file, but the hidden file bootmgr on the boot sector (not C drive, but the 100MB partition at the start of my only physical drive) had a 2010 date on it, which was consistent with Terry's comment above, and must have been put there with the Win 7 install at the factory in 2010.

But how to copy? Windows would not let me overwrite the file. Answer is simple. copied from another site on how to rename hidden files in the DOS system repair CMD window.
-------------------
> c: (change to C drive which, in the Repair console CMD window mounts as C: ... but the Windows "C" drive really mounts to "D" drive in the Repair CMD console.)

> attrib bootmgr -r -h -s (make bootmgr attrib so that you can rename)


> ren bootmgr bootmgr.old

> copy e:\bootmgr c:\bootmgr ( "e" drive is my flash USB with the Win 8 install)

> attrib bootmgr +r +h +s (make bootmgr hidden and system file once again)

-----------------

I did this, exit the DOS window, rebooted, and voila... my Win 8 install proceeded to complete the 2nd and 3rd round of reboot/install and now Win 8 is there nice and clean.

Why WIn 8 was unable to put the proper Win 8 boot loader menu on the boot partition is still a mystery, but at least I am able to boot both OSs now, even if the boot menu is not as nice as the Win 8 boot menu.

Thanks Terry!
 
Last edited:
Thx

Thx Terry and tzo!!!
I copied bootmgr file easier with Ubuntu 11.10 CD (try session) from windows 8 partitution to system reserved partitution and after reboot it works!
The searching for bootmgr files was so much easier with Ubuntu.
Thx a lot!!! And now I have to dance ...
 
Thanks from me too! Your theoretical explanation plus the walkthrough have proven precious to solve the problem I had. I was trying to boot windows 8.1 Preview from win7 bootloader w/ EasyBCD. Ofc I solved replacing bootmgr and bootnxt from win8.1 to win7 (after backing up those files) and it worked like a charm! I think you two won the Internet, boys.
 
This will replace the failing boot entry:

bcdboot d:\windows /addlast

from the newer OS repair command prompt where d:windows is the OS , and you're done.
 
If anyone still runs into this issue I'll share how I fixed it, the core of the problem is the "winload.exe" file, so delete & replace it. In Win7 recovery disk CMD type the following commands:

1. D: (adjust this to wherever your copy of 7 is located)
2. cd \Windows\System32
3. del winload.exe
4. copy "winload~1.exe" winload.exe
5. exit

This did the trick for me after days of searching, this happened after a failed Win7 update & is quite common as i found out. I hope this helps somebody. :yum:

Edit: !RAU! has it right, replace winload.exe, what he did was get a fresh copy of another installation, but you can skip that process since Windows already has a fresh winload file to replace, just follow the above commands and it should get replaced by the new winload without getting it somewhere else
 
See post #8
Replacing winload with an older version is not the way to go.
Replace bootmgr on the older OS with the version from the new OS (this happens automatically if you install the new OS with the old OS visible to Setup and the Inv Dig Sig problem doesn't occur))
The problem is an older bootmgr not recognizing a newer winload. Better to have the newer version of both not the older versions.
It might appear to work, but you never know what new security features you have effectively removed from the boot process.
 
I attempted to follow these steps, but I did not manage to fix the issue. It was caused intentionally as I wanted to clone my hard drive to a RAID array on a third party controller card, and I wanted to abandon the boot partition from my original installation as I only wanted to use one primary partition on my clone. There is a name for this procedure as it makes the partition easier to copy here and there onto other hard drives if you ever need to migrate to new hardware. Anyways, I kept being left with the "Windows cannot verify the digital signature for this file" whenever attempting to boot from the clone, after pulling the original hard drive from the computer. Windows was searching for a valid copy of bootmgr, and could only find a valid one from the original 100mb boot partition, regardless if I did or did not include it in the clone.

Here are the steps I took to get it to work, where I no longer needed the original disk and was able to boot in windows:

Clone operating system partition to new partition on a new disk (leave the boot partition out)
Reboot and change your boot priority to start off of the cloned hard drive first, save BIOS settings and reboot with windows boot CD in tray.

Press a key to Boot on Windows 7 CD when prompted.
Select repair computer (have driver USB stick if needed, browse to this location and select the right inf file when required to do so)
Do not auto-repair and do not select restore, select Command Prompt.

(MAKE SURE YOU USE CORRECT CLONED DRIVE LOCATION FOR BELOW STEPS!, You do not want to accidentally change your original Disk)
Enter these DOS commands: Comments in brackets.

diskpart
list disk
select disk # (disk number of the disk you cloned to, which was displayed with the list command)
list partition
select partition # (Should be 1, as you only have one partition now)
Active (To make partition active)
Assign (to assign drive letter C:/. Make sure no USB sticks are in, or it will mess up drive letters)
exit (exits and saves partition manager)

cd boot
del bcd (Old BCD is invalid, just delete it as we need to create a new one. You may back it up by creating a copy if you want to, but it is a cloned disk, so who cares)
cd ..\
bcdboot c:\windows (place where to find your new operating system, as no boot partition, needs this new assignment.)
bootrec /rebuildbcd (Enter capital Y to select your new windows location. This command writes the new /boot/bcd file. If it says operating system found 0, then you missed something!!)
Exit​
Now change bios boot order to boot from original copy of windows, save settings and reboot.

Install unlocker (available on web for free)

Browse to your clone operating system with windows explorer (No, NOT INTERNET EXPLORER!!)

Change your view settings in windows to view operating system files (look up proceedure online, Windows hides these options)

Backup the bootmgr file on the cloned drive. If it does not exist, skip to copying bootmgr (next step). Copy the bootmgr file from the root of your cloned hard drive to a temporary folder, name the folder what you like. Right mouseclick on the bootmgr file in root and select unlocker. Select delete with unlocker (Yes this is the only way you can delete it)

Copy original bootmgr to your clone. To do this, manually run diskmgmt.msc (from search box or via run box if you have enabled it, or access it via control panel) right mouseclick on the boot partition (the 100mb one) and choose add drive letter. Any letter will do. Browse to that drive letter and copy the original bootmgr file and paste it onto the root of your cloned drive.

Restart your computer.
Change boot priority to the cloned hard drive (Yes the one without the silly partition the original one had)
Save settings, reboot, start windows.​
Now you can format your old hard drive and use it like you wish. Cloning windows again from this single partition will never cause issues like you originally had.
Now I missed a few steps with respect to using the /fixmbr and the /fixboot command parameters for bootrec as I was under the impression that these commands undo the partitioning we did with diskpart.
Gosh, wish it was easier, but it was not. I did something out of the norm, which I always do, and now I am left with something more portable and easier to clone or copy.
There are several different ways I attempted to clone, with Ghost, Easeus Partition Guru and AOMEI Partition Assistant, and none were able to create a boot-able clone, not even a boot-able clone with the extra boot partition. Took me several days to "trial and error" this one until I found something that actually worked.

I hope someone else may benefit from my findings.
 
Last edited:
Hi James,

Thanks for sharing that info. We have instructions on manual reset/recovery of the BCD bootloader from a bootable environment in our wiki here: http:/j.mp/BcdRepair - - I'm not sure if you came across that link during your ordeal?

Also, Easy Recovery Essentials for Windows will fully automate the entire repair procedure behind a user-friendly and single-click UI. I'll be happy to throw a free copy your way as a thank you for the time you took to write that post, if you like. You can see for yourself that it takes care of pretty much all BCD/bootmgr errors.
 
I did see that BCDrepair post. I followed the directions and it never resolved the issue. However I did manage to use parts of the instructions with bits from other posts to gather up a sensible way of remedying the issue. I am uncertain if amending the article would apply as I was doing something out of the scope of what normal people do. The key in my repair post was the manual deletion of bootmgr and replacing it with the original one from the hidden partition on the source disk. This seemed to do the trick.

Some people would be more than willing to chance a third party tool to fix an issue automatically for them. As for your pitch to use ERE for Windows, twice I was there, and was prompted with a page asking for money. I am prepared to speak privately regarding this as I do not want to be off-topic here.
 
Last edited:
Hi James,

I received your private message and have replied; but back to the topic at hand: comparing the instructions in your post with our wiki instructions on repairing the BCD, I would venture a guess and say that it's the diskpart step that sets the active partition that was missing in your case.

Unfortunately fixing boot problems is a lot like a game of whack-a-mole, you fix one issue and ten others come up. It becomes really hard to document in a tutorial format steps that users should try to get their PC working again since each potential fix could lead down a gopher tunnel with a thousand gotchas. EasyRE works around that by actually simulating the OS boot in-memory, duplicating the behavior of the BIOS/UEFI "POST" and following the boot chain, trying to find discrepancies to repair as it goes along. It's a bit unusual for users to lose their active partition these days, barring disk cloning or manual data copy. Back in the XP days before UAC and the sector-based protections Microsoft stipulated preventing direct access to the MBR and partition structures on-disk without elevated access tokens, it was a lot more often.

What I find odd about your case is that you were getting winload.exe signature verification error, which isn't actually a symptom of a missing active partition. If you refer to our breakdown of the PC boot process, you'll see that the active partition is required for the PC to load bootmgr (which is what searches for and attempts to load winload.exe - and, in your case, throws the verification error). What could have happened is that you had two disks plugged in and the second disk was being loaded because there was no active partition on the first, or that you had a previous boot partition that was marked as active but had an invalid bcd configuration, and when you marked a different partition as active that allowed a new (and working) BCD to be installed to that partition, resolving the error.

You can see what I mean about a single problem devolving into a nightmare chain of scenarios that each have a different resolution, making it really hard to put it all down on paper. Our best advice is always to read about how the PC boot process actually happens, and then try to analyze where in the chain your system is failing.
 
Back
Top