What Did My Manifest Do: A Referral Was Returned from the Server

September 2, 2010

one comment

The UAC section of an application’s manifest contains two simple settings under the <requestedExecutionLevel> element of the <requestedPrivileges> node:

  • level – asInvoker, requireAdministrator, or highestAvailable. This setting controls whether the application will require elevation before it runs.
  • uiAccess – true or false. This setting determines whether the application will exempt from UIPI rules introduced as part of the Windows Integrity Mechanism.

If you really need the uiAccess element (and you should be really convinced that you understand why you need it before proceeding), then your application must be signed, and by default, must reside in one of the secure locations, namely \Program Files, \Windows\system32, or \Program Files (x86).

This latter setting can be changed through group policy (see the screenshot below), but there’s no way to circumvent the certificate verification.


If your application doesn’t comply with these requirements but the manifest still contains the uiAccess=true setting, your process will fail to launch with the cryptic “A referral was returned from the server” error message:


This isn’t the friendliest way of saying that there’s something wrong with your UAC manifest setting, but that’s why I’m writing this post.

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


one comment

  1. NotImportantApril 11, 2016 ב 5:00 PM

    Thanks! This is the only useful post about this error I found on the internet. And it finally solved my problem. Please keep on posting stuff like that! o)