ICE Validation Rules and Best Practices

ICE a.k.a Internal Consistency Evaluators are a set of rules created by Microsoft to help validate a Windows Installer package. ICE rules check the integrity of the package as well as ensure that the Windows Installer best practices were followed when creating an MSI package.

ICE Rules are stored in files with .Cub extension. For example, darice.cub, shipped by Microsoft, contains all the standard ICE rules that can be run on your package. A .cub file is nothing but a database, just like your MSI package and can be edited in Orca. ICE rules behind the scenes are basically Custom Actions that are run on the MSI package during the ICE Validation process. You can create your own Custom ICE rules to suit your organization’s needs.

You can ICE Validate your MSI package with pretty much any tool that allows you to create an MSI package e.g. Flexera AdminStudio, Wise Package Studio or Orca.

ICE Validation Best Practices

In many cases, ICE warnings are best practices not followed and ICE errors are issues that can cause the application to not work properly e.g. ICE09 is a warning that states “A component being installed to the Windows Folder is not marked as Permanent” and ICE38 is an Error that states “The Component ‘CompName’ installs to the User Profile. Its key path registry key must fall under HKCU”. If you do not fix the ICE09 warning, setup will attempt to uninstall a component installed in the Windows Folder. However, if the component is protected by Windows File Protection, it will not be touched by the MSI package, so the repercussion of not fixing an ICE Warning in some cases is not that bad. However, in the case on ICE38, if you do not fix it, then subsequent users logging in on the machine will more than likely not get the user profile data being installed by the MSI package. Thus it is recommended that you always fix any ICE Errors. ICE Warnings in some cases can be ignored.

When creating a Transform to a Vendor MSI package, be sure that your transform does not introduce ICE Errors or warnings in the package. InstallShield Tuner allows you to pre-validate & post-validate a Windows Installer package when creating a transform. This allows a packager to determine if an ICE error or warning was prevalent in the package or introduced by the transform. It is recommended that only ICEs introduced by a Transform be fixed. You should not fix Vendor package’s preexisting ICE Errors or warnings. Doing so may break the logic used in the vendor package.

Most Common ICEs found in repackaged applications

  • ICE33– If you repackage an installation with any version of Installshield AdminStudio, you will most certainly see ICE33. This ICE is caused by the fact that repackager adds COM related information into the registry table as supposed to the Microsoft recommended Class ID, Prog ID and Type Lib tables. This Error can safely be ignored as the application should work properly as your COM information will be registered via the Registry table.
  • ICE64– This ICE warns about directories created under the User Profile folder not being specified in the RemoveFile table. So, for example, if your MSI package contains [AppDataFolder]mydir or [PersonalFolder]mysubfolder, ensure that ‘mydir’ & ‘mysubfolder’ are specified in the RemoveFile table. Doing so will ensure that they get removed at uninstallation time.
  • ICE57– If you have a component in your MSI package that contains both per-user & per-machine data e.g if the component is installing a file to [AppDataFolder] and also contains a registry key being installed under HKLM. you can expect to see this Error/Warning. The ideal thing to do is separate User data from machine data into separate components. Anytime you have a component that is installing to a User Profile directory, make sure that the component does not contain a key file. This component should instead have a key path. This component should contain a registry key under the HKCU hive, set as the key path. If your MSI package does not contain any registry keys under HKCU hive, create a dummy key to ensure that your user profile data is installed properly for subsequent user logging on the machine.
  • ICE50– This ICE usually occurs when your installation tool is unable to extract icon from the Icon file specified in the shortcut. Sometimes InstallShield Editor displays this error. The best way to work around it is to specify an Exe or different ico file in the shortcut to extract the icon from.

Microsoft has released about 100+ ICE Errors / Warnings and it is not possible to list them all. However if you have any specific ICE Error or warnings that you are looking for, please comment about it and I will try to blog it. More information on ICE Reference can found at

Leave A Reply

Your email address will not be published. Required fields are marked *

This is a demo store for testing purposes — no orders shall be fulfilled. Dismiss