Error “A referral was returned from the server” when running a program

When you run a program elevated, the following error may occur:

A referral was returned from the server

uac elevate unsigned files error referral

Cause

The above error occurs if a policy setting prevents unsigned executables from running elevated.

The relevant GPO setting is “User Account Control: Only elevate executable files that are signed and validated”. It’s disabled by default.

When the above setting is enabled, only signed and validated executables are allowed to run elevated on your computer. The error “A referral was returned from the server” appears when running an unsigned executable elevated.

Resolution

To resolve this issue, disable the above policy setting using one of these methods:

Option 1: Using Regedit.exe

Start Regedit.exe and go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Double-click ValidateAdminCodeSignatures and set its data to 0

Exit the Registry Editor.

No restart should be required.


Option 2: Using the Group Policy Editor

If you’re using Professional edition and higher, launch gpedit.msc to open the local group policy editor.



Go to the following node:

 Computer Configuration → Windows Settings → Security Settings → Local Policies → Security Options

Set “User Account Control: Only elevate executables that are signed and validated” to Disabled.


More Information

User Account Control: Only elevate executable files that are signed and validated.

This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.

The options are:

  • Enabled: Enforces the PKI certification path validation for a given executable file before it is permitted to run.
  • Disabled: (Default) Does not enforce PKI certification path validation before a given executable file is permitted to run.

I hope the above information helps.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

Leave a Comment