What does “A referral was returned from the server” on Windows mean?

It turns out, it can mean the binary you are running has a bad certificate.

Bust this.

I downloaded the latest insider preview for the Windows 10 ADK.

Then I simply wanted to capture a trace…

Ok…so, weird? So I launch a command prompt, try it that way, (WPR works fine, just no UI btw).


So I procmon’d it. ‘Cause, “when in doubt, procmon

Why is WPRUI.exe being scanned heavily by Defender? What gives?

Ok, and what is BAM.sys? Exactly?

So, I did some searching, and someone noticed if they get this error “A referral was returned from the server” it meant digital sigs were busted… so I checked. Surely Microsoft didn’t ship a binary with a bad cert…right?


So that’s a quick and dirty “Why the hell is this happening” brought to you by the dude.

Alois Kraus also mentioned to me you can work around this by doing a regedit:

“A quick and dirty fix is to disable the check: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Open “ValidateAdminCodeSignatures” and set “Value data” to “0“



Leave a Reply